TLT-2316 Computer Networking I: Wireshark Assignment

TLT-2316 Computer Networking I

General notes and requirements

The assignment must be done individually.

The language of reports is English.

Your report must contain your name, student number, and e-mail.

Deadline is December 17, 2010.

Reading and useful links

Wireshark (official page)

The Wireshark user's guide (pdf or html)

Wireshark Frequently Asked Questions (html)

“Computer Networking: A Top-Down Approach, Fourth Edition” by James Kurose and Keith Ross (Wireshark lab manuals and traces)

Basic network application troubleshooting with Wireshark (Ethereal) (html)

How to run Wireshark

SYSTEM REQUIREMENTS

Operating systems:
Microsoft Windows 2000, XP, Server 2003, Server 2008, Vista, 7
Wireshark currently runs on most UNIX/Linux platforms (the system requirements should be comparable to the Windows values listed below)

Memory:
128MB required (recommended: 256MB or more)

Disk space:
75MB required
A minimum 100MB of additional disk space is also recommended to store trace files.

Display:
800x600 or higher resolution

For additional information, refer to the Wireshark user's guide.

DOWNLOAD & INSTALLATION

Download the software from here (about 18.3MB):

http://www.wireshark.org/download.html

After you have downloaded the installer, simply run the executable and follow the instructions to install the software. Note that you must be logged in with Administrator privileges to install the software.

The installation process is quite straightforward (html).

For any information about building and installing Wireshark under UNIX/Linux, refer to the Wireshark user's guide.

IMPORTANT NOTES

Selecting the interface

To begin packet capture, start up the Wireshark software, select the Capture pull down menu, and select Options. In the Wireshark: Capture Options window, do the following (jpg):

- in the Interface pull down menu, select an interface that is being used to send and receive packets (*);
- uncheck Capture packets in promiscuous mode;
- and click Start.

Packet capture will now begin - all packets being sent/received from/by your computer are now being captured by Wireshark.

(*) If you do not know which interface to select (i.e., which one is used to send and receive packets), go to the Capture pull down menu and select Interfaces. This will cause the Wireshark: Capture Interfaces window to be displayed. This window will only show the local interfaces Wireshark knows of. You can easily identify the interface which is used to send and receive packets by looking at the number of packets captured from this interface (Packets). Unused interfaces will be greyed out, since no packets were captured in the last time interval. After that, click Close.

(*) If you are running Wireshark on a UNIX/Linux operating system and do not see your network interface in the list of available interfaces, then you may need to run Wireshark from an account with sufficient privileges to capture packets. For example, you can run Wireshark with a sudo command as following.

In Ubuntu Linux 8.10, go to the Applications menu, open the Internet tab, and run Wireshark (as root).

Otherwise, go to the Applications menu, open the Accessories tab, and run Terminal. In the Terminal window, issue the following command:

sudo wireshark

Taking screenshots

In Microsoft Windows, pressing the Print Screen key (often abbreviated as Prt Scr, Print Scrn, Prt Scn, or Prnt Scrn) will capture the entire screen, while pressing the Alt key in combination with the Print Screen key (Alt-Print Screen) will capture the currently selected window.

In GNOME and KDE desktop environments, Print Screen behavior is similar to that of Microsoft Windows by default. However, a window will additionally pop up, prompting to save the screenshot to a file (in the PNG format by default).

The captured image can then be pasted into your report.

Warm-up

Read the introduction lab (pdf) from “Computer Networking: A Top-Down Approach, Fourth Edition” by James Kurose and Keith Ross and get familiar with Wireshark.

You do not need to submit anything at this stage.

Part 1

Part 1 should be downloaded from here (pdf).

The trace files are located here (zip).

Follow the notes given in this part and answer all the questions.

Part 2

Part 2 should be downloaded from here (pdf).

The trace files are located here (zip).

Follow the notes given in this part and answer all the questions.

Contact information

Roman Dunaytsev, feel free to contact me by e-mail: dunaytse@cs.tut.fi

Last modified: November 20, 2010