41 42 43 44

EXPERIMENT NO: 5
NAME OF THE EXPERIMENT: Installation of Wireshark Program:
Wireshark is a network packet analyzer. A network packet analyzer will try to capture network
packets and tries to display that packet data as detailed as possible.
You could think of a network packet analyzer as a measuring device used to examine what's
going on inside a network cable, just like a voltmeter is used by an electrician to examine what's
going on inside an electric cable (but at a higher level, of course). Using the statistics for conversations menu
In this recipe, we will learn how to get conversation information of the data that runs over the network.
Start Wireshark, click on Statistics.
In the past, such tools were either very expensive, proprietary, or both. However, with the advent How to do it…
of From the Statistics menu, choose Conversations:
Wireshark, all that has changed.Wireshark is perhaps one of the best open source packet
analyzers available today.

Here are some examples people uses Wireshark for:

• Network administrators use it to troubleshoot network problems

• Network security engineers use it to examine security problems Next Choose if Start Menu or Desktop Icon is preferred
• Developers use it to debug protocol implementations
Click on I Agree button.
• People use it to learn network protocol internals

Features:
The following are some of the many features Wireshark provides:
• Available for UNIX and Windows.
• Capture live packet data from a network interface.
• Display packets with very detailed protocol information.
• Open and Save packet data captured.
• Import and Export packet data from and to a lot of other capture programs.
• Filter packets on many criteria.
• Search for packets on many criteria.
• Colorize packet display based on filters.
• Create various statistics. Installation of Wireshark:
Step 1 – Download Wireshark from http://www.wireshark.org/download.html
You can choose between layer 2 Ethernet statistics, layer 3 IP statistics, or layer 4 TCP or UDP statistics.

Step 2 – Click on install and then click on Next.

Next Disk space needed is 112 mb Next By default it installs into the directory c:\ Program Files\ Wireshark

Anurag University Operating Systems & Computer networks Anurag University Operating Systems & Computer networks Anurag University Operating Systems & Computer networks Anurag University Operating Systems & Computer networks

45 50 51 52

Click on Install button.

Install WinPcap – as Wireshark won’t work otherwise. Click Install. Step 2 – Install WinPcap. Wireshark won’t work unless WinPcap is installed. Watch out for a That’s it! Wireshark will now completely install for you.
second install to be launched. If you’re not looking for it, you could miss it. click Next
EXPERIMENT NO: 6

NAME OF THE EXPERIMENT: Simulate Packet Capture Using Wire shark

Steps to capture traffic:

Wait for the files to extract…. Click on I Agree button. Click on Finish.

Anurag University Operating Systems & Computer networks Anurag University Operating Systems & Computer networks Anurag University Operating Systems & Computer networks Anurag University Operating Systems & Computer networks
 53 54 55 56

1. Open Wireshark network analyzer.

1. Open Wireshark network analyzer.

2. Start Capturing the packets.

2.Select interface: Goto capture option in menu bar and select interface

2. Select interface: Goto capture option in menu bar and select interface

EXPERIMENT NO: 8.

NAME OF THE EXPERIMENT: Simulate Statistics &Filters using Wireshark.

EXPERIMENT NO: 7.
Start Wireshark, click on Statistics.
NAME OF THE EXPERIMENT: Implement viewing captured traffic by using Wireshark.
How to do it…
Program:
A packet sniffer, sometimes referred to as a network monitor or network analyzer, can be used by a network or system 1. From the Statistics menu, choose Capture File Properties:
administrator to monitor and troubleshoot network traffic. Using the information captured by the packet sniffer an administrator can
identify erroneous packets and use the data to pinpoint bottlenecks and help maintain efficient network data transmission.

In its simple form a packet sniffer simply captures all of the packets of data that pass through a given network interface. By
placing a packet sniffer on a network in promiscuous mode, a malicious intruder can capture and analyze all of the network traffic.

Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that
packet data as detailed as possible. Download and install Wireshark network analyzer.

Steps to capture traffic:

3. Start Capturing the packets

Anurag University Operating Systems & Computer networks Anurag University Operating Systems & Computer networks Anurag University Operating Systems & Computer networks Anurag University Operating Systems & Computer networks

57 58 59 60

What you will get is the Capture File Properties window (displayed in the following  Percent Bytes: The percentage of protocol bytes from the total captured packets
screenshot).
 Bytes: The number of protocol bytes from the total captured packets

1. As you can see in the following screenshot, we have the following: How it works…  Bit/s: The bandwidth of this protocol, in relation to the capture time
 End Packets: The absolute number of packets of this protocol (for the highest
 File: Provides file data, such as filename and path, length, and so on This menu simply gives a summary of the filtered data properties and the capture statistics
protocol in the decode file)
 Time: Start time, end time, and duration of capture (average packets or bytes per second) when someone wants to learn the capture statistics.
 Capture: Hardware information for the PC that Wireshark is installed on  End Bytes: The absolute number of bytes of this protocol (for the highest protocol
Using the statistics for protocol hierarchy menu in the decode file)
 Interfaces: Interface information—the interface registry identifier on the left, if capture
In this recipe, we will learn how to get protocol hierarchy information of the data that runs
filter is turned on, interface type and packet size limit  End Bit/s: The bandwidth of this protocol, relative to the capture packets and time
over the network.
 Statistics: General capture statistics, including captured and displayed packets: (for the highest protocol in the decode file)
The end columns counts when the protocol is the last protocol in the packet (that is, when the
Start Wireshark, click on Statistics. protocol comes at the end of the frame). These can be TCP packets with no payload (for
example, SYN packets) which carry upper layer protocols. That is why you see a zero count
for Ethernet, IPv4, and UDP end packets; there are no frames where those protocols are the
How to do it…
last protocol in the frame.
1. From the Statistics menu, choose Protocol Hierarchy:
In this file example, we can see two interesting issues:

 We can see 1,842 packets of DHCPv6. If IPv6 and DHCPv6 are not required,
disable it.
 We see more than 200,000 checkpoint high availability (CPHA) packets, 74.7%
What you will get is the Protocol Hierarchy window:
of which are sent over the network we monitored. These are synchronization
packets that are sent between two firewalls working in a cluster, updating session
 Protocol: The protocol name tables between the firewalls. Such an amount of packets can severely influence
Percent Packets: The percentage of protocol packets from the total captured packets performance. The solution for this problem is to configure a dedicated link between

the firewalls so that session tables will not influence the network.
 Packets: The number of protocol packets from the total captured packets

How it works…

Simply, it calculates statistics over the captured data. Some important things to notice:

What you will get is data about the protocol distribution in the captured file. You will get the protocol  The percentage always refers to the same layer protocols. For example, in the
distribution of the captured data. following screenshot, we see that logical link control has 0.5% of the packets that
run over Ethernet, IPv6 has 1.0%, IPv4 has 88.8% of the packets, ARP has 9.6% of
1. The partial screenshot displayed here depicts the statistics of packets captured on a per- the packets and even the old Cisco ISK has 0.1 %—a total of 100 % of the
protocol basis: protocols over layer 2 Ethernet.
 On the other hand, we see that TCP has 75.70% of the data, and inside TCP, only
12.74% of the packets are HTTP, and that is almost it. This is because Wireshark
counts only the packets with the HTTP headers. It doesn’t count, for example, the
ACK packets, data packets, and so on:

Anurag University Operating Systems & Computer networks Anurag University Operating Systems & Computer networks Anurag University Operating Systems & Computer networks Anurag University Operating Systems & Computer networks
 6
11

Anurag University Operating Systems & Computer networks