Question

1 Approved Answer

Posted on Sep 24, 2024

Filtering the Display Note: If you are using Wireshark from within VCASTLE, you will need to open Canvas launch this activity so that you can

image text in transcribed

Filtering the Display Note: If you are using Wireshark from within VCASTLE, you will need to open Canvas launch this activity so that you can download user.cap. It is permissible to download and install Wireshark on your PC. In this case, you would need to download the user.cap to your local PC. The capture file will often contain a number of packets that have little use to you in analyzing traffic. By filtering the display you can limit the packets displayed to only those that meet specific criteria. Some common criteria used to filter traffic are protocols, IP addresses, and MAC addresses. The criteria can include any value that exists in one of the headers. 1. Download and open the user.cap with Wireshark. This file contains a capture with some traffic from a user accessing the Internet. 2. In the Filter box, just below the menu, enter in HTTP, notice that the program will attempt to auto-complete the filter based on what you type in. The background color will turn to green when you have entered a valid value for the filter. Click the apply button to apply the filter. o How many packets are now displayed? 3. Filter the traffic so that only DNS traffic is displayed. o What did you type in the filter box? o How many packets are displayed? 4. Filter the traffic so that only FTP traffic is displayed. o What did you type in the filter box? How many packets are displayed? 5. To filter by a specific IP address, type ip.addr== followed by the IP address. This will look at the source or destination address in the IP header. o Type ip.addr==66.35.45.201 o How many packets are displayed? 6. Type in "ip" in the filter field to show the possible completions for the IP header. 7. What would you have to enter in the filter box to display only those packets whose destination IP address was equal to 74.125.93.100? 8. If you are filtering, remove filter by click X on the right side of the filter input box. In Frame 1, in the Packet details pane, expand Ethernet II. What is the Source MAC address? 1. If this frame went through a network hub, would the Source MAC change? 2. If this frame went through a network switch, would the Source MAC change? Filtering the Display Note: If you are using Wireshark from within VCASTLE, you will need to open Canvas launch this activity so that you can download user.cap. It is permissible to download and install Wireshark on your PC. In this case, you would need to download the user.cap to your local PC. The capture file will often contain a number of packets that have little use to you in analyzing traffic. By filtering the display you can limit the packets displayed to only those that meet specific criteria. Some common criteria used to filter traffic are protocols, IP addresses, and MAC addresses. The criteria can include any value that exists in one of the headers. 1. Download and open the user.cap with Wireshark. This file contains a capture with some traffic from a user accessing the Internet. 2. In the Filter box, just below the menu, enter in HTTP, notice that the program will attempt to auto-complete the filter based on what you type in. The background color will turn to green when you have entered a valid value for the filter. Click the apply button to apply the filter. o How many packets are now displayed? 3. Filter the traffic so that only DNS traffic is displayed. o What did you type in the filter box? o How many packets are displayed? 4. Filter the traffic so that only FTP traffic is displayed. o What did you type in the filter box? How many packets are displayed? 5. To filter by a specific IP address, type ip.addr== followed by the IP address. This will look at the source or destination address in the IP header. o Type ip.addr==66.35.45.201 o How many packets are displayed? 6. Type in "ip" in the filter field to show the possible completions for the IP header. 7. What would you have to enter in the filter box to display only those packets whose destination IP address was equal to 74.125.93.100? 8. If you are filtering, remove filter by click X on the right side of the filter input box. In Frame 1, in the Packet details pane, expand Ethernet II. What is the Source MAC address? 1. If this frame went through a network hub, would the Source MAC change? 2. If this frame went through a network switch, would the Source MAC change