1. Start wireshark and view the packets that are being picked up by your computer.
2. Look at several packets and then complete the following:
a. Look at a packet that is using TCP and then answer the following:
i. What is the source port?
Http (80)
Why is this source port used?
Because I was connecting to a website and using the http protocol.
ii. What is the destination port?
(49621)
Why is this destination port used?
It was randomly assigned because it was open for transmission.
iii. What is the flag? ACK
Why is this flag used?
Because it is an acknowledging packet sent to me to show part of the handshake needed to connect my computer with their server.
iv. What is the source and destination IP address?
Src (216.86.148.111)
DST (192.168.1.101)
Is this packet coming or going from your computer?
It was coming to me because my ip was the destination
v. What is the Time to live for this packet?
50
What does TTL mean?
TTL means how many routers it has to jump or how many actual seconds it has to travel; if it exceeds the number it gets deleted.
vi. What is the Differentiated Services field?
Differentiated Services is a computer networking architecture that specifies a scalable and coarse-grained mechanism for classifying, managing network traffic and providing Quality of Service (QoS) guarantees on modern IP networks.
List the current value.
0x00
What does this mean?
Routine class of service
List 4 other possible values.
001 (1) - Priority
010 (2) - Immediate
011 (3) - Flash
100 (4) - Flash Override
101 (5) - Critical
110 (6) - Internetwork Control
111 (7) - Network Control
vii. What is the protocol field set to?
(TCP)
What does this mean?
What protocol was used to send the packet?
viii. What else did you see that was interesting about the IP packet?
The validation was set at false, which seemed a lack of security to me.
ix. What is the framing type used?
Tcp
x. What is the source and destination MAC addresses? Is this frame coming or going from your computer?
Src Mac- 00:1e:e5:61:82:80
DST mac- 00:25:11:ad:25:ae
xi. What else did you see that was interesting about the Frame?
The ip type is 0x0800 which I can’t wait to find out what it means. So many codes to memorize!
b. Look at a packet that is using UDP and then answer the following:
i. What is the source port?
3478
Why is this source port used?
Randomly assigned I would imagine
ii. What is the destination port?
64933
Why is this destination port used?
Randomly assigned as well
iii. What is the flag?
0x02
Why is this flag used?
So it doesn’t fragment
iv. What is the source and destination IP address?
Src: 96.17.157.52
DST: 192.168.1.101
Is this packet coming or going from your computer?
Coming to my computer
v. What is the Time To Live for this packet?
55
What does TTL mean?
TTL means how many routers it has to jump or how many actual seconds it has to travel; if it exceeds the number it gets deleted.
vi. What else did you see that was interesting about the IP packet?
It had a don’t fragment bit set. That was interesting.
vii. What is the framing type used?
Udp
viii. What is the source and destination MAC addresses?
Src:00:1e:e5:61:82:80
Dst:00:25:11:ad:25:ae
Is this frame coming or going from your computer?
Coming to my computer
ix. What else did you see that was interesting about the Frame?
It looked almost identical to a tcp packet. I was expecting a larger difference.
c. Intercept several TCP packets until you can view the three way handshake (read about this on pg. 118 and 119). What are the sequence and acknowledgement numbers on all 3 segments?
Could not determine how to do this via book.
d. Intercept an ARP frame. List the following:
i. What is the destination MAC address?
00:25:11:ad:25:ae
Why is this address used?
To show the destinations physical address to help route it.
ii. What is the source MAC address?
00:1e:e5:61:82:80
Why is this address used?
To show the destinations physical address to help route it.
iii. What is the destination IP address?
192.168.1.101
Why is this address used?
To help route the packet.
iv. What is the source IP address?
192.168.1.1
Why it this address used?
To help route the packet
v. Write a paragraph about anything else you’re learned from capturing an ARP frame.
I have learned that an arp frame is a really easy frame to get the feel for. Easy to find information in it and you can quickly ascertain information about where it is going and coming from. I didn’t see much to tell me what kind of data it was carrying. I gather that is the point of it, just to hope to get the packet somewhere quick.
e. Write at least a half page about Wireshark? What did you learn? What was interesting? Do you feel this is a valuable program? Etc.;
This is the most unintuitive program I have ever seen. It gives me plenty of information sure but it does it in such a haphazard fashion to my eyes that I might as well been reading COBOL. I am sure if I had been able to attend the lab in class this would have been a little easier to digest and sort out. I do however praise it on the amount of information available. I know where my source ports are, my destination ports, and my protocols used are. I am a little fuzzy on differentiated services field.
What this program needs is a good once over by someone who can program a decent GUI. Throwing this much data at a person strains the eyes and is not healthy. This having been my first time using this program I would immediately seek another program or attempt to build my own faced with this.
