CYB 205 Wireshark Fundamentals Lab Instructions

docx

School

Utica College *

*We aren’t endorsed by this school

Course

205

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

7

Uploaded by JusticeDangerWolverine42

Report
WIRESHARK FUNDAMENTALS
Table of Contents Download and Install Wireshark ......................................................................................................... 2 Start Wireshark ..................................................................................................................................... 2 Beginning a Wireshark Capture ........................................................................................................... 2 Understanding the Wireshark User Interface ..................................................................................... 3 Performing Basic Packet Analysis with Wireshark ............................................................................ 4 Capturing a TCP handshake ............................................................................................................ 4 Analyzing HTTP Traffic ................................................................................................................... 4 Analysis Questions ................................................................................................................................. 6
Download and Install Wireshark The download for Wireshark can be found here: https://www.wireshark.org/ Once downloaded follow the installation wizard and keep all the default configurations. Start Wireshark During the installation, a desktop shortcut was created. Double click the Wireshark icon to launch Wireshark. The default Wireshark User Interface (UI) can is depicted in Figure 1. Figure 1. Wireshark UI. Beginning a Wireshark Capture To start capturing packets, double-click the interface in which you have a current connection to a network on. If you are connected to a network over Wi-Fi select Wi-Fi from the interfaces list. *Note: if you are using a wired connection you will need to select the respective interface that corresponds with the network you are on. Packets sent to and from your host will become visible. Your Wireshark UI should look like Figure 2.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Figure 2. Capture started on Wi-Fi interface. Understanding the Wireshark User Interface The Wireshark UI is comprised of four basic panes (see Figure 3 for the depiction of the panes): o Display Filter: Allows users to filter for specific packets or filter out specific packets. o Packet List: Displays the packet number and timestamp, the source/destination of the packet, protocol name, length, and other general information about the packet. o Packet Detail: Displays the current packet selected in the Packet List pane. Outlines the protocols in use in addition to other fields of the packet. o Packet Bytes: Shows the byte details of the packet that is selected in Packet List pane. The right side is the ASCII representation while the left side is the hexadecimal view.
Figure 3. Wireshark panes identified . Performing Basic Packet Analysis with Wireshark In this section of the lab, students will capture the TCP handshake, sometimes referred to as the three-way handshake. In the three-way handshake, the Client sends a SYN packet to the Server, asking if the server is open to connections. The Server replies with a SYN/ACK packet, indicating they are open to new connections. The Client replies back to the server with an ACK packet, which tells the server the SYN/ACK packet has been received. The connection has now been made. After capturing the TCP (three-way) handshake, students analyze HTTP traffic. Capturing a TCP handshake Restart the current capture. o From the top navigation bar select “Capture” and then “Restart” from the dropdown list. In a browser navigate to www.utica.edu . Stop the capture by pressing the red box in the upper left corner. Enter the following display filter and identify the TCP handshake: o Filter: (tcp.flags.syn==1 ) || (tcp.flags == 0x0010 && tcp.seq==1 && tcp.ack==1) Analyzing HTTP Traffic Start a packet capture by selecting the blue fin in the top left corner. In a browser navigate to testphp.vulnweb.com/login.php. Packet Bytes
Once at the webpage click “login” at the top right corner. o Enter a fake username and password and select “Login” The credentials entered will fail (note: this is an expected outcome). Stop the packet capture by pressing the red box in the upper left corner. In the display filter pane enter the following filter: o Filter: http In the Packet List pane, you should now only see packets using the HTTP protocol Right click on the first packet in the Packet list pane and in the dropdown select “Follow” and then “HTTP Stream” o This will open another window that will look like Figure 4, Wireshark Follow HTTP Stream Window. Figure 4. Wireshark Follow HTTP Stream Window. Data in red represents the initial request made when you first navigated to the site. Data in blue represents the response from the website. o Looking at the website’s response data, identify what type of server is being used. Remove any filters in place on the capture. This can be done by pressing the “x” located at the right-side of the Display Filter pane. Go to Edit > Find Packet. At the drop-down menu for Packet list , make sure Packet details and String are selected. With all filters removed enter the following filter: o Filter: pass
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
In the Packet List pane, you should see two packets. Select the packet that contains an extra field in the Packet Detail pane titled “HTML form URL Encoded: application/x- www-form-urlencoded” (see Figure 5). Click the drop-down arrow. You should see at the top 2 “Form Items” one titled “name and another titled “pass”. There values will be set to the username and password you entered. Figure 5. Username and Password Found in Packet . Analysis Questions 1. “GET” is one type of an HTTP request method. Identify and describe GET and at least 4 other HTTP request methods. 2. Identify and describe the 5 types of HTTP status codes. 3. If you entered a username and password to a site like https://www.facebook.com while capturing traffic with Wireshark, why would you not see the username or password in cleartext? 4. Does Wireshark allow you to see all traffic on a network or just traffic to and from your host?

Related Documents

Black_BrandiAcc650_T3 completed.xlsx
University of California, Berkeley Data Management Class Set 3 (1).pdf
GA4 Exercise.docx
Exp22_Excel_Ch04_CumulativeAssessment_Variation_Rockville_Auto_Sales_Instructions.docx
Tutorial 1.docx
MIS 579 Quiz-MC-Chapter 03 part 2.docx
MIS 579 Quiz-MC-Chapter 02 part 6.docx
MIS 579 Quiz-MC-Chapter 02 part 5.docx
MIS 579 Quiz-MC-Chapter 02 part 4.docx
Assessing_the_Network_with_Common_Security_Tools_3e_-_Makayla_Stewart.pdf
give to remi.docx
Configuring_a_VPN_Client_for_Secure_File_Transfers_3e_-_Makayla_Stewart.pdf