Can someone help answer this question in 1-2 pages thank you I will rate. How ca
ID: 3695124 • Letter: C
Question
Can someone help answer this question in 1-2 pages thank you I will rate. How can Wireshark help system administrators?
• Describe the various network protocols discussed in this laboratory, what role they play in making the Internet work or in our daily lives, and how they relate to each other?
• Answer the questions and describe what you learned from the live capture portion from lab?
dont answer this questions this is from lab.
a)What type of DNS query is this (full title)?
b)What byte offset in this packet marks the beginning of the IP protocol?
c) What are the similarities of the DNS protocols of these two packets?
d) What is the answer to the query?
e)What do you notice about the way the IPv6 destination address is written in the Packet Details Pane and the packet bytes window?
f)What is the source and destination address of the original request? What type of traffic was the originalrequest?
g)To how many different servers and to what addresses did the client in question 6(a) attempt the same request?
h)What type of Operating System is each of these computers (Windows or Linux)? How do you know?
Explanation / Answer
What is Wireshark:
Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.
You could think of a network packet analyzer as a measuring device used to examine what’s going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s going on inside an electric cable (but at a higher level, of course).
In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed.
Wireshark is perhaps one of the best open source packet analyzers available today.
Its extremely helpful for viewing realtime packets to determine web application issues, authentication failures, auditing, etc.
Wireshark cameo's in the movie Firewall with Harison Ford. Then Harrison Ford tries to look like one bad dude with a basic access-list blocking an entire class B non-routeable subnet. Terrible depiction of security... but it is what it is. Wireshark probably got paid for that scene pretty good or vice-versa.
Theres a lot of youtube vids on how to use and different uses for Wireshark.
Anyway, its not just system admins, its going to be more security analysts and web developers that will analyze network traffic to verify the correct messages intended to be sent are being sent.It shows them where the packets are coming from, where they're going, and what they're being used for.
For instance, if you see that one user is generating way more packets than is average for your network, you can cut his bandwidth so that he's not hogging resources and slowing everyone else down.
Here are some examples people use Wireshark for:
Beside these examples Wireshark can be helpful in many other situations too.
The following are some of the many features Wireshark provides:
When two humans converse, they may have to use the same language but they generally understand each other without having to adhere to rigid rules of grammar or formal language frameworks. Computers, on the other hand, have to have everything explicitly defined and structured. If computers wish to communicate with one another, they have to know in advance exactly how information is to be exchanged and precisely what the format will be. Therefore, standard methods of transmitting and processing various kinds of information are used and these methods are called "protocols". Protocols are established by international agreement and ensure that computers everywhere can talk to one another. There are a variety of protocols for different kinds of information and functions. This article will discuss some of the common protocols that the average PC user is likely to encounter.
TCP (Transmission Control Protocol) and IP (Internet Protocol) are two different procedures that are often linked together. The linking of several protocols is common since the functions of different protocols can be complementary so that together they carry out some complete task. The combination of several protocols to carry out a particular task is often called a "stack" because it has layers of operations. In fact, the term "TCP/IP" is normally used to refer to a whole suite of protocols, each with different functions. This suite of protocols is what carries out the basic operations of the Web. TCP/IP is also used on many local area networks. The details of how the Web works are beyond the scope of this article but I will briefly describe some of the basics of this very important group of protocols. More details can be found in the references in the last section.
Internet Protocol (IP) is the method used to route information to the proper address. Every computer on the Internet has to have its own unique address known as the IP address. Every packet sent will contain an IP address showing where it is supposed to go. A packet may go through a number of computer routers before arriving at its final destination and IP controls the process of getting everything to the designated computer. Note that IP does not make physical connections between computers but relies on TCP for this function. IP is also used in conjunction with other protocols that create connections.
UDP and ICMP
Another member of the TCP/IP suite is User Datagram Protocol (UDP). (A datagram is almost the same as a packet except that sometimes a packet will contain more than one datagram.) This protocol is used together with IP when small amounts of information are involved. It is simpler than TCP and lacks the flow-control and error-recovery functions of TCP. Thus, it uses fewer system resources.
A different type of protocol is Internet Control Message Protocol (ICMP) . It defines a small number of messages used for diagnostic and management purposes. It is also used by Ping and Traceroute.
Mail Protocols POP3 and SMTP
Email requires its own set of protocols and there are a variety, both for sending and for receiving mail. The most common protocol for sending mail is Simple Mail Transfer Protocol (SMTP). When configuring email clients, an Internet address for an SMTP server must be entered. The most common protocol used by PCs for receiving mail is Post Office Protocol(POP). It is now in version 3 so it is called POP3. Email clients require an address for a POP3 server before they can read mail. The SMTP and POP3 servers may or may not be the same address. Both SMTP and POP3 use TCP for managing the transmission and delivery of mail across the Internet.
A more powerful protocol for reading mail is Interactive Mail Access Protocol (IMAP). This protocol allows for the reading of individual mailboxes at a single account and is more common in business environments. IMAP also uses TCP to manage the actual transmission of mail.
Hypertext Transfer Protocol
Web pages are constructed according to a standard method called Hypertext Markup Language (HTML). An HTML page is transmitted over the Web in a standard way and format known as Hypertext Transfer Protocol (HTTP). This protocol uses TCP/IP to manage the Web transmission.
A related protocol is "Hypertext Transfer Protocol over Secure Socket Layer" (HTTPS), first introduced by Netscape. It provides for the transmission in encrypted form to provide security for sensitive data. A Web page using this protocol will have https: at the front of its URL.
File Transfer Protocol
File Transfer Protocol (FTP) lives up to its name and provides a method for copying files over a network from one computer to another. More generally, it provides for some simple file management on the contents of a remote computer. It is an old protocol and is used less than it was before the World Wide Web came along. Today, Its primary use is uploading files to a Web site. It can also be used for downloading from the Web but, more often than not, downloading is done via HTTP. Sites that have a lot of downloading (software sites, for example) will often have an FTP server to handle the traffic. If FTP is involved, the URL will have ftp: at the front.
So your computer is connected to the Internet and has a unique address. How does it 'talk' to other computers connected to the Internet? An example should serve here: Let's say your IP address is 1.2.3.4 and you want to send a message to the computer 5.6.7.8. The message you want to send is "Hello computer 5.6.7.8!". Obviously, the message must be transmitted over whatever kind of wire connects your computer to the Internet. Let's say you've dialed into your ISP from home and the message must be transmitted over the phone line. Therefore the message must be translated from alphabetic text into electronic signals, transmitted over the Internet, then translated back into alphabetic text. How is this accomplished? Through the use of aprotocol stack. Every computer needs one to communicate on the Internet and it is usually built into the computer's operating system (i.e. Windows, Unix, etc.). The protocol stack used on the Internet is referred to as the TCP/IP protocol stack because of the two major communication protocols used.