Professional Documents
Culture Documents
Packet Analysis With Wireshark A. Using Wireshark To Capture Packets
Packet Analysis With Wireshark A. Using Wireshark To Capture Packets
LAB:PacketAnalysis
PacketAnalysiswithWireshark A. UsingWiresharktoCapturePackets
A.1 Introduction Wireshark is a protocol analyzer, or "packet sniffer" application, used for network troubleshooting, analysis, software and protocol development, and education. It allows the user to see all traffic being passed over the network by putting the network card into promiscuousmode.(fromwikipedia.org) A.2 CapturingPacketswithWireshark Inthisexercise,youwilllearnhowtocaptureandanalyzepacketsusingWireshark.Youneed twocomputers,PCaandPCb.PerformthefollowingstepsonlyinPCaanddonotusePCbat thismoment. 1) OpenInternetExplorerandminimizeit.Donotcloseit,youwilluseInternet Explorerinthisexercise. 2) FindWiresharkiconontheDesktopanddoubleclickittostartWireshark. 3) FromtheCapturemenu,selectInterfaces. 4) ClickonStartforVMwareAcceleratedADMPCNETAdaptor 5) YouwillconnecttoPCbswebsitetocreatenetworktraffic.IntheInternetExplorer URLwindow,typehttp://192.168.1.102andpressEnter. 6) Stopcapturingpacketsassoonaspossible.GobacktoWireshark,andfromthe Capturemenu,selectStoptostopcapturingpackets.Then,lookatthecontentof thecapturedpackets. ReviewQuestions: IntheWiresharkmenu,selectAnalyze,andthenselectDisplayFilters.Inthefilter windows,findNoARP,andclickonitandthenclickApply.Thiswayyouwillfilter outallARPpackets.Inthepacketheaderswindowclick+toexpandthecontentof individualheader(seethepicturebelow)andfillthefollowingtable.
NPOL