Sec220 Lab 1 Lab 1: Network Sniffing



Download 0.57 Mb.
Page1/2
Date25.11.2022
Size0.57 Mb.
#88026
  1   2
SEC220 Lab1 Network Sniffing Updated 17Jan2022

SEC220 Lab 1




Lab 1: Network Sniffing


Overview:
The goal of this lab is to show you how easy it is to look at traffic on a network.
We will be using Wireshark to sniff the network.
The basic tool for observing the messages exchanged between executing protocol entities is called a packet sniffer. As the name suggests, a packet sniffer captures (“sniffs”) messages being sent/received from/by your computer; it will also typically store and/or display the contents of the various protocol fields in these captured messages. A packet sniffer itself is passive. It just observes messages exchanged over the network


Objective:

  1. Demonstrate how to sniff a traffic

  2. Demonstrate three-way handshake

The sections highlighted in:



  • green do not require IFS Lab or VM Workstation Pro & Windows 10

  • yellow require VM Workstation Pro & Windows 10

  • red require the IFS Lab

  • Blue the screenshots you need to include in your lab report



Resources
For this lab you’ll be using the following:

  1. Your Kali 2021 VM

  2. The application Wireshark.



The Lab Activities
Part 1: Capturing network traffic

  • In your Kali machine open the Wireshark application.

    • When you run the Wireshark program, you’ll get a startup screen that looks something like the screen below. Different versions of Wireshark will have different startup screens – so don’t panic if yours doesn’t look exactly like the screen below!





  • Under the Capture section, there is a list of so-called interfaces. You need to choose your interface to start packet capturing.

  • When you start capturing, a screen like the one below will be displayed, showing information about the packets being captured. Once you start packet capture, you can stop it by selecting Stop capturing packets.






Steps

  1. Start up your favorite web browser, which will display your selected homepage.

  2. Start up the Wireshark software.

  3. To begin packet capture, under the Capture section, choose your virtual machine interface to start packet capturing.

  4. Click on “start capturing packet” button (blue button) to start capturing.

    1. Packet capture will now begin - Wireshark is now capturing all packets being sent/received from/by your computer!

Note: Don’t stop packet capture yet. Let’s capture some interesting packets first. To do so, we’ll need to generate some network traffic. Let’s do so using a web browser, which will use the HTTP protocol that we will study in detail.



  1. While Wireshark is running, enter the below URL and have that page displayed in your browser:

http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html
To display this page, your browser will contact the HTTP server at gaia.cs.umass.edu and exchange HTTP messages with the server to download this page.
The Ethernet frames containing these HTTP messages (as well as all other frames passing through your Ethernet adapter) will be captured by Wireshark.



  1. After your browser has displayed a simple one line of “Congratulations!”, stop Wireshark packet capture by selecting stop in the Wireshark capture window.

  2. Type in “http” (without the quotes, and in lower case – all protocol names are in lower case in Wireshark) into the display filter specification window at the top of the main Wireshark window. This will cause only HTTP message to be displayed in the packet-listing window.

  3. Find the HTTP GET message that was sent from your computer to the gaia.cs.umass.edu HTTP server.

  4. When you select the HTTP GET message, the Ethernet frame, IP datagram, TCP segment, and HTTP message header information will be displayed in the packet-header window.

  5. Maximize the details section to see detailed information displayed about the HTTP protocol.

  6. Take screenshot showing source and destination IP addresses and port addresses. for the HTTP GET message while maximum information for HTTP protocol is displayed. Highlight the IP addresses in the screenshot (using Snipping tool or any other app).

  7. Insert your image into the report template and add description of what is happening.


Download 0.57 Mb.

Share with your friends:
  1   2




The database is protected by copyright ©sckool.org 2023
send message

    Main page