Th
is will
require you to down
load and
install Wireshark
,
a packet-
sniffing utility we will use.

READ BELOW WHAT YOU WILL NEED TO SUBMIT HERE FOR THIS LAB:

You will complete all lab steps, and when you get to Step 9 of the lab, you will complete Step 9 and then upload a screenshot
of your own screen (which
will look similar to Figure
5).

This interesting and fun
exercise will help you understand how to view network packet details.

that
messages excha
nged by higher layer protocol
ssuch as HTTP, FTP, TCP, UDP,

DNS, or IP all are eventually encap
sulated in
link-layer frames that are
transmitted over
physical media such as an Ethernet
cable
or an 802.11 WiFi radio
. Capturing all link
-layer frames thus gives you all messages sent/receive
d
across the monitored link from/by
all protocols
and application
s executing in your computer.
Figure 1: packet sniffer structure
The second component of a packet sniffer is the
packet analyze
r
, which displays the
conte
nts of all fields within a protocol message. In order to do so, the packet analyzer
must “
understand” the structure of all mess
ages exchanged by protocols. For example,
suppose we are interested in displaying the various fields in messages exchanged by the
HTTP protocol in Figur
e 1. The packet analyzer understands the format of Ethernet
frames, and so can identify the IP datagram
within an Ethernet frame. It also understands
the IP datagram format, so that it can extract the TCP segment within the IP datagram.
Finally, it understands the TCP segment structure, so it can extract the HTTP message
contained in the TCP segment. Fin
ally, it understands the HTTP protocol and so, for
example, knows that the first bytes of an HTTP message will contain the string “GET,”
“POST,” or “HEAD,” as shown in Figure
2
.8 in the text.
We will be
using the Wireshark packet sniffer [
http://www.wireshark
.
org/
] for these labs
,
allowing us to display the contents of messages being sent/received from/by protocols at
dif
ferent levels of the protocol stack. (Technically speaking, Wireshark is a packet
analyzer that
uses a packet ca
pture library in your computer
. Also, technically speaking,
Wireshark captures link
-layer frames as shown in Figure 1, but uses the generic term
“packet” to refer to link
-layer frames, network
-layer datagrams, transport
-layer segments,
and application-layer messages, so we
’
ll use th
e less
-precise “packet” term here to go
along with Wireshark convention
). Wireshark is a free network protocol analyzer that
runs on Windows,
Mac
, and
Linux/Unix
computers. It’s an ideal packet analyzer for our
labs – it is stable, has a large user base and well
-documented support that includes a user
-guide (
http://www.wireshark.org/docs/wsug_html_chunked/
), man pages
1 References to fi
gures and sections are for the
8th edition of our text,
Computer Networks, A Top
-downApproach,
8th ed., J.F. Kurose and K.W. Ross, Addison
-Wesley/Pearson, 2020.

(http://www.wireshark.org/docs/man
-pages/
), and a detailed FAQ
(http://www.wireshark.org/faq.html
), rich functionality that includes the capability to
analyze hundreds of
protocols, and a well
-designed user interface. It operates in
computers using
Ethernet, serial (PPP), 802.11
(WiFi)
wireless LANs, and
many other
link-layer technologies
.Getting Wireshark
In order to run Wireshark,
you’
ll need to have access to a computer that s
upports both
Wireshark and the
libpcap or WinPCap
packet capture library. T
he libpcap software
willbe installed for you, if it
is not
installed within your operating system,
when you install
Wireshark.
See
http://www.wireshark.org/download.html for a list of supported
operating systems and download sites
.Download and install the Wireshark software:
• Go to
http://www.wireshark.org/download.html and download and install the
Wireshark binary for your computer.
The Wireshark FAQ has a number of helpful hints and interesting tidbits of information,
particularly if you have trouble installing or running Wir
eshark.Running Wireshark
When
you run the Wireshark program,
you’ll
get a startup screen that looks something
like the screen below. Different versions of Wireshark will have
different startup screens
– so don’t panic if yours doesn’t loo
k exactly like the screen below! The Wireshark
documentation states “As Wireshark runs on many different platforms with many
different window managers, different styles applied and there are different versions of the
underlying GUI toolkit used, your screen might look different from the provided
screenshots. But as there are no real differences in functionality these screenshots should
still be well understandable.” Well said.

Figure 2:
Initial Wireshark Screen
There’s not much
that’s very
interesting on this
screen. But note that
under the Capturesection, there is a list of so
-called interfaces. The
Mac computer we’re taking these
screenshots from has just one interface
– “Wi
-Fi en0,”
(shaded in blue in Figure
2)
whichis the interface for Wi
-Fi access. All packets to/from this computer will pass through the
Wi-Fi interface, so it’s here where we
’ll want to capture packets. On a Mac, double click
on this interface (or on another
computer locate the interface o
n startup page through
which you are getting Internet connectivity, e.g., mostly likely a WiFi or Ethernet
interface, and select that interface
).Let’s take Wireshark out for a spin!
If you click on
one of these interfaces to start packet
capture (i.e., f
or Wireshark to be
gin capturing all packets being sent to/from that
interface), a screen like the one below will be displayed, showing information about the
packets being captured. Once you start packet capture, you can
stop it by using the
Capture pull
d
own menu and selecting Stop (or by clicking on the red square button next
to the Wireshark fin
in Figure 2). 22 If you are unable to run Wireshark,
you can still look at packet traces
that were
captured on one
of the author’s (Jim’s) computer
. Download the zip file
http://gaia.cs.umass.edu/wireshark
-labs/wireshark
-traces-8E.zip
and extract the file
wireshark-intro-trace. The traces in this zip file
were collected by Wireshark running on one of the author’s (Jim’s) computers, while performing
the steps indicated above. Once you have downloaded the trace, you can load it into Wireshark
and view the trace using the
File pull down menu, choosing
Open
, and then selecting the
wireshark-intro-trace trace file. The resulting display should look similar to Figures 3
and 5
.(The Wireshark user interface displays just a bit differently on different operating systems, and in
different versions of Wireshark).

Figure 3:
Wireshark window,
during and after capture
This looks more interesting!
The Wireshark interface has five major
components:
• The command menus
are standard pulldown menus located at the top of the
Wireshark window (and on a Mac
at the top of the screen
as well
; the
screenshotin Figure 3 is from a Mac)
. Of interest to us now are the File and Capture menus.
The File
menu allows you to save captured packet data or open a file containing
previously captured packet
data and
exit the Wireshark application. The Capture
menu allows you to begin packet capture.
• The packet-listing
window
displays a one
-line summary for each
packetcaptured, including the packet number (as
signed by Wireshark;
note that this is
not a packet number contained in any protocol’s header), the time at which the
packet was captured, the packet’s source and destination addresses, the protocol
type, and
protocol-specific information contained in the packet. The packet listing
can be sorted according to any of these categories by clicking on a column name.
The protocol type field lists the
highest-level protocol that sent or received this
packet, i.e., t
he protocol that is the source or ultimate sink for this packet.
• The packet-header details window
provides details about the
packet selected
(highlighted) in the
packet-listing window.
(To select a packet in the
packet-listing window, place the cursor ove
r the packet’s one
-line summary in the
packet-listing window and click with the left mouse button.)
. These details
include information about the Ethernet frame
(assum
ing the packet was
sent/received over an Ethernet interface)
and IP datagram that contain
s this
packet. The amount of Ethernet and IP
-layer detail displayed can be expanded or

minimize
d by clicking on the plus
/minus boxes
or right/downward
-pointingtriangles
to the left of the Ethernet frame or IP datagram line in the packet details
window. I
f the packet has been carried over TCP or UDP, TCP or UDP details
will also be displayed, which can similarly be expanded or minimized. Finally,
details about the highest-level protocol that sent or received this packet are also
provided.
• The packet-contents window
displays the entire contents of the captured frame,
in both ASCII and hexadecimal format.
• Towards the top of the Wireshark graphical user interface, is the
packet display
filter field,
into which a protocol name or other information can be enter
ed inorder to filter the information displayed in the packet
-listing window (and hence
the packet-header and packet
-contents windows). In the example below, we’ll
use the packet
-display filter field to have Wireshark hide (not display) packets
except tho
se that correspond to HTTP messages.
Taking Wireshark for a Test Run
The best way to learn about any new piece of software is to try it out!
We’ll assume that
your computer is connected to the Internet via a wired Ethernet interface
or a wireless
802.11 WiFi interface
. Do the following
:1. Start
up your favorite web browser, which will display your selected homepage.
2. Start up the Wireshark software. You will initially see a window s
imilar to that
shown in Figure 2.
Wireshark has not yet begun capturing packets.
3. To begin packet capture, select the Capture pull down menu and select
Interface
s.This will caus
e the “Wireshark: Capture Interface
s” window to be displayed
(on a
PC) or you
can choose Options on a Mac. You should see a list of interfaces
, as
shown in Figures 4a (Windows) and 4b (Mac)
.Figure 4a
:
Wireshark Capture interface window, on a Windows computer

Figure 4b:
Wireshark Capture interface window, on a Mac
computer4. You’ll see a list of the interfaces on your computer as well as a count of the
packets that have been observed on that interface so far.
On a Windows machine,click on Start for the interface on which you want to begin packet capture (in the
case
in Figure 4a, the Gigabit network Connection).
On a Windows machine,select the interface and click Start on the bottom of the window).
Packet capture
will now begin
– Wireshark is now capturing all packets being sent/received
from/by your computer
!5. Once you beg
in packet capture, a
window similar to that shown in Figure 3 will
appear
. This window
shows the packets being captured. By selecting
Capturepulldown menu and selecting
Stop, or by click on the red Stop square,
you canstop packet capture.
But d
on’t stop packet capture yet.
Let’s capture some
interesting packets fir
st. To do so, we’ll need to ge
nerate some network traffic.
Let’s do so using a web browser, which will use the HTTP protocol that we will
study i
n detail in class to download content from a website.
6.
While Wireshark is running, enter the URL:
http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.htmland ha
ve that page displayed in your browser. In order to display this page, your
browser will contact the HTTP server at gaia.cs.umass.edu and exchange HTTP
messages with the server in order to download this page, as discussed in section
2.2 of the text. The E
thernet or WiFi
frames
containing these HTTP messages
(aswell as all other frames passing through your Ethernet
or WiFi adapter)
will becaptured by Wireshark.
7.
After your browser has displayed the INTRO
-wireshark-file1.html page
(it is a
simple one line
of congratulations)
, stop Wireshark packet capture by selecting
stop in the Wireshark capture window.
The main Wireshark window sho
uld now
look similar to Figure 3
. You now have live packet data that contains all protocol

messages exchanged between your
computer and other network entities! The
HTTP message exchanges with the gaia.cs.umass.edu web server should appear
somewhere in the listing of packets captured. But there will be many other types
of packets displayed as well (see, e.g., the many differe
nt protocol types shown in
the Protocol
column in Figure 3
). Even though the only action you took was to
download a web page, there were evidently many other protocols running on your
computer that are unseen by the user. We’ll learn much more about thes
eprotocols as we progress through the text! For now, you should just be aware that
there is often much more going on than “meet’s the eye”!
8.
Type in “http” (without the quotes, and
in lower case
– all protocol names are in
lower case in Wireshark) into t
he display filter specification window at the top of
the main Wireshark window. Then select
Apply
(to the right of where you entered
“http”)
or just hit return
. This will cause only HTTP message to be displayed in
the packet-listing window. Figure 5 belo
w shows a screenshot after the http filter
has been applied to the packet capture window shown earlier in Figure 3. Note
also that in the Selected packet details window, we’ve chosen to show detailed
content for the Hypertext Transfer Protocol application
message that was found
within the TCP segment, that was inside the IPv4 datagram that was inside the
Ethernet II (WiFi) frame. Focusing on content at a specific message, segment,
datagram and frame level lets us focus on just what we want to look at (in
thiscase HTTP messages).
Figure 5:
looking at the details of the HTTP message that contained a GET of
http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html

9.
Find the HTTP GET message
that was sent from your computer to the
gaia.cs.umass.edu HTTP server.
(Look for an HTTP GET message in the “listing
of captured packets” portion of the Wireshark window (see Figure
s 3 and 5) that
shows “GET” followed by the gaia.cs.umass.edu URL that you entered.
Whenyou select the HTTP GET m
essage, the Ethernet frame, IP datagram, TCP
segment, and HTTP message header information will be displayed in the packet
-header window
3 . By clicking on ‘+’ and ‘
-‘ and right
-pointing and down
-pointingarrowheads to the left side of the packet details win
dow, minimize the amount of
Frame, Ethernet, Internet Protocol, and Transmission Control Protocol
information displayed.
Maximize
the amount information displayed about the
HTTP protocol. Your Wireshark display should now look roughly as shown in
Figure 5. (Note, in particular, the minimized amount of protocol information for
all protocols except HTTP, and the maximized amount of protocol information for
HTTP in the packet
-header window).
10.
Exit
WiresharkCongratulations! You’ve now completed the first l
ab!3 Recall that the HTTP GET message that is sent to the gaia.cs.umass.edu web server is contained within a
TCP segment, which is contained (encapsulated) in an IP datagram, which is encapsulated in an Ethernet
frame. If this
process of encapsulation isn’t quite clear yet, review section 1.5 in the text

What to hand in
The goal of this first lab was primarily to introduce you to Wireshark. The following
questions will demonstrate that you’ve been able to get Wireshark up and running, and
have explored some of its capabilities. Answer the following q
uestions, based on your
Wireshark experimentation:
1. List 3 different protocols that appear in the protocol column in the unfiltered
packet-listing window in step 7 above.
2. How long did it take from when the HTTP GET message was sent until the HTTP
OK repl
y was received? (By default, the value of the Time column in the packet
-listing window is the amount of time, in seconds, since Wireshark tracing began.
To display the Time field in time
-of-day
format, select the Wireshark
View
pulldown menu, then select Time Display Format
, then select Time-of-day.)3. What is the Internet address of the gaia.cs.umass.edu (also known as www
-net.cs.umass.edu)? What is the Internet address of your computer?
4. Print
the two HTTP messages (GET and OK) referred to in question 2 above. To
do so, select
Print from the Wireshark
File command menu, and select the
“Selected Packet Only”
and “Print as displayed”
radial buttons, and then click

Turn in your highest-quality paper
Get a qualified writer to help you with

“ computer network and security ”

Get high-quality paper

NEW! AI matching with writer

Are you stuck with your online class?

Get help from our team of writers!

Order Today