m

er as
co
eH w
o.
rs e
Case - 2
ou urc

Capturing Packets
o
aC s
v i y re

on Your Network
ed d
ar stu
sh is
Th

SITI - 620

This study source was downloaded by 100000796388833 from CourseHero.com on 05-16-2021 11:45:27 GMT -05:00

https://www.coursehero.com/file/20515132/Case-2/
 Capturing Packets on Your Network
In this chapter, we discussed several data link layer protocols, such as SDLC and Ethernet. The
objective of this Activity is for you to see the data link layer frames in action on your network.
Wireshark is one of the many tools that permit users to examine the frames in their network. It
is called a packet sniffer because it enables you to see inside the frames and packets that your
computer sends, as well as the frames and packets sent by other users on your LAN. In other
words, you can eavesdrop on the other users on your LAN to see what Web sites they visit and
even the email they send. We don’t recommend using it for this reason, but it is important that
you understand that someone else could be using Ethereal to sniff your packets to see and
record what you are doing on the Internet.
1. Use your browser to connect to www.wireshark.org and download and install the
Wireshark software.
2. When you start Wireshark you will see a screen like that in Figure 4.14, minus the two
smaller windows on top.
a. Click Capture
b. Click Interfaces
c. Click the Capture button beside your Wireshark connection (wireless LAN or
traditional LAN).

m
3. Wireshark will capture all packets moving through your LAN. To make sure you have

er as
something to see, open your Web browser and visit one or two Web sites. After you have

co
captured packets for 30–60 seconds, return to Wireshark and click Stop.

eH w
o.
rs e
ou urc
o
aC s
v i y re
ed d
ar stu

4. Figure 4.15 shows the packets captured on my home network. The top window in
Wireshark displays the complete list of packets in chronological order. Each packet is
numbered; I’ve scrolled the window, so the first packet shown is packet 11. Wireshark lists
sh is

the time, the source IP address, the destination IP address, the protocol, and some
additional information about each packet. The IP addresses will be explained in more
Th

detail in the next chapter.

This study source was downloaded by 100000796388833 from CourseHero.com on 05-16-2021 11:45:27 GMT -05:00

https://www.coursehero.com/file/20515132/Case-2/
 For the moment, look at packet number 16, the second HTTP packet from the top. I’ve
clicked on this packet, so the middle window shows the inside of the packet. The first line
in this second window says the frame (or packet if you prefer) is 1091 bytes long. It
contains an Ethernet II packet, an Internet Protocol (IP) packet, a Transmission Control
Protocol (TCP) Packet, and a Hypertext Transfer Protocol (HTTP) packet. Remember in
Chapter 1 that Figure 1.4 described how each packet was placed inside another packet
as the message moved through the layers and was transmitted.

Click on the plus sign (+) in front of the HTTP packet to expand it. Wireshark shows the
contents of the HTTP packet. By reading the data inside the HTTP packet, you can see
that this packet was an HTTP request to www.google.com. If you look closely, you’ll see
that the sending computer was a PC—that’s some of the optional information my Web
browser (Mozilla Firefox) included in the HTTP header.

m
er as
co
eH w
o.
rs e
ou urc
o
aC s

The bottom window in shows the exact bytes

v i y re

that were captured. The numbers on the left

show the data in hexadecimal format while
the data on the right show the text version.
The data before the highlighted section is the
ed d

TCP packet.
ar stu

From Chapter 2, you know that the client

sends an HTTP request packet to request a
Web page, and the Web server sends back
sh is

an HTTP response packet. Packet number

Th

25 in the top window in is the HTTP

response sent back to my computer by the
Google server. You can see that the
destination IP address in my HTTP request is the source IP address of this HTTP packet.

5. Figure 4.15 also shows what happens when you click the plus sign (+) in front of the
Ethernet II packet to expand it. You can see that this Ethernet packet has a destination
address and source address (e.g., 00:02:2d:85:cb:e0).

This study source was downloaded by 100000796388833 from CourseHero.com on 05-16-2021 11:45:27 GMT -05:00

https://www.coursehero.com/file/20515132/Case-2/
 Deliverables

1. List the layer 2, 3, 4, and 5 PDUs that are used in your network to send a request to get a
Web page.
Answer:
Layer 2
Ethernet II, Src: LiteonTe_ff:59:6c (70:1a:04:ff:59:6c), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
Layer 3

m
Internet Protocol Version 4, Src: 10.12.66.73, Dst: 91.232.4.242

er as
Layer 4

co
Transmission Control Protocol, Src Port: 45316 (45316), Dst Port: 80 (80), Seq: 1, Ack: 1, Len: 318

eH w
Layer 5
Hypertext Transfer Protocol - GET /battle-bases-c-3.html HTTP/1.1\r\n

o.
rs e
2. List the source and destination Ethernet addresses on the message.
ou urc
Answer:
Source: LiteonTe_ff:59:6c (70:1a:04:ff:59:6c)
Address: LiteonTe_ff:59:6c (70:1a:04:ff:59:6c)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
o

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
aC s

Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)

v i y re

Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

3. What value is in the Ethernet type field in this message? & Why?
ed d

Answer:
ar stu

Type: IPv4 (0x0800). This is because is the Internet Protocol Version

4. Search the Web to find a software vendor that sells a package that supports each of the
following protocols: SDLC, HDLC, Ethernet, and PPP (i.e., one package that supports SDLC,
sh is

anotlher [or the same] for HDLC, and so on).

Answer:
Th

Many point-to-point protocols exist at the Data Link layer including High-level Data Link Control
(HDLC), Synchronous Data Link Control (SDLC), Link Access Procedure Balanced (LAPB), and
Advanced Data Communications Control Procedure (ADCCP).

All of these protocols are very similar in nature and are found in older networks (such as X.25
networks). In the Internet, one of two point-to-point protocols are used at this layer: Serial Line
Internet Protocol (SLIP) or Point-to-Point Protocol (PPP) with PPP being the newer, approved
standard.

All of these protocols are used in point-to-point connections such as those on metropolitan area
network (MAN) or wide area network (WAN) backbones or when we dial our Internet service
provider (ISP) from home using a modem.

This study source was downloaded by 100000796388833 from CourseHero.com on 05-16-2021 11:45:27 GMT -05:00

https://www.coursehero.com/file/20515132/Case-2/
 High-Level Data Link Control (HDLC) is a bit-oriented code-transparent synchronous data link
layer protocol developed by the International Organization for Standardization (ISO).

One of the most notorious providers is CISCO, IBM, Hewlett Packard.

m
er as
co
eH w
o.
rs e
ou urc
o
aC s
v i y re
ed d
ar stu
sh is
Th

This study source was downloaded by 100000796388833 from CourseHero.com on 05-16-2021 11:45:27 GMT -05:00

https://www.coursehero.com/file/20515132/Case-2/
Powered by TCPDF (www.tcpdf.org)