VIETNAM NATIONAL UNIVERSITY HO CHI MINH CITY

UNIVERSITY OF INFORMATION TECHNOLOGY

REPORT
Lab 01: Wireshark Getting Started

Subject: Computer Network

Class: CS4283.P12.CTTT

GROUP MEMBERS (Group ID: xx):

No. Name Student ID Self-assessment
points
1 Nguyen Thi Kim Lien 22520753 10/10

Total working time 27/09/2024 - 27/09/2024

Comments (optional) No
+ Troubles
+ Suggestions
+ Recommendations
Lab 01: Wireshark Getting Started
2

Table of Contents
A. DETAILED REPORT..................................................................................3
1. Task 1..................................................................................................3
Question 1................................................................................................3
Question 2.................................................................................................3
Question 3.................................................................................................3
Question 4.................................................................................................4
Question 5.................................................................................................4
Question 6.................................................................................................5
Question 7.................................................................................................5
Question 8.................................................................................................5
Question 9.................................................................................................6
2. Task 2..................................................................................................6
Question 10...............................................................................................6
Question 11...............................................................................................6
Question 12...............................................................................................6
Question 13...............................................................................................7
Question 14...............................................................................................8

University of Information Technology

Lab 01: Wireshark Getting Started
3

A. DETAILED REPORT
1. Task 1
Question 1.
What is the total time spent capturing packets and the total number of packets
captured?
Total time spent: 12.721593 seconds
Total number of packets captured: 4894 packets

Question 2.
How many HTTP packets are captured in total?
2 HTTP packets are captured

Question 3.
List 5 different protocols that appear in the Protocol column in the unfiltered packet-
listing window. Briefly describe those protocols.

University of Information Technology

Lab 01: Wireshark Getting Started
4
1. HTTP (HyperText Transfer Protocol)
HTTP is an application-layer protocol used for transmitting web content such
as HTML. It is the foundation of communication on the World Wide Web,
allowing browsers and servers to exchange data.

2. DNS (Domain Name System):

DNS translates human-readable domain names (e.g., www.example.com)
into IP addresses that computers use to identify each other on the internet. It
is essential for web browsing and other internet services.

3. mDNS (Multicast DNS)

mDNS allows devices on a local network to resolve hostnames without the
need for an external DNS server. It is commonly used for device discovery in
home or small office networks.

4. TCP (Transmission Control Protocol):

TCP is a core transport-layer protocol that ensures reliable, ordered, and
error-checked data transmission between computers. It is widely used for
applications like web browsing, email, and file transfers.

5. SSDP (Simple Service Discovery Protocol):

SSDP is used for network device discovery in the Universal Plug and Play
(UPnP) framework, enabling devices like smart TVs or printers to
automatically find and communicate with each other on local networks.

Question 4.
Identify the first HTTP GET packet sent to the target website. What is the purpose of
this packet? Hint: Look at the information in the packet details window or info of the
packet.
The purpose of HTTP GET packet is to retrieve information, particularly a
specific resource, such as a webpage, image, or file.

Question 5.
Identify the response packet of the HTTP GET packet in question 4, what information
determines that?
HTTP 200 OK
The status code and the response body determine that.

University of Information Technology

Lab 01: Wireshark Getting Started
5
- The status code is 200 OK, it indicates that the GET request
succeeded, and the response body will contain the requested data.
- The response body contains the requested data.

Question 6.
For the target website, how long did it take from when the HTTP GET message was sent
until the corresponding HTTP 200 OK reply was received? (By default, the value of the
Time column in the packet-listing window is the amount of time, in seconds, since the
Wireshark tracing began).
Time taken = 7.459545 - 7.159197 = 0.3003480000000005 (s)

Question 7.
The message displayed on the website gaia.cs.umass.edu “Congratulations! You've
downloaded the first Wireshark lab file!” Is this message in the captured HTTP
packets? If so, find and locate it in the captured packets.
Yes, the message is captured in the HTTP packets.
Location: In the packet details of the server’s response packet

Question 8.
Learn about the format of IP addresses and try to guess what the IP address of
gaia.cs.umass.edu is? What is the IP address of the computer you are using?
IP of gaia.cs.umass.edu: 128.119.245.12
IP of the computer I am using: 10.45.147.185

University of Information Technology

Lab 01: Wireshark Getting Started
6

Question 9.
From the above content, please describe the basic process of sending and
receiving packets when accessing a website (for example, the target website).
What is the role of the browser in this process?

The basic process:

● First, the computer sends a GET request to the IP address of the website it
wants to access.
● Then, using various network protocols, the server responds by sending the
requested data (like content and display information) back to the computer’s
IP address.
● Finally, if everything is successful, an HTTP status code such as [HTTP/1.1
200 OK] will indicate that the server has received, understood, and
successfully processed the request. If there’s an issue, an appropriate error
message will be shown instead.

The browser plays a key role in managing the entire process of accessing and
displaying web content.

● Initiating the Request

● Handling the Respons.
● Rendering the Webpage

2. Task 2
Question 10.
What is the result when applying the filter expression “HTTP” (like Task 1)? Are
there similar results when accessing an HTTP website?
There is no HTTP is captured.
It is different from the results when accessing an HTTP website

Question 11.
What is the IP address of the selected website? What is the IP address of your
computer right now?
Website: thisinh.thitotnghiepthpt.edu.vn
Ip: 171.231.96.207
Ip of the computer I am using: 192.168.88.145

University of Information Technology

Lab 01: Wireshark Getting Started
7
Question 12.
Use the packet-display filter to display the packet exchange between your computer
and the website using the syntax:
ip.addr==192.168.88.145 && ip.addr==171.231.96.207
Does this indicate that you can see the returned content of the website? Describe
what is observed?
Yes

Question 13.
Identify at least two packets that you consider important when accessing this
website. Understand and briefly describe these protocols. Explain
Client Hello and Server Hello

- TLS (Transport Layer Security) is a protocol used to encrypt data during

transmission between the user and the server. Major applications of TLS
include connections between the user's browser and web servers, as well as
connections between email servers.
- TLSv1.2 is one of the latest versions and is widely used.

University of Information Technology

Lab 01: Wireshark Getting Started
8
Question 14.
What do you think IP addresses are used for? Are there other ways to see the IP
address of your computer and of another website? Try to demonstrate this. Find as
many ways as possible.
Identifying Devices: IP addresses act like home addresses for devices. They
are used to identify devices on a network so that data can be sent and
received correctly.
Routing Data: When you request a web page, your device's IP address is used
to direct the data (like a webpage) from the server back to your computer.
The server also has an IP address, allowing data to be routed correctly.
Network Interface Identification: Each device on the internet or within a
network has an IP address so it can communicate with other devices.
Routers, computers, phones, and even smart home devices rely on this.
Geolocation and Tracking: IP addresses can reveal the geographical location
of the device (although not always with perfect accuracy). This is used by
websites for delivering localized content or advertisements.
1. Finding Your Computer's IP Address (Local and Public IP)
 Local IP (On Your Network)
o Windows:
1. Open Command Prompt (search for "cmd").
2. Type ipconfig and hit enter.
3. Look for the section labeled IPv4 Address under the active
network connection.
o Mac:
1. Open System Preferences → Network.
2. Click on your connected network (Wi-Fi or Ethernet).
3. Your IP address is listed under the connection details.
 Public IP (Assigned by ISP)
o Search Engines: Simply go to Google and type "What is my IP".
Google will display your public IP address.
o Online Tools: Websites like WhatIsMyIP will also show your
public IP address.
2. Finding the IP Address of a Website
 Using ping or nslookup
o Windows/Mac/Linux: Open the command line (Command
Prompt or Terminal).
 ping: Type ping website.com (e.g., ping google.com), and
the IP address will appear in the results.

University of Information Technology

Lab 01: Wireshark Getting Started
9
 nslookup: Type nslookup website.com, and the result will
show the IP address of the website's server.
 Using Online Tools:
o Websites like DNSchecker or WhatIsMyIPAddress can show the
IP address of a website.

University of Information Technology