Objective:
The objective of this project is to demonstrate your ability to capture live packets using Wireshark and analyze the data. As a networking professional, the ability to diagnose network problems using tools, such as Wireshark, is essential and necessary. This project will also enable you to apply your TCP/IP networking knowledge gained from this class in a real-world scenario.
Instructions:
1.Obtain a copy of Wireshark (if you don’t have one).
2.Familiarize yourself with Wireshark.
3.Turn the capture on by selecting the interface that you are using (Ethernet or Wi-Fi).
4.Issue a ping command from your command prompt. Example would be ping google.com. You can ping any host. It does not have to be google.com.
a.If you have a Windows machine, open the command prompt terminal and issue $ping -n 1 google.com. (Notice the blank space between –n and 1).
b.If you have a Mac, open the Terminal window and issue
$ping –c1 google.com
NOTE: The $ sign is the system prompt. You don’t enter the $ sign that is in front of the command.
5.Trun off wireshark capture.
6.Find the ping REQUEST packet from your capture.
7.You will decode/analyze a ping request packet (not ping response packet).
Note: ping command issued without –c1 (or –n 1) option will continually issue ping command. When you issue ping –c1 hostname, only one ping request is sent. That is what the –c1 option does and that is what you want to do.
Your project should use the template outline below.
Section 1 – Executive Summary
In an executive summary, one typically describes the problem you are trying to solve followed by the methods used to solve the problem. Be as descriptive as possible so that someone who is not familiar with the technology can clearly understand what you are trying to accomplish. A paragraph or two are generally what you should write.
Section 2 – Captured Frame in HEX
This section will contain the entire HEX capture of the Frame. Wireshark will provide the captured Frame in HEX number format. Cut and paste your capture in this section. The entire HEX capture is required for me to be able to grade your project.
Section 3 – Ethernet Frame Decode
This section is for decoding the captured Ethernet Frame. A diagram of an Ethernet Frame with each header field identified followed by the data of the Ethernet Frame.
Use color coding to identify Ethernet header and the data.
Section 4 – IP Datagram Decode
This section is for decoding the IP datagram portion from the Frame capture. Use the IP datagram decode sheet that I had provided so that you can identify each field. All values from the decode should be in decimal values. IP addresses should be decoded in dotted decimal notation.
For each IP header field, provide the values in decimal and describe each field.
Use color coding to identify IP header and the data.
Section 5 – ICMP Packet Decode
Ping uses ICMP protocol. Decode the ICMP header and identify ICMP data using a diagram. Header followed by the data.
Use color coding to identify ICMP header and the data.
Section 6 – Encapsulation Diagram
This section will contain a diagram that shows the layers of encapsulation (ICMP inside IP Packet and IP Packet inside an Ethernet Frame).
The bullet points below provide additional information for the required sections above:
A.Describe the exact packet capture that you are analyzing. A minimum of a paragraph worth of explanation is needed to clearly state the problem statement/Executive Summary and the objective (what are you trying to analyze?).
B.Cover page is required, and all other pages should have your name and page numbers on every page.
C.Draw a diagram that illustrates the layers of encapsulation for your captured packet. The encapsulation mechanism that is used by TCP/IP is in the textbook and I will reinforce this concept in lectures.
D.Your entire packet capture (1 of them) should be included as a HEX string value. This packet capture can be saved as a text file (or a pdf) from Wireshark.
E.Captured packet (in HEX) should be color-coded and clearly labeled to show which color indicates which layer of encapsulation. Indicate which color corresponds to which encapsulation.
F.Each part of the Ethernet frame should be described. Destination addr, Source addr, type, payload, and CRC (if any). Depending on the version of your Wireshark, you may or may not see CRC value at the end of an Ethernet Frame.
G.Each part of the IP packet should be identified. Header and the payload.
H.The IP header should be decoded with all values clearly stated. HEX values should be decoded in decimal. IP addresses should be decoded in dotted decimal notation similar to IP packet decode exercise done in class.
I.The payload of an IP packet should be identified.
J.The payload of an IP packet will be an ICMP packet. ICMP header and payload should be identified.
K.Your work MUST be neat, clearly organized, and easy to follow. Avoid ambiguities and don’t leave anything for me to assume.
L.Your work must be your own. I will know because each MAC address is unique as well as some other values in each header. You are required to provide the actual HEX output capture from Wireshark in section 1.
M.Handwritten work will NOT be accepted.
N.Screen shots of any kind will not be accepted because they are hard to read.
How to submit the project:
The project file name must be as follows: Firstname-Lastname.doc
NOTES:
You will notice tons of packets being captured if you are on a LAN that is heavily used. I suggest that you capture packets on your home LAN or any other LAN where you can control the packet flow. You will need to familiarize yourself in using the packet filtering capabilities of Wireshark in order to analyze the packet(s) of interest.
If you are not familiar with Wireshark, download it now and start familiarizing yourself with the package. I do not plan on teaching it, but I will answer questions.
Be proactive; do not wait until the end to ask questions. I see this all the time. I get questions two days before the project due date and by that time it is usually too late. 15% of your overall grade is NOT to be taken lightly.
0 comments