ITECH1003/ITECH5003 Networking Assignment Wireshark Capture Filter assignment This assignment requires students to: · Become familiar with Wireshark capture filters. · Document the qualifiers used in capture filters. · Construct and use capture filters to capture specific network traffic. · Include screen shots of captured network traffic and present them with associated discussion. Part 1 – Wireshark and traffic capture basics Describe what the term promiscuous mode means in relation to capturing network traffic with Wireshark and similar network traffic analysers. [ 1 mark ] The Capture > Options dialog allows the Name Resolution of Network Layer names. Describe what this means and describe how it could be used for capturing network traffic. [ 1 mark ] Describe the difference between a network switch and a network hub. Then explain how switched networks limit the network traffic that is visible to Wireshark in comparison to networks that used hubs. (Note – switches are the technology used in today’s computer networks) [ 2 marks ] In TCP/IP networking IP addresses are used to identify specific computers (or hosts) on the network, clients use ports numbers to specify a particular instance of a client program (for example a specific tab on a web browser) and servers normally use well known port numbers on which to listen for client requests. For instance ftp at the server uses ports 20 and 21. From the web or any other source determine the well-known port numbers of the following server programs: · ftp data · ftp control · http · NTP · ssh Also find the well know port numbers for 6 other network protocols and describe the function that each protocol performs. [ 2 marks ] Part 2 : Capture filters In this section of the assignment you are required to learn the syntax for creating Wireshark Capture Filters. Then document and use capture filters to capture specific network traffic. Discussion of Berkeley Packet Filter (BPF) syntax The following discussion gives a brief explanation of the BPF syntax to help you get started with constructing your own capture filters. Wireshark capture filters use the Berkeley Packet Filter (BPF) syntax to specify particular traffic. This syntax is used by the libpcap (in Unix/Linux) and Winpcap (in Windows) libraries that are used by Wireshark to capture network traffic. Note – WinDump is the Windows version of a Linux/Unix program called TCPDump and hence TCPDump documentation applies to capture filter syntax as used on Windows machines. Syntax The BPF syntax consists of one or more Primitives that specify a particular type of traffic to capture. Some examples of simple primitives are shown below: (i) host 192.168.12.22 (ii) host google.com (iii) src host google.com (iv) tcp port 80 Things to note about these primitives: · Primitives start with one or more qualifiers (eg. host, src host, dst host etc.) · Primitives end with an ID (eg. 192.168.12.22, google.com, 80 etc.) Note – If you use named IDs like google.com then you need to enable name resolution in the capture filter dialog box when specifying capture filters. In summary a capture filter consists of one or more primitives and those primitives consist of one or more qualifiers followed by an ID. { <------- primitive ------> } { operator } { <- primitive -> } dst host 192.168.12.13 && tcp port 80 The references dst, host, tcp and port are called qualifiers. The references 192.168.12.13 and 80 are called ID’s. The boxed example above also shows the AND operator being used to join two primitives to make a capture filter expression. The AND operator is one of the three possible operators that are allowed in capture filters, the other two are OR and NOT . Sources of documentation of the Berkeley Filter Syntax that you should refer to are: Documentation that describes the BPF syntax can be found at https://www.winpcap.org/docs/docs_40_2/html/group__language.html There are also good cheat sheets for TCPDump (Wireshark Capture Filters) an…

Looking for a solution written from scratch with No plagiarism and No AI?

WHY CHOOSE US?

We deliver quality original papers

Our experts write quality original papers using academic databases.We dont use AI in our work. We refund your money if AI is detected  

Free revisions

We offer our clients multiple free revisions just to ensure you get what you want.

Discounted prices

All our prices are discounted which makes it affordable to you. Use code FIRST15 to get your discount

100% originality

We deliver papers that are written from scratch to deliver 100% originality. Our papers are free from plagiarism and NO similarity.We have ZERO TOLERANCE TO USE OF AI

On-time delivery

We will deliver your paper on time even on short notice or  short deadline, overnight essay or even an urgent essay