Scribd
Upload
31 views17 pages

Network Analysis With Wireshark

Uploaded by

manjulam.csi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views17 pages

Network Analysis With Wireshark

Uploaded by

manjulam.csi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Cybersecurity Lab Report – 04

Network Analysis with Wireshark


step1)

wireshark -i lo
CONVERSATIONS( forwarding devices involved)

Ethernet address of the devices involved


Flow graph

IO GRAPH
FILTERING BASED ON THE RESPONSE CODES
HTTPSTREAM
Wireshark is a powerful packet-sniffing tool used to capture, analyze, and filter network packets. It
allows us to view details such as the protocols in use, packet contents, payloads, and even user
credentials if transmitted.

Step 1: Initial Setup and Observing Packet Color Coding

1. Launching Wireshark on the Loopback Interface:

o The command wireshark -i lo was used to start Wireshark on the loopback interface.

o Nmap commands such as -sU and -sT were executed to generate UDP and TCP
packets. Additionally, ICMP traffic was created using ping commands.

o Observations:

▪ UDP packets appeared in gray.

▪ ICMP packets were green.

▪ Red packets indicated RST (reset) or violations.

o The captured data also illustrated the three-way handshake process.

2. Launching Wireshark on the Ethernet Interface:

o Wireshark was started on the Ethernet interface using wireshark -i eth0.

o During a browser search for bmsce.ac.in, DNS queries were sent.

o Observations:

▪ DNS packets were represented in blue.

This experiment provided insight into the color-coding system used by Wireshark to represent
different protocols.

Packet Filtering

Wireshark’s filtering capabilities allow us to isolate specific packets based on criteria such as IP
addresses, ports, and protocols.

1. Filters Applied:

o To isolate packets related to IP 192.168.1.107:

▪ ip.addr==192.168.1.107

o To view TCP packets involving port 80:

▪ tcp.port==80

o To filter packets where 192.168.1.107 was the source:


▪ ip.src==192.168.1.107

o To filter packets where 192.168.1.107 was the destination:

▪ ip.dst==192.168.1.107

o To filter UDP packets with a length of less than 100:

▪ udp.length<100

o To isolate UDP packets for a specific port:

▪ udp.port==<port>

o To find packets with the ACK flag set:

▪ tcp.flags.ack

o To filter HTTP packets:

▪ http

This demonstrated Wireshark's ability to narrow down packet analysis efficiently.

Protocol Hierarchy and Advanced Analysis

1. Protocol Hierarchy:

o Navigated to Statistics > Protocol Hierarchy to view the distribution of protocols


used in the captured traffic.

2. Conversations:

o Used the Conversations feature to identify forwarding devices involved, their


Ethernet addresses, and the traffic between them.

3. Flow Graph and I/O Graph:

o Generated flow graphs and input/output graphs to visualize data exchanges and
traffic patterns.

Packet Analysis: HTTP POST Request

1. Identified a packet containing a POST request (4th packet from the end).

2. Delved into the application layer and discovered the user was attempting to add information
to the /userinfo.php page.

o The captured packet revealed login parameters:

▪ uname="test"
▪ pass="test"

3. Used the Follow option to analyze streams:

o Follow TCP Stream and Follow HTTP Stream were used to examine the complete
transaction.

Packet Analysis: FTP Traffic

1. Setup and Traffic Generation:

o Installed the VSFTPD server using:

▪ sudo apt-get install vsftpd

▪ sudo service vsftpd start

o Created a user with a password and logged in to the FTP server.

o Generated traffic by sending a file via FTP.

2. Analysis:

o Captured traffic on the loopback interface using Wireshark.

o Observations:

▪ Since FTP transmits data in plaintext, username, password, file names, and
data were visible.

▪ Files being transferred could be downloaded using Export Objects >


FTP-Data.

o Commands for further analysis:

▪ To view successful logins: ftp.response.code==230

▪ To view failed login attempts: ftp.response.code==530

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy