Lab#01: Introduction to Tools such as Packet Tracer and Wireshark

Today’s Lab Aims: To familiarize students with basic network simulation using Packet Tracer and
packet analysis using Wireshark. This lab will demonstrate how to configure and monitor network
traffic.

Objectives:

● Understand the basic interface and functionality of Packet Tracer.

● Simulate a simple network setup and verify connectivity.
● Capture and analyze network traffic using Wireshark.
● Identify key network protocols and their packets.

Outcomes: By the end of this lab, students will be able to simulate a network and analyze traffic using
real-time data capture. They will gain hands-on experience in network troubleshooting and analysis
tools.

Wireshark (Ethereal) Tutorial & Remote Packet Capturing Background

Wireshark is a software protocol analyzer, or "packet sniffer" application, used for network
troubleshooting, analysis, software and protocol development, and education.

Before June 2006, Wireshark was known as Ethereal. A packet sniffer (also known as a network
analyzer or protocol analyzer) is computer software that can Intercept and log data traffic passing
over a data network. As data streams travel back and forth over the network, the sniffer
"captures" each protocol data unit (PDU) and can decode and analyze its content according to the
appropriate RFC or other specifications.

Wireshark is programmed to recognize the structure of different network protocols. This enables
it to display the encapsulation and individual fields of a PDU and interpret their meaning. It is a
useful tool for anyone working with networks and can be used with most labs in the CCNA
courses for data analysis and troubleshooting.

For information and to download the program go to - http://www.Wireshark.org, it’s also priced
right: it's free! Our administrator has already installed Wireshark. Meanwhile, if you have a
personal PC and Internet access, you can install Wireshark onto your PC. You can find the free
software at

Http://www.wireshark.org Once Wireshark is up, please follow instructions in the file Wireshark
Tutorial. You need to answer the questions when you are finished with reading this tutorial and
Upload the Answers on the course website.

Running Wireshark

1
When you run the Wireshark program, the Wireshark graphical user interface shown
in Figure 2 will de displayed. Initially, no data will be displayed in the various
windows.

Figure 1.1 Wireshark Graphical User Interface

The Wireshark interface has five major components: The command menus are standard pull
down menus located at the top of the window. Of interest to us now are the File and Capture
menus. The File menu allows you to save captured packet data or open a file containing
previously captured packet data, and exit the Wireshark application. The Capture menu allows
you to begin packet capture.

2
The packet-listing window displays a one-line summary for each packet captured, including the
packet number (assigned by Wireshark; this is not a packet number contained in any protocol’s
header), the time at which the packet was captured, the packet’s source and destination addresses,
the protocol type, and protocol specific information contained in the packet. The packet listing
can be sorted according to any of these categories by clicking on a column name. The protocol
type field lists the highest level protocol that sent or received this packet, i.e., the Protocol that is
the source or ultimate sink for this packet.

The packet-header details window provides details about the packet selected (highlighted) in the
packet listing window. (To select a packet in the packet listing window, place the cursor over the
packet’s one-line summary in the packet listing window and click with the left mouse button.).
These details include information about the Ethernet frame (assuming the packet was
sent/received over an Ethernet interface) and IP datagram that contains this packet. The amount
of Ethernet and IP-layer detail displayed can be expanded or minimized by clicking on the plus-
or-minus boxes to the left of the Ethernet frame or IP datagram line in the packet details window.
If the packet has been carried over TCP or UDP, TCP or UDP details will also be displayed,
which can similarly be expanded or minimized.

Finally, details about the highest level protocol that sent or received this packet are also provided.
The packet-contents window displays the entire contents of the captured frame, in both ASCII
and hexadecimal format. Towards the top of the Wireshark graphical user interface, is the packet
display filter field, into which a protocol name or other information can be entered in order to
filter the information displayed in the packet-listing window (and hence the packet-header and
packet- contents windows). In the example below, we’ll use the packet-display filter field to have
Wireshark hide (not display) packets except those that correspond to HTTP messages.

Taking Wireshark for a Test Run The best way to learn about any new piece of software is to try
it out! We’ll assume that your computer is connected to the Internet via a wired Ethernet
interface. Do the following:

1. Start up your favorite web browser, which will display your selected homepage. Start up
the Wireshark software. You will initially see a window similar to that shown in Figure 2,
except that no packet data will be displayed in the packet listing, packet-header, or packet-
contents window, since Wireshark has not yet begun capturing packets.

2. To begin packet capture, select the Capture pull down menu and select Options. This will
cause the “Wireshark: Capture Options” window to be displayed, as shown in Figure 3.

3
 Figure 1.2 Wireshark capture window options

3. You can use most of the default values in this window, but uncheck “Hide capture info
dialog” under Display Options. The networks interfaces (i.e., the physical connections) that
your computer has to the network will be shown in the Interface pull down menu at the top
of the Capture Options window. In case your computer has more than one active network
interface (e.g., if you have both a wireless and a wired Ethernet connection), you will need
to select an interface that is being used to send and receive packets (mostly likely the wired
interface). After selecting the network interface (or using the default interface chosen by
Wireshark), click Start. Packet capture will now begin - all packets being sent/received
from/by your computer are now being captured by Wireshark!

4. Once you begin packet capture, a packet capture summary window will appear, as shown in
Figure 4. This window summarizes the number of packets of various types that are being
captured, and (importantly!) contains the Stop button that will allow you to stop packet
capture. Don’t stop packet capture yet.

4
 Figure 1.3 Wireshark packet capture window

5. While WireShark is running, enter the URL: www.yahoo.com or some other website URL
and have that page displayed in your browser. In order to display this page, your browser
will contact the HTTP server at www.yahoo.com and exchange HTTP messages with the
server in order to download this page. The Ethernet frames containing these HTTP
messages will be captured by WireShark.

6. After your browser has displayed the page, stop WireShark packet capture by selecting stop
in the WireShark capture window. This will cause the WireShark capture window to
disappear and the main WireShark window to display all packets captured since you began
packet capture. The main WireShark window should now look similar to Figure 2. You
now have live packet data that contains all protocol messages exchanged between your
computer and other network entities! The HTTP message exchanges with the
www.yahoo.com web server should appear somewhere in the listing of packets captured.
But there will be many other types of packets displayed as well (see, e.g., the many
different protocol types shown in the Protocol column in Figure 2). Even though the only
action you took was to download a web page, there were evidently many other protocols
running on your computer that are unseen by the user. We’ll learn much more about these
protocols as we progress through the text! For now, you should just be aware that there is
often much more going on than “meets the eye”!

7. Type in “http” (without the quotes, and in lower case – all protocol names are in lower case
in WireShark) into the display filter specification window at the top of the main WireShark

5
 window. Then select Apply (to the right of where you entered “http”). This will cause only
HTTP message to be displayed in the packet-listing window.

8. Select the first http message shown in the packet-listing window. This should be the HTTP
GET message that was sent from your computer to the www.yahoo.com HTTP server.
When you select the HTTP GET message, the Ethernet frame, IP datagram, TCP segment,
and HTTP message header information will be displayed in the packet-header window3. By
clicking plus-and-minus boxes to the left side of the packet details window, minimize the
amount of Frame, Ethernet, Internet Protocol, and Transmission Control Protocol
information displayed. Maximize the amount information displayed about the HTTP
protocol. Your Wireshark display should now look roughly as shown in Figure 5. (Note, in
particular, the minimized amount of protocol information for all protocols except HTTP,
and the maximized amount of protocol information for HTTP in the packetheader window).

9. Exit Wireshark

Figure 1.4 Wireshark display after step 9

Computer network is a group of two or more computers those are agree to share information,
resources and data between them under certain networking terms. Internetworking is a way to
connect two or more computer networks. In this tutorial I will explain what computer network is,
why we need to break a large computer network in smaller networks and how networking devices
are used to create an internetwork.

6
Introduction to Packet Tracer and Basic configuration of Switch

Overview:
Packet Tracer provides a Virtual Network Environment that models the behavior of networks,
including its routers, switches, protocols, servers etc. This helps us to work on router and
switches environment without purchasing them and allow us o learn their configurations.

In this lab you‟ll learn how to connect two PC‟s together via simple cross-over cable, connecting
PC to a switch and also configure it for basic functions. You‟ll also learn few basic commands to
configure a switch.

Lab Instructions:
Connecting two PCs via crossover cable.

Step 1:

Launch packet tracer.

Figure 1.5 Cisco Packet Tracer

7
Step 2:
Select end devices in the left bottom corner (Ctrl+Alt+E) and select PC (Generic) your cursor will
suddenly change in plus sign

Figure 1.6 Cisco Packet Tracer step 2

Step 3:
Now place the PC on the workspace above devices. Do it for another PC.

Step 4:
Now Select flash sign from left bottom side select the cross-over cable and connect two PCs.

8
Step 5:
Double click on PCs one by one and select the Desktop tab from new appeared window. Then
select ip configuration and give an ip address to each PC of same ip range and subnet mask too.

Figure 1.7 Cisco Packet Tracer step 5

Step 6:
After assigning ip addresses to both pc select Command prompt of any pc and ping the other ip
address. You will receive ping replies on successful connection and ip address assignment.

9
Configuring Switch
Step 1:
Select switches from left bottom tabs, pick first switch 2950-24, and paste it on workspace above
it.
Step 2:
Now double click on switch to go into command line interface of the switch. Select CLI from new
appeared window.

Figure 1.8 Cisco Packet Tracer Switch Configration

Step 3:
Press, “Enter” to get into user mode.
Step 4:
Enter command “enable” or “en” to enter in EXEC mode.
Switch>enable
Step 5: In privileged EXEC mode, type ? Note the list of available commands.
After getting into EXEC mode „>‟ sign will change into „#‟. There are now more available
commands compared to user EXEC mode. In addition to the basic monitoring commands,
configuration and management commands can now be accessed.

10
Step 6: Change to global configuration mode.
Switch#configure terminal
Switch(config)#

Step 7: In global configuration mode, type ?. Note the list of

available commands. Step 8: Configure S1 as the hostname.

Switch(config)#hostname S1
S1(config)#

Step 9: Configuring password on Enable mode

S1(config)#
enable
secret cisco
S1(config)#

Step 10: Configure console password

S1(config)#l
ine console
0 S1(config-
line)#passw
ord cisco
S1(config-
line)#login

Step 11: Setting vty

passwords S1(config-
line)#line vty 0 4
S1(config-line)#
password cisco
S1(config-
line)#logging
synchronous

Step 12: Exiting from vty line.

S1(config-line)#exit

Step 13: Setting up ip address to telnet

S1(config)# interface vlan 1
S1(config-if)#ip address 192.168.1.100 255.255.255.0 S1(config-if)#no shutdown
%LINK-5-CHANGED: Interface Vlan1, changed state to up

Step 14: Directly exit to EXEC mode

Switch(config-if)#end
10
Step 15: Saving configurations
Switch#write (copy running-config
startup-config) Building configuration...
[OK]

10