1. Engineering
  2. Computer Science
  3. install the wireahark program for the following program please send...

Question: install the wireahark program for the following program please send...

Question details

Install the Wireahark program for the following program. Please send screenshots and other important information.

Case Project 2-2: Install and Use Wireshark Wireshark is a free, open source network protocol analyzer that can help demystify network messages and help make the OSI model a little more tangi- CASE PROJECIS ble. Using Wireshark for the first time can be an epiphany experience for you. You can study the OSI layers, all of the information that is added to every message, and all of the messages that have to go back and forth just to bring up a Web page or even just to connect to the network. It all becomes much more real when you see how many packets Wir eshark collects during even a short capture

Chapter 2 How Computers Find Each Other on Networks Eds Well install Wireshark in this project well dig deeper into Wiresharks capabilities. 1, ТО and take a first look at how it works. In later chapters, begin, go to the Web site at wireshark.org. Download and install the appropriate version for your OS. You may also need to install WinPcap during the Wireshark installation process. WinPcap is a Windows service that does not come standard in Windows, required but is to capture live network data. You can keep the default setting pre- NOTE sented in the Wireshark installer to start WinPcap at boot time, but consider unchecking this option if other, nonadministrative users of the computer shou not have access to live network data. 2. To start our first capture, in the Wireshark Network Analyzer window, look in the Cap- ture pane under the Start group and select your network interface. Then click Start. While the capture is running, challenge your network a bit by opening a couple of Web pages, sending an email with a local email client, or pinging other hosts on the network. Fic Sou 3. You can adjust the pane sizes by grabbing a border between them and dragging 4. Let the capture run for a couple of minutes, and then click Stop on the command Take a look at some of the items you might have captured, and start to decode this blur of Expand the top pane so you can see more of the captured packets at one time. ribbon. numbers and letters. The color highlighting can help you begin to make sense of whats on the screen. Notice in Figure 2-35 that TCP messages are a light gray color, SMB2 packets are a yellowish color, and pnrp packets are a light bluish color. You can see the protocol names in the Protocol column. Protocol Length Inde

pages, sending an email with a local email client, or pinging other hosts on the network. 3. You can adjust the pane sizes by grabbing a border between them and dragging. Expand the top pane so you can see more of the captured packets at one time. 4. Let the capture run for a couple of minutes, and then dlick Stop on the command ribbon. Take a look at some of the items you might have captured, and start to decode this blur of numbers and letters. The color highlighting can help you begin to make sense of whats on the screen. Notice in Figure 2-35 that TCP messages are a light gray color, SMB2 packets are a yellowish color, and pnrp packets are a light bluish color. You can see the protocol names in the Protocol column. Source Destination Protocel Length Infe 38? 115.279062 fe80::b99f:3Sbe:2c3fe80::20c5:6548:7ba SMB2 3ss 113.279349 fe80::20c5:6548:7ba feso: :boof:3sbe:2c3 s B2 174 Notify Request File: i11 west loocuments 359 115.281175 fe80::20c5:6348:7bafeso: tbg9f:3sbe:2c3 SMB2 390 115.253 329 fes0:2b99t:3sbe:2c3fe80::20c5:6548:7ba TCP 391 115.253423 fe80::b99f:3Sbe:2c3fes0::20c5:6548:7ba TCP1514 [TCP segnent of a reassembled Pouj 392 115.283461 fe80::b99f:35be:2c3fe80::20cS:6548:7ba TCP1514 [TCP segment of a reassembled POU 93 235 283493 fe80:b99t :35be:2c3fes0:20c5:6548:7ba SMB2 94 113.287874 Fe80::20cS:6348:7ba fe80::b99f:35be:2c3 TCP 342 create Response File: J177 west Documents5 Net. 280 Find Request File: 거17 westDocuments5 Net« SM62-FTMUu 74 microsoft-ds > 51715 [ACK] seq-1912 Ack-2302 win-258 Len- Fi 358 Find Response; Find Response, Error: STATUS NO MOREFILES 74 31715 > microsoft-ds [ACK] 5eq-2302 Ack-4792 win-258 L 288260 fes0: :20c5:6548:7bafes0::b99f:3sbe:2c3 sMB2 166 close Request File: 3ill west loocuments 2015 Net+ 396 215.288621 fe80::b99f:3Sbe:2c3 fe80::20c5:6548:7ba SMB2 397 115. 299996 fe80: :b99#35be : 2c3te30: : 20c 5 : 6548 : 7ba SMB2 398 115. 293304 fe80::20c5:6548:7bafe80::b99f:3sbe:2c3 TCP 399 115. 351788 feso::b99f:3Sbe:2c3fe50::205:6548:7ba pnrp 400 115.353860 fes0::20c5:6548:7bafe80::b99f:35be:2c3 pnr p 202 close Response 1 51 Not ify Response, Error: STATUS, PENDING 4 51715> microsoft-ds [ACK] seq-2394 Ack-5281 win-256 Len-d 284 PNRP LOOKUP Message 96 PNRP AUTHORITY Message 115.354064 fe80::b99f:3Sbe:2c3 fe80::20c5:6548:7baporp 138 PNRP INQUIRE Message 402 215.358ss? feso: :20c5:6548 :7ba feso::b99f : 3sbe:2c3prrp 1278 PNRP AUTHORITY Message (Malformed packet) 403 215. 359264 fe80::20c5:6548:7bafe80::b99f:3sbe:2c3prrp 1278 PNRP AUTHORITY Message 404 115.359336 fe80::20c5:6548:7bafeso::b99t:3Sbe:2c3pnrp 1278 PNRP AUTHORITY Message Figure 2-35 Different highlight colors correspond to different protocols Source: The Wireshark Foundation 5. To see a list of all colors used for highlighting that are currently assigned and to adjust these assignments, click the Edit coloring rules button. Here, you can change the prior ity for matching protocols to colors (because often more than one protocol is used in a single message), and you can assign colors that are easier to spot. In Figure 2-36, the assigned color for TCP is a bright green.

Case Projects 101 Wireshark Coloring Rules- Profile: Default fda Fihe Wireshark Edit Color Filter- Profile: Default List is proces Filter 2 Wiresharkc Choose Background color for TCP String Display Co 127 Disable HTT htplltc Seturation: 96 alue Greenc 224 Blue: 34 Manege Routing mpet TCP Expert...)UD Color name :#09E022 tcp Cancel Figure 2-36 Choose colors that are easier to spot Source: The Wireshark Foundation 6. To filter for a particular kind of packet, type the name of the protocol in the Filter box Figure 2-37 shows Wireshark filtered for ICMPv6 packets. Try filtering for other pro- tocols discussed earlier in this chapter and see how many different types you can find in your capture. Click Clear between searches to return to the complete capture data VI Expression Clear Apply Save Fitter Protocol Length Info 86 Neighbor solicitation for fe 6 Neighbor Advertisement fe8o: Tine Source 17 4.74651800 fe8o: :b99f:35be:2c3fe80: :20c5:6548:7ba ICMPv6 18 4,74866600 fe80: :20c5:6548:7bafe80::b99f:35be:2c3 ICMPV6 8 31 8.29354000 feBo: :acod:a107:e19ffo2::1:ff3c:b584 ICMPV6 86 32 8.29381900 fe80: :b99f:35be:2c3ffo2::1:ff91:a964 39 8.40252500 feso:: acod:a107:e1gfe80: :bo9f: 35be:2c3 ICHPV6 86 Neighbor Advertisement feso: Neighbor solicitation for fe 86 Neighbor solicitation for fe ICMPV6 Figure 2-37 Use the filter to narrow your search Source: The Wireshark Foundation

Source Destination Protocol Length infe Time 17 4.74651800 fe80::b99f:35be:2c3fe80::20c5:6548:7ba ICMPv6 86 Neighbor solicitation for fe 18 4.74866600 fe80::20c5:6548:7bafe80::b99f:35be:2c3 ICMPV6 86 Neighbor Advertisemenit fe80: 31 8.29354000 fe80::acod:a107:e19ffo2::1:ff3c:b584 ICMPV6 86 Neighbor solicitation for fe 32 8.29381900 fe80::b99f:35be:2c3ff02::1:ff91:a964 ICMPV6 86 Neighbor solicitation for fe 39 8.40252500 fe80::acod:a107:e19fe80: :b99f:35be:2c3 ICMPV6 86 Neighbor Advertisement fe80: lo. Figure 2-37 Use the filter to narrow your search Source: The Wireshark Foundation 7. To compare OSI layers represented by each of these protocols, do a slightly more com- plicated filter where you can see both HTTP packets and ICMPv6 packets in the same search. Enter the following fields into the Filter box: http or icmpv6. 8. Look at an ICMPv6 packet and count how many sections of information are available in the middle pane. In Figure 2-38, there are four sections of information, which corre- spond to Layer 2 (Frame and Ethernet II) and Layer 3 (Internet Protocol Version 6 and Internet Control Message Protocol v6). 9. Examine an HTTP packet (in Figure 2-39, the labeled protocol is SSDP). In Figure 2-39, there are now five sections of information. This time, Layer 7 (Hypertext Transfer Protocol) and Layer 4 (User Datagram Protocol) are represented, in addition to Layer 3 (Internet Protocol Version 4) and Layer 2 (Ethernet II and Frame).

102 Chapter 2 How Computers Find Each Other on Networks Fiter No. Time Expression.. Clear Apply Save Source 13 4, 68249500 feso: ib99f:33be:2c3fe80: : 14 4. 68284 300 fe80: sboof :3sbe:2c3fe80::20c5:6548:7ba ICHPV6 86 Neighbor solicitatfon for fe 15 4.68347000 fe80: 120c 5:634837ba fe80:tb99f :35be:2c3 ICMPVG 86 Neighbor Advertisement fe acod: 107:019TCMPV6 86 Neighbor soltcftatton for feßo:sacod: a107:0191:a964 from 9c:4e: 36:52:64 bc 80::20c5:6548:7bad:b92c from 9c:46:36:52:6d:be Bo::20c5:6548:7ba0:b9zc (so1, ovr) ts at c8:ft:3t9:ui 102 S2.8715580 192.168.1.1 103 52.8746290 192.168.1.1 239.255.255.250 239.255.235.250 550P 55DP 375 NOTIFY-HTTP/1.1 320 NOTIFY*HTTP/1.1 s Frane 16: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface to s Ethernet 11, src: Inte1cor 2b:fo:3e (c:a9:82:2b:fo:3e), ost: Intelcor 52:6d:be (9c:4e: 36:52:6d:be) a internet protocol version 6, src: fes0::acod:a107:e191: 8964 (reB0::acod: a107 :e191 :a964), ost: feso::b99f:35 be:2c3c:b584 (feso: :b99f:3sbe:2c3c:b584) wInternet control message Protocol v6 Figure 2-38 Use the middle pane to dig into each layers headers Source: The Wireshark Foundation Expression... . Clear Apply Save Protocol Length Infe Filter No. Time 13 4.68249500 fe80::ba9f:35be:2c3fe80::acod: 14 4.68284300 fe80: :b99f:35be:2c3fe80::20c5:6548:7ba 15 4.66547000 fe80: :20c 16 4.74218800 fe80::acod:a107:e19fe80::b99f:35be:2c3ICMPV6 Source :a107 :e19ICMPV6 86 Neighbor solicitation for fe80: :acod:a107:e191:8964 from 9c:4e:36:52:edibe 7ba ICMPV6 86 Neighbor solicitation for fes0: :20c5:6548:7bao:b92c from 9c:4e:36:52:6d:bc Advertisement 86 Neighbor Advertisement fe80: :acod: a 5:6548:7ba fe8o::b99f:35be:2c c31CHPV6 86 Neighbor fe80 :: 20c5 : 6548:7ba0:b92c (so, ovr) イs at Cf7:33:73:57:01 239.255. 255.250 730.755.255.50 320 NOTIFY HTTP/1.1 111 NOTTEY *HTTP/1.1 103 52.8746290 192.168.1.1 SSDP s Frane 102: 375 bytes on wire (3000 bits). 375 bytes captured (3000 bits) on interface o s Ethernet 11, src: cisco-Ltse:08:78 (00:23:69:5e:08:78), ost: IPV4mcast /f:ff:fa (01:00:5e:7f:ff:fa) e Internet Protocol version 4. src: 192.168.1.1 (192.168.1.1), ost: 239.255. 255.250 (239.255. 255. 250) e user Datagran Protocol, sre port: ssdp (1900), Dst Port: ssdp (1900) Figure 2-39 This HTTP message is using UDP Source: The Wireshark Foundation l You can filter a capture to follow a

102: 375 bytes on wire (3000 bits), 375 bytes captured (3000 bits) on interface et 1, sre: ciscout se:08:78 (00:23:69:5e:08:78). ost: IPvIncast /f:ffifa (01:00:a het protocol version 4, src: 132.168.1.1 (192.168.1.1), 0t : 239. 255. 255. 250 сля 255.255,250) atagr an protocol. sre Port: ssdp (1900), bst port: ssdp (1 900) e2-39 This HTTP message is using UDF The Wireshark Foundation 10. Recall that TCP is a connection-oriented protocol. You can filter a capture to follow a TCP stream so you can see how these messages go back and forth for a single session. Find a TCP packet, right-click it, and select Follow TCP Stream. Next, close the Follow TCP Stream window and note that Wireshark has filtered the capture for this streams packets. 11. Select a TCP message from this filtered data, and explore the middle pane. Click to open each section in that pane. In Figure 2-40, Frame 229 is opened, and the list for the Flags bits is expanded. Notice that the Acknowledgment bit is set, which corre- sponds to the (ACK) flag on the packet Info in the top pane. Youll learn about these flags in the next chapter.

Case Projects 103 Tie Source Destinatien Tercel Length nfo No. Time 229 90, 1321460 fe8o::20c5:6348:7ba fe80::b99f :35be: 2e3 Tcp 901256129 fes0::b99f :3Sbe:2c3 feso: 120c3:6348:7ba sa . 256263 fe80:b99f:3sbe:2c3 feso: 120c5:6348:7ba sn2 335 114 180 Notify Response cor 79187106 (8:f7:33379:87:d6), ost: Intelcor 5216dtbc (9c:4e:36:526d:bc) protocol version , s: Fe80::20c5:6548:7bao:b92c 8ss8: 7bao:boze (eo:205:6548:7ba0:boze), Dst: feso: boof : 3sbe:2c3c:bs4 (Fe0: sboot a:2c35) ernet rareisston contral protocol, src Port: 5171S (51715), ost port: m 2 microsoft-ds (445), sea: 2, Ack: 1, Len: o source port: s171s (S2745 pestinat fon por-ds (443) [strean fndex: o) sequence number : 2 elative sequence number) acknowTedgnent number : 1 Crelative ack nunber) Header Tength: 32 bytes - Reserved: Not set Nonce : Not set .0 - 0...- Push: Not set o. -sym: Not set 0-Fin: Not set window size value: 258 [calculated window size: 258] window stze scaling factor: -1 Cunknown) 1 #checksun: 0x3744 [validation disabled] a options: (12 bytes), No-operation (NOP), No-operation (NOP), SACK ISEQ/ACk analysis Figure 2-40 Other TCP segments might have other bits set Source: The Wireshark Foundation 12. Click Close this capture file without saving the file. This returns you to the Wireshark tures to go to the Wireshark wiki site where you can find home page, where you can open saved capture files, or you can look through sampl captures. Click Sample Capt samples of many different types of captures. Browse through some of these to become familiar with what to look for when examining different types of messages.

Solution by an expert tutor
Blurred Solution
This question has been solved
Subscribe to see this solution