Conduct an online search for “network protocol analyzer”. A large number of cand
ID: 3865432 • Letter: C
Question
Conduct an online search for “network protocol analyzer”. A large number of candidates will show up. Test and then select the one which works for you – the minimum requirement is the ability to catch Ethernet data frames with OSI model layers details presented.
1. Complete the following Table 1:
Table 1: Protocol analyzer information
Name of the analyzer
URL for download website
2. Run the protocol analyzer and capture network traffic. Among the data frames captured, select one Ethernet frame that has an embedded TCP frame. This Ethernet data frame will be the focus of the subsequent steps.
Attach a screen shot of the protocol analyzer with at least one captured Ethernet frame expanded to show the IP packet and enclosed TCP header, i.e. the headers at Data link, Network, and Transport layers should be shown explicitly.
Regarding the Ethernet frame, complete the following Table 2:
Table 2: Ethernet Header Information
Source address
Destination address
Type field
Data size (length)
CRC value
Table 1: Protocol analyzer information
Name of the analyzer
URL for download website
Conduct an online search for "network protocol analyzer". A large number of candidates will show up. Test and then select the one which works for you - the minimum requirement is the ability to catch Ethernet data frames with OSI model layers details presented. 1. Complete the following Table 1 Table 1: Protocol analvzer information Name of the analvzer URL for download website 2. Run the protocol analyzer and capture network traffic. Among the data frames captured, select one Ethernet frame that has an embedded TCP frame. This Ethernet data frame will be the focus of the subsequent steps Attach a screen shot of the protocol analyzer with at least one captured Ethernet frame expanded to show the IP packet and enclosed TCP header, i.e. the headers at Data link, Network, and Transport layers should be shown explicitly 3. 4. Regarding the Ethernet frame, complete the following Table12 Table 2: Ethernet Header Information Source address Destination address Type field Data size (length CRC valueExplanation / Answer
The command menus are standard pulldown menus located at the top of the window. Of interest to us now are the File and Capture menus. The File menu allows you to save captured packet data or open a file containing previously captured packet data, and exit the Wireshark application. The Capture menu allows you to begin packet capture. The packet-listing window displays a one-line summary for each packet captured, including the packet number (assigned by Wireshark; this is not a packet number contained in any protocol’s header), the time at which the packet was captured, the packet’s source and destination addresses, the protocol type, and protocol-specific information contained in the packet. The packet listing can be sorted according to any of these categories by clicking on a column name. The protocol type field lists the highest level protocol that sent or received this packet, i.e., the protocol that is the source or ultimate sink for this packet. The packet-header details window provides details about the packet selected (highlighted) in the packet listing window. (To select a packet in the packet listing window, place the cursor over the packet’s one-line summary in the packet listing window and click with the left mouse button.). These details include information about the Ethernet frame and IP datagram that contains this packet. The amount of Ethernet and IP-layer detail displayed canbe expanded or minimized by clicking on the right-pointing or down-pointing arrowhead to the left of the Ethernet frame or IP datagram line in the packet details window. If the packet has been carried over TCP or UDP, TCP or UDP details will also be displayed, which can similarly be expanded or minimized. Finally, details about the highest level protocol that sent or received this packet are also provided. The packet-contents window displays the entire contents of the captured frame, in both ASCII and hexadecimal format. Towards the top of the Wireshark graphical user interface, is the packet display filter field, into which a protocol name or other information can be entered in order to filter the information displayed in the packet-listing window (and hence the packet-header and packet-contents windows). In the example below, we’ll use the packet-display filter field to have Wireshark hide (not display) packets except those that correspond to HTTP messages. 4. Wireshark Lab – Taking Wireshark for a Test Run The best way to learn about any new piece of software is to try it out! Do the following 1. Start up your favorite web browser, which will display your selected homepage. 2. Start up the Wireshark software. You will initially see a window similar to that shown in Figure 2, except that no packet data will be displayed in the packet-listing, packet-header, or packet-contents window, since Wireshark has not yet begun capturing packets. 3. To begin packet capture, select the Capture pull down menu and select Options. This will cause the “Wireshark: Capture Options” window to be displayed
You can use all of the default values in this window. The network interfaces (i.e., the physical connections) that your computer has to the network will be shown in the Interface pull down menu at the top of the Capture Options window. In case your computer has more than one active network interface (e.g., if you have both a wireless and a wired Ethernet connection), you will need to select an interface that is being used to send and receive packets (mostly likely the wired interface). After selecting the network interface (or using the default interface chosen by Wireshark), click Start. Packet capture will now begin - all packets being sent/received from/by your computer are now being captured