《计网实验basic packet analysis by wiredhark》由会员分享,可在线阅读,更多相关《计网实验basic packet analysis by wiredhark(8页珍藏版)》请在金锄头文库上搜索。
1、Test 2. Basic Packet analysis by Wiredhark The Wireshark packet analyser is used to capture and show the control information and data stored in packets transmitted on a network. In order to start capturing packet data transmitted over the network you need to specify an interface on which you want to
2、 capture information. 1. On the menu bar, click on the capture option in the main Wireshark menu and then select the interfaces. This choice will let you to assign a network adapter for capturing data packets transmitted over the network. Select a network interface that can be used for data collecti
3、on and click the corresponding Start button. (Such interface will have an IP address corresponding to the network segment was the data you are interested in originates). The data that have been collected during the capture will be shown in the Wireshark application window. To terminate a capture ses
4、sion click on the Stop button. 2. The application window is divided into 3 panes. The top pane show a row of information for each packed captured (including a sequence number, capture time, source and destination address, the protocol used and information column about the purpose for each captured p
5、acket) . Note: source and destination addresses could be IP, MAC or port addresses (depending on the protocol used by the packet). (The order (ascending/ descending) of the content in each column can be changed by clicking on the Heading) 3. The center pane displays the protocols associated by the s
6、elected packet. 4. The bottom pane displays the hexadecimal representation of data contained in the selected packet on the left and a character based version of same information on the right. Exercise1. 1.Start a capture session and observe the middle pane for a few minutes.2.Open a browser and ente
7、r http:/ into the browser address bar and press Enter. 3.Once the science direct page displayed click the close button on the browser and Stop the Wireshark capture. Packet Filter The data captured could be thousands of packets. In order to focus just on those packets which are relevant to the probl
8、em, we can use Wireshark filtering utility. Wireshark display filters can be created by typing the keyword into the Filter text box. For example if you want to see only those packets which contain TCP protocol, type TCP in the Filter text box and Wireshark will hide all the packets that do not meet
9、the selection. 4.Go to Wireshark window and type ftp in the Filter text box and then click on the Apply Button. Does it work? Why? NO, using the protocol is http, rather than ftp. 5.To remove a filter and return to the full view click the Clear button.Type DNS in the Filter text box and click on the
10、 Apply Button. Does it work? Why? Yes。The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities
11、. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for the purpose of locating and identifying computer services and devices with the underlying network protocols. By providing a worldwide, distributed directory service, the Domain Name System
12、is an essential component of the functionality of the Internet. The Domain Name System delegates the responsibility of assigning domain names and mapping those names to Internet resources by designating authoritative name servers for each domain. Network administrators may delegate authority over su
13、b-domains of their allocated name space to other name servers. This mechanism provides distributed and fault tolerant service and was designed to avoid a single large central database.6.Create a filter that displays only those packets that use HTTP protocol. Explain how you do this task: To remove a
14、 filter and return to the full view click the Clear button.Type HTTP in the Filter text box and click on the Apply Button. Exercise2 1.What is the purpose of DHCP? Can you filter packets that are using DHCP? How? DHCP is a client/server protocol used to dynamically assign IP-address parameters (and
15、other things) to a DHCP client. It is implemented as an option of BOOTP. DHCP uses BOOTP as its transport protocol.Close all the windows Go to command prompt and ask the server to release your IP address( by typing : Ipconfig/release) Start Wireshark and start filtering Packets associated with DHCP.
16、 Go back to thecommand prompt and ask the server to renew your IP address( by typing : Ipconfig/renew) Go to Wireshark and stop the wireshark capture Observe the filtered packets 2.Take a note of destination and source of these packets.Exercise 3 In this exercise you will learn to filter and see the packets that your computer receives from one specific source. As an example you are going to capt
