Scribd
Upload
14 views10 pages

DCN Lab 04 - Wireshark

Uploaded by

i222153
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views10 pages

DCN Lab 04 - Wireshark

Uploaded by

i222153
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Data Communication and Network

(EL-2007)
LABORATORY MANUAL
Fall 2024

(LAB# 04)
Packet Capturing and Analysis
Dr. Aamer Hafeez

Student Name: Abdullah Ali

Roll No: 22i-2153

Date: Sep 11,2024

_______________________________
LAB ENGINEER SIGNATURE & DATE

MARKS AWARDED: /10

DCN LAB NUCES, ISLAMABAD Page 1 of 10


LAB 04 Packet Capturing and Analysis

Objective

• Introduction to Packet Capturing/Sniffing using Wireshark


• Analyzing packet contents

Introduction
The basic tool for observing the messages exchanged between executing protocol entities is
called a packet sniffer. As the name suggests, a packet sniffer captures (“sniffs”) messages being
sent/received from/by your computer. A packet sniffer is:

• Passive in nature
• Observes messages being sent and received by applications and protocols
• Never sends packet itself
• Packets are never addressed to the sniffer
• It only receives a copy of packet

Packet Analyzer “Wireshark”


We will be using Wireshark as the tool to analyze packets.

Following figure shows the main window of the Wireshark tool.

To start capturing the packets, you need to select a network connection. Select appropriate
connection on your machine which is currently connected to a network/internet.

Select the active interface and hit the ‘Start” button to start capturing the packets. Once packet
capture is started, you can see the activity going on in the Wireshark window as shown below:

DCN LAB NUCES, ISLAMABAD Page 2 of 10


Select any packet as shown in the capture to see its details. There are two windows to examine
the packet contents. The center window show the information as header vise, whereas the
bottom window shows the contents of the packet in hexadecimal and asci format.

Searching for desired packets:

The captured packets on the screen can be filtered based on any component according to your
requirements. For example, if we want to see only the packets with the ICMP protocol, we can
apply filters to that option. All the packets with ICMP as the protocol will only be displayed on
the screen, shown below:

DCN LAB NUCES, ISLAMABAD Page 3 of 10


Whenever we type any commands in the filter command box, it turns green if your command
is correct. It turns red if it is incorrect or the Wireshark does not recognize your command.

Example Filtering
ip.addr==10.0.10.142
tcp.port==443
tcp contains Facebook

Lab Tasks:
Task 01: ICMP

a. Start Wireshark, and ping any computer. Use filter to search for the ping packets in the
wireshark. If found, paste the snapshot below. Note that the ping uses the ICMP protocol

DCN LAB NUCES, ISLAMABAD Page 4 of 10


b. Find the source and destination IP addresses of these ping packets, and write them below
Packet# SourceIP DestinatinIP
38994 172.16.50.110 172.16.50.190
38995 172.16.50.190 172.16.50.110
39035 172.16.50.110 172.16.50.190
39036 172.16.50.190 172.16.50.110
Add more rows if required

c. Confirm if the IP addresses are of your computer, and the computer you are pinging to is
same as in the ping packet you have captured.

d. Find the source and destination MAC addresses of these ping packets, and find out whose
MAC addresses are these.

Address Resolution Protocol (ARP)

Typically, when two hosts are communicating, they already know each other’s IP address. They
can know each other’s IP address from a variety of methods: sometimes it is manually provided
by a user, sometimes by another protocol (often DNS).
However, what is definitely not known is their MAC addresses. The hosts will use ARP to discover
the appropriate MAC address. To put it another way, ARP will use the known IP address, and
discover the unknown MAC address. The discovered mapping is then added and stored in
an ARP Table, which is a mapping of IP addresses to correlating MAC addresses.

DCN LAB NUCES, ISLAMABAD Page 5 of 10


This is how the ARP works:

• When a Client is speaking to a host in the same network, it will ARP for the MAC address of
the host
• When a Client is speaking to a host in a different network, it will ARP for the MAC address of
the Default Gateway

ARP table:

An ARP table/cache is a collection of Address Resolution Protocol entries that are created when
an IP address is resolved to a MAC address. Every computer maintains this table based on the
communication it does with other computers on its network. To view this table on your
computer, run the following command.

> arp –a

DCN LAB NUCES, ISLAMABAD Page 6 of 10


Task02:

a. Run the above command to find the arp table at your computer. Paste the results over
here.

DCN LAB NUCES, ISLAMABAD Page 7 of 10


b. Now communicate to a computer whose entry is not present in the arp table by pinging
that computer. After the successful ping, now see if the arp table now contains that
entry or not. Write the IP address of the other computer, and show the new entry in the
updated arp table.

DCN LAB NUCES, ISLAMABAD Page 8 of 10


c. Use wireshark to capture the packets, filter out the ARP packets, and analyze them.
Write your analysis here.

Task 03: Select any other packet, and see what different information is provided in that packet.
List down that information below

DCN LAB NUCES, ISLAMABAD Page 9 of 10


Task 04: How many packets were captured. What kind of packets are captured? What are the
most common packets you can see in this list.

In this list we have ARP protocol packets who source and destination are present below.

DCN LAB NUCES, ISLAMABAD Page 10 of 10

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy