Question

The purpose of this lab:  Wireshark Intro Lab

is to get students familiar with the use of their VMs and running wireshark on their VMs. We also examine Ethernet, IPv4, and TCP addressing at the Network Access, Network, and Transport layers of the TCP/IP stack.

Reflection:

In two paragraphs reflect the experience of using Wireshark capture (in the lab) on the following questions: What was the most valuable feature of the lab? How did you prepare for this lab? What changes are you considering in preparing for your next lab? What did you learn from this experience? What advice would you give someone who was preparing for this lab for the first time? This should be well-written paragraphs that discusses items like those listed above.

Answer 1

The first part of the lab introduces packet sniffer, Wireshark. Wireshark is a free opensource network protocol analyzer. It is used for network troubleshooting and communication protocol analysis. Wireshark captures network packets in real time and display them in human-readable format. It provides many advanced features including live capture and offline analysis, three-pane packet browser, coloring rules for analysis.This document uses Wireshark for the experiments, and it covers Wireshark installation,packet capturing, and protocol analysis.

Step 1: Start up your favorite web browser

This step will not have a screen capture attached as it is rather self explanatory. For my lab, I chose to use Google Chrome.
Step 2: Start up the wireshark software
Step 3: Choose the correct interface from the drop down menu “Capture” and the corresponding checkbox
Step 4: Hit Start in order to Start Packet Capture

Step 5: Enter the following URL as shown in the image and receive the page shown in the image
Step 6: Allow time for packets to be captured, then stop packet capture
Step 7: Type in “http” without quotes into the display filter specification window
Step 8: Maximize http protocol window for the GET message of the project

Protecting the system:
Network administrators use Wireshark for troubleshooting the network problems. Protocol examination is a procedure used to notice in a real time. The raw data sent across the network interface is helpful for network arrangement and troubleshooting. Wireshark is used to monitoring distributed application and that monitored data can be used for detecting errors so performance will be improved. It is mainly used for examining the security problems and debugging protocol implementations. Easy to access and learn TCP/IP protocols, MAC frame, IP datagram.

Dag cards are specialised network monitoring cards. Multi-threading allows the capturing and also speedup the application by reducing the response time. The captured data can be used in any way depends on the persons goal. Sniffers are designed to solve network problems but in same they are malicious. It is very hard to identify sniffer because of passiveness, alternatively there are some way to detect by ARP detection technique, RTT detection and some more like SNMP monitoring.