Filtering packets Wireshark can filter packets while capturingor displaying. Display filters allow you to concentrate on thepackets you are interested in while hiding the currentlyuninteresting ones. They allow you to select packets by: • Protocol• The presence of a field • The values of fields • A comparisonbetween fields etc. Examining the Packet Capture • Start a newCapture • Open the Browser • Type a web page address (ex.www.mercy.edu) • Apply a filter for “TCP” protocol. • Stop theCapture. • Now you can isolate a TCP stream. • Right click on apacket in the Packet List and select Follow TCP Stream. Thiscreates an automatic Display Filter which displays packets fromthat TCP session only. • It also displays a session window, whichis by default, an ASCII representation of the TCP session, wherethe client packets are in red and the server packets in blue.Change to Hex Dump Mode and view the payloads in raw Hex. •Wireshark automatically creates a display filter to filter out thisTCP conversation. 1. From your Wireshark Capture, write the IPAddresses and Port Numbers for the Client and the Server. 2. WhatHTTP version is your browser running? What version of HTTP is theserver running? 3. Identify the TCP segments that are used toinitiate the TCP connection between the client computer andwww.mercy.edu. 4. For each packet in the TCP 3-way handshake, writethe Sequence and Acknowledgement numbers. • You can see the flowtraffic with Statistics->Flow Graph menu option, too. 5. Whatare the sequence numbers of the first four data-carrying segmentsin the TCP connection? 6. What is the length of each of these fourTCP segments? The length of the TCP segment is only the number ofdata bytes carried inside the segment (excluding the headers). •Run nslookup to determine the authoritative DNS servers for youruniversity. • Enter “dns && ip.addr == host_IP_address”into the display filter, where you obtain host_IP_address withipconfig. • Locate the DNS query and response messages. 7. Are theytransported using UDP or TCP? Explain why or why not. 8. What isthe destination port for the DNS query message? 9. What is thesource port of DNS response message? 10. With statistics ->conversations, find which hosts sent and received the most packets?Once activated, Trojans can enable cyber-criminals to spy on you,steal your sensitive data, and gain backdoor access to your system.These actions can include: Deleting data Blocking data Modifyingdata Copying data Disrupting the performance of computers orcomputer networks.