Wireshark

docx

School

Kennesaw State University *

*We aren’t endorsed by this school

Course

3423

Subject

Electrical Engineering

Date

Apr 3, 2024

Type

docx

Pages

Uploaded by amir0098

Wireshark Research Description: This lab requires that you do some “hands-on” research regarding the protocols used in the Wireshark captures provided to determine what is happening in the capture. For IT pros, research means going on the web and doing searches to determine how to use IT tools, such as Wireshark. Keep in mind that research and documentation is a big part of what you will do in the real world in your career. You will have to explain to others your findings and propose solutions. “Hands on” means using your brain, too! You may collaborate with other students in your class if you like, just make sure to turn in your own work. Use the capture files “Project Wireshark PCAP Files” in the Lab#5 Module in D2L (you will have to unzip the zip files to extract the individual capture files) to answer the following question . 1

Part I – HTTP 1. Review the first capture file (Project Part I-a) and determine what is happening with the HTTP traffic. a. Describe the traffic: what packets are involved and what is happening? (include source, destination, time of capture) i. Source 145.254.160.237 is accessing a webpage and downloading data. It’s requesting info from port 80 or HTTP. I also see a few google ads being sent through from the destination back to the source. They’re using a firefox browser.Take a screenshot of the actual packets within the capture file that you observed this behavior. 2

2. Review the second capture file (Project Part I-b) and determine what is happening with the HTTP traffic in this capture. c. How is the traffic different from the first capture? Describe the traffic: what packets are involved and what is happening? (Include source, destination, time of capture) i. Looks like source 192.168.1.140 is downloading an image from destination 174.143.213.184. The following conversation shows where the packets are being sent and confirmed. a. Take a screenshot of the actual packets within the capture file that you observed. 3

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Part II – PPP 3. Review the third capture file (Project Part II-a) and determine what is happening with the PPP traffic in this capture. a. Research one of the protocols relating to PPP and describe it here. i. PPP is Point-to-Point protocol that establishes and secures a tunnel for network traffic to travel. It uses encapsulation to encrypt the traffic over the web. b. Describe the traffic: what packets are involved and what is happening? (include source, destination, time of capture) i. Source cc:05:0e:88:00:00 has sent a Broadcast request looking for the correct destination to establish the link. ca:01:0e:88:00:06 has answered and extended an offer. The source requested the offer and the destination confirmed, which completed the handshake for PPP and began the session. All traffic moving forward is encapsulated. c. Take a screenshot of the actual packets within the capture file that you observed this behavior. 4

4. Review the third capture file (Project Part II-b) and determine what is happening with the PPP traffic that you are investigating in this capture. What else is involved? a. Research one of the protocols relating to PPP and describe it here. For wireless networks, Extensible Authentical Protocol, or EAP, extends the PPP authentication techniques. It covers a particular port that requires an authenticated username and password to access. d. Describe the traffic: what packets are involved and what is happening? (include source, destination, time of capture) i. This traffic is between two Cisco routers (only Cisco devices are allowed to use CDPCP). They are sending hello packets back and forth after establishing a connection (MD5 Challenge). They most likely use a routing protocol that needs a hello packet sent on a regular interval. e. Take a screenshot of the actual packets within the capture file that you observed this behavior. 5

5 .Review the third capture file (Project Part II-c) and determine what is happening with the PPP traffic in this capture. What else is involved? a. Research one of the protocols relating to PPP and describe it here. a. An insecure protocol called TELNET is used to virtually access a network device or computer. It enables network technicians to virtually "dial-in" and work on a computer, server, or other network equipment from another network. SSH should always be used because it's more secure. Describe the traffic: what packets are involved and what is happening? (Include source, destination, and time of capture) i. Source 191.1.13.1 has established a telnet session with destination 191.1.13.3 over PPP. b. Take a screenshot of the actual packets within the capture file that you observed this behavior. 6

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Part III – 802.11 6 .Review the first capture file (Nokia) and determine what is happening with the 802.11 traffic. Hint: use the Analyze/Conversation Filter d. Describe the traffic: what packets are involved and what is happening? (include source, destination, time of capture) e. Siemens_41:bd:6e appears to be broadcasting a WiFi SSID martinet3, which may be a WiFi extender. NokiaDan briefly connected to the SSID before disconnecting. Both during and after the contact, the Siemens gadget kept broadcasting. Take a screenshot of the actual packets within the capture file that you observed this behavior. 7

7 .Review the second capture file (wpa) and determine what is happening with the WPA traffic in this capture. (Password is “Induction”). Hint: Use Edit->preferences, Protocol IEEE 802.11, decryption with “Induction”); Look at the packets prior to and after decryption. Use this https://wiki.wireshark.org/HowToDecrypt802.11 . You are STILL required to answer the following questions in your own words and provide a screenshot! f. What do you different once you have decrypted the packets? What is decrypted and what is happening? (include source, destination, time of capture) The password must be entered before the decrypted packets can be seen. The IP address 192.168.0.50 visited Wikipedia and searched for the transcript of the SNL skit Landshark Candygram. h. Take a screenshot of the actual packets within the capture file that you observed. 8