Find the protocols used at each layer of the TCP/IP model

Assignment Detail:- Lab Sheet - Week -Introduction to Wireshark- Objectives• Gain familiarity with Wireshark• Capture and interpret network data• Locate additional Wireshark resources Discussion Wireshark is a protocol analyser tool and its function is to capture and display network traffic- In Wireshark, we can filter specific traffic, e-g-, capturing and displaying the broadcast traffic from other machines- In the coming weeks, we will use Wireshark to capture and examine network traffic to get an understanding of the basics of networking and how particular network protocols operate- Wireshark is an open source product and can be downloaded and installed free of charge- It supports Windows, Mac, Linux, and Unix platforms- It is the most common and widely used networking tool- It is installed in the Linux Lite virtual image and on Windows host machines- Students should consider downloading and installing Wireshark on their computers/laptops- Launching WiresharkWireshark can be launched from Windows Start menu or Menu -> Internet on Linux- Upon launching, the following screen will be displayed- In this opening screen, you can see the main menu with different options and the interfaces- On the right side of interfaces, you can see whether there is any traffic flowing or not- You can also enter a capture filter to specify the traffic, you are interested to see- During your lab tasks, you will frequently be using different options, e-g-, File, Capture, and Statistics, in the main menu for capturing and analysing network traffic-• File -saving and opening captured traffic files-• Capture -starting and stopping network captures and choosing network interfaces-• Statistics -summarising information of captured traffic- The icons below the menu bar provide shortcuts for starting the capturing sessions, stopping a capture session, saving and opening captured files, searching specific packets, and other functions- The filter area allows to select filters provided by Wireshark or enter new filters- The display filters area allows you to limit the amount of traffic displayed by Wireshark- Capturing Network Traffic• Open Wireshark on Linux Lite and select Capture -> Options-• The left-hand side of the screen shows available network interfaces- Select the one labelled enp0s3- From here, we can enter a capture filter -optional- and select Start to start capturing network traffic- • To stop traffic capturing, click on the red Stop button in the Wireshark menu-• The captured traffic should resemble to the screen shot below- You can notice three distinct panes, i-e-, packet list pane -the top one-, decode pane -the middle one-, and packet dump -the bottom one-, and are explained below- Packet List: It shows details of all captured packets- The Time column records the time when a packet was captured- With no filter, this list will grow rapidly-Packet Decode: It shows the decoded contents of a captured packet- This pane will contain a "human readable" interpretation of data inside the packet- You can click on different sections in the decode contents and the corresponding region in the packet dump pane will be highlighted-Packet Dump: It shows data bytes in the current packet- If you maximise the window, you can notice that there are three views of the captured data- In the left-hand view, data are displayed in hexadecimal format- The middle view shows the information in byte format, i-e-, two hexadecimal digits- In the right-hand view, certain bytes do not represent a printable character and are represented by a full-stop- Sixteen bytes are normally displayed in each row- Wireshark Exercises-i- Capturing Network Traffic• Run Wireshark-• From main menu, select Capture -> Interfaces-• Choose the interface that is connected to the network-• Click Start to begin the capture-If you are not capturing traffic you may have selected an interface that is not connected to the network- If you are on a low traffic network, you can generate network traffic by running any network enabled program, e-g-, Firefox- Number of packets generated from basic web sites will be enough- • Wait for about 20 seconds- Click the Stop button to stop capturing network traffic-• Determine the size of first packet in the packet list pane- Frame summary at the top of the packet decode pane lists the size- You can also confirm the size by counting the bytes in the packet dump pane at the bottom of the screen-• Now look at the sizes of more packets in the captured traffic- The sizes are likely to vary considerably- -ii- Saving Captured Traffic• From the file menu, select Save As and save the captured traffic to your desktop-• What is the size of the saved file????• What extension does Wireshark use when saving the traffic????• Saved files can be loaded into Wireshark from the file menu for subsequent analysis- -iii- Analysis of Captured Traffic• In the packet list pane, you can find seven columns containing different types of information-• The Time column indicates the time between subsequent packets- Determine the time difference between any two packets- Try to find a few packets that got very small time difference between them- -iv- Sorting the Traffic• The Protocol column is extremely important as it allows us to focus on specific traffic-• Click on the Protocol column to sort the traffic according to its type-• You will probably see the TCP, UDP, and other types of traffic- -v- Ethernet/MAC Addresses• Arrange the packet list pane in a way so that it only shows 3 or 4 packets- This will allow you to have more room to display most or all packet dump pane contents in the bottom of the screen-• In the packet decode pane, click on the word Frame- It will display you the information related to entire transmission-• Click on the word Ethernet II- You will see the first 14 bytes highlighted in the packet dump pane- This indicates that the Ethernet II data constitutes the first 14 bytes of the frame-• Click the solid triangle next to the Ethernet II- Here, you will be able to see the Ethernet destination and source addresses and type of IP address in the packet-• Determine the total number of bytes used to store the Ethernet source or destination address-• Determine the total number of bits required to store the Ethernet destination address- -vi- Observing the Captured Traffic• Download RandomTraffic-1-pcapng from Week 4 in your Moodle Shell to Linux Lite-• This file was captured from Mt Helen networking lab without applying a capture filter-• The captured traffic is the background traffic of moderate size networks-Protocol Column• The protocol column tells us the network protocol in this packet-• How many different types of protocols have been captured????• What are the size ranges of the packets captured???? Encapsulation• In this exercise, you need to find the protocols used at each layer of the TCP/IP model and the sizes of associated layer headers- This information can be found by selecting a packet in the packet list pane and inspecting it in the decode pane-• For example, the first packet -TCP packet- is 66 bytes long- First 14 bytes represent the Ethernet header, next 20 bytes represent the IP header, and last 32 bytes represent the TCP header-• The second packet is an OSPF packet and is 94 bytes long- It has an IP header -20 bytes long- associated with it followed by the OSPF information- OSPF is a Network layer protocol and does not require any encapsulation, therefore, we do not see a TCP header- Determine more information about the role of OSPF in computer networking from the Internet-• Study the encapsulation of STP protocol- Try to determine the encapsulation from network traffic- -Hint: If you cannot see the network layer protocol or the transport layer protocol header, then the interactions are taking place on the data link layer- Confirm this by looking on the Internet for information about the protocol in question- Also have a look at the Ethernet Type field in the Ethernet header for STP-• To collate the information about packet headers, you need to create a table as shown below- Table Part Complete the above table and explain it to your tutor- Online students should provide a brief summary in their first lab tasks report- -vii- Ethernet CommunicationEthernet based communication is local, i-e-, communication between two network interface cards on the same network- This type of communication requires source and destination MAC addresses only- To demonstrate this fact, we have developed a program that can run on Linux Lite and creates an Ethernet packet containing the MAC address of your machine -the source- and a destination machine -you need to enter the destination machine's MAC address manually-- The Type field of this Ethernet frame is one of the reserved Ethernet types- This was chosen so that Wireshark does not have issues decoding the frame content- It will simply interpret any information beyond the 14 bytes of the Ethernet header as Data- Machine 1 -Any machine that can run Wireshark-• Determine the MAC address of this machine so that the packet can be formatted correctly on machine 2- Machine 2 -Linux Lite-This machine will be used to format the Ethernet frame and send it-• Open Firefox or any other browser and enter the URL -phoebe-ballarat-edu-au/ITECH1102/--• Click on the file SendEthernet-tar-gz and save it to the home directory of user1 -/home/user1/--• Double click the file -SendEthernet-tar-gz- and extract it to user1's home directory-• Open the terminal screen and type ls -ls is the list command and shows the contents of your home directory-- Now you should be able to see the file run-sh-• Then type sudo -/run-sh and enter user1's password when prompted- You should be able to see an interface similar to the one shown below- • Make sure you have Wireshark running on the receiving machine- • Send the packet-• Stop each instance of Wireshark from capturing more packets- The program interface creates a Wireshark display filter that can filter out all other traffic from a large capture- If you like you can cut and paste the display filter on your Linux Lite machine to display the packet that was sent, or you can use it on the other machine to display the packet that was received- By inspecting the packet, you should be able to see the MAC addresses of source and destination- You should also be able to see the type field -0xffff- and the data that you entered in the GUI interface- MAC Address PartShow the captured packet to your tutor- The capture should be performed on both your Linux Lite and the destination machines- Online students should include a screenshot of the captured packet in their first lab tasks report- -viii- Wireshark Online ResourcesLaura Chappell is extremely active in the area of network analysis using Wireshark and has a strong web presence- She runs a website called Chappell University- Laura has posted many free online videos on YouTube and other sites- The site www-lcuportal2-com/ has many free Wireshark videos explaining the basics and advanced features of Wireshark- If you the link www-lcuportal2-com/, then on the left-hand side of the screen, you should be able to see links to• Free Wireshark Basics• Public Course Handouts You can start with the Free Wireshark Basics link and observe the first few videos- It will be advantageous to look at other videos available on this site- Some video topics may help you better understanding some lab exercises in this course- In this week, we have ignored the ARP which is a data link layer protocol- We will discuss it in the coming weeks lectures- Attachment:- Wireshark-rar

Most Recent Questions


Helping Students for Excellence in Academics, GET Help with Assignment? Order Now