ITECH1003/ITECH5003 Networking Assignment Wireshark Capture Filter assignment This assignment requires students to: · Become familiar with Wireshark capture filters. · Document the qualifiers used in capture filters. · Construct and use capture filters to capture specific network traffic. · Include screen shots of captured network traffic and present them with associated discussion. Part 1 Wireshark and traffic capture basics Describe what the term promiscuous mode means in relation to capturing network traffic with Wireshark and similar network traffic analysers. [ 1 mark ] The Capture > Options dialog allows the Name Resolution of Network Layer names. Describe what this means and describe how it could be used for capturing network traffic. [ 1 mark ] Describe the difference between a network switch and a network hub. Then explain how switched networks limit the network traffic that is visible to Wireshark in comparison to networks that used hubs. (Note switches are the technology used in todays computer networks) [ 2 marks ] In TCP/IP networking IP addresses are used to identify specific computers (or hosts) on the network, clients use ports numbers to specify a particular instance of a client program (for example a specific tab on a web browser) and servers normally use well known port numbers on which to listen for client requests. For instance ftp at the server uses ports 20 and 21. From the web or any other source determine the well-known port numbers of the following server programs: · ftp data · ftp control · http · NTP · ssh Also find the well know port numbers for 6 other network protocols and describe the function that each protocol performs. [ 2 marks ] Part 2 : Capture filters In this section of the assignment you are required to learn the syntax for creating Wireshark Capture Filters. Then document and use capture filters to capture specific network traffic. Discussion of Berkeley Packet Filter (BPF) syntax The following discussion gives a brief explanation of the BPF syntax to help you get started with constructing your own capture filters. Wireshark capture filters use the Berkeley Packet Filter (BPF) syntax to specify particular traffic. This syntax is used by the libpcap (in Unix/Linux) and Winpcap (in Windows) libraries that are used by Wireshark to capture network traffic. Note WinDump is the Windows version of a Linux/Unix program called TCPDump and hence TCPDump documentation applies to capture filter syntax as used on Windows machines. Syntax The BPF syntax consists of one or more Primitives that specify a particular type of traffic to capture. Some examples of simple primitives are shown below: (i) host 192.168.12.22 (ii) host google.com (iii) src host google.com (iv) tcp port 80 Things to note about these primitives: · Primitives start with one or more qualifiers (eg. host, src host, dst host etc.) · Primitives end with an ID (eg. 192.168.12.22, google.com, 80 etc.) Note If you use named IDs like google.com then you need to enable name resolution in the capture filter dialog box when specifying capture filters. In summary a capture filter consists of one or more primitives and those primitives consist of one or more qualifiers followed by an ID. { <------- primitive ------> } { operator } { <- primitive -> } dst host 192.168.12.13 && tcp port 80 The references dst, host, tcp and port are called qualifiers. The references 192.168.12.13 and 80 are called IDs. The boxed example above also shows the AND operator being used to join two primitives to make a capture filter expression. The AND operator is one of the three possible operators that are allowed in capture filters, the other two are OR and NOT . Sources of documentation of the Berkeley Filter Syntax that you should refer to are: Documentation that describes the BPF syntax can be found at https://www.winpcap.org/docs/docs_40_2/html/group__language.html There are also good cheat sheets for TCPDump (Wireshark Capture Filters) an…
Looking for solution of this Assignment?
WHY CHOOSE US?
We deliver quality original papers |
Our experts write quality original papers using academic databases.We dont use AI in our work. We refund your money if AI is detected |
Free revisions |
We offer our clients multiple free revisions just to ensure you get what you want. |
Discounted prices |
All our prices are discounted which makes it affordable to you. Use code FIRST15 to get your discount |
100% originality |
We deliver papers that are written from scratch to deliver 100% originality. Our papers are free from plagiarism and NO similarity.We have ZERO TOLERANCE TO USE OF AI |
On-time delivery |
We will deliver your paper on time even on short notice or short deadline, overnight essay or even an urgent essay |