Taking Wireshark for a Test Run

1. Open a command prompt and enter ipconfig /release. This command releases the IP address currently used by your system

2. At the command prompt, enter ipconfig /renew. This command causes your system to acquire a new IP address.

3. At the command prompt, enter ipconfig/flushdns. This command clears the DNS cache on your systems so that every newly entered url will generate a DNS query.

4. Now youll try sniffing data packets as they are transmitted over the HTTP protocol. Open up a browser tab and go to http://my.utsa.edu/.

5. Open another browser tab. Login to a web application that does not use secure communication: http://www.techpanda.org. Use the login address admin@google.com and the password Password2010.

6. Open one more browser tab and log into one of your social media, email, or news outlet accounts (Instagram, YouTube, etc.)

7. Stop the capture session and save the traffic data you have generated.

Analyzing Your Data

You will now analyze and write up a report of the packets in your capture session. Include screenshots of relevant results for each numbered item. Reference your text and/or the Internet for answers to the conceptual questions.

1. Filter and locate the DHCP packets (bootp filter) generated when you released and renewed your IP address.

a. What is the purpose of the DHCP protocol?

b. What are the main IP addresses involved in the generation of the DHCP frames?

c. Explain the purpose and effect of each of the frames involved.

2. Filter and locate the DNS query and response message for www.utsa.edu.

a. What is the purpose of DNS frames?

b. Were the DNS packets sent using the UDP or TCP transport layer protocol? Why?

c. What are the source and destination ports for the DNS frames generated during your capture session?

3. Filter and locate the frames for the TCP three-way handshake between your host and the web servers you accessed.

a. What is the purpose of the TCP three-way handshake?

b. What are the source and destination ports for these frames?

c. Starting with the first frame of the three-way handshake, list the SEQ and ACK numbers for the three handshake frames. What patterns, if any, do you spot?

d. How do the logins compare for the unsecured and secured attempts (look at the panel below the log entries)?

4. Report on the statistics for the capture session with relevant screenshots.

a. How long in minutes was the transfer session?

b. How many packets were captured?

c. How many bytes are in the packets?

d. Which protocols generated the greatest percentage of bytes of traffic?

5. Exit Wireshark. Congratulations! Youve now completed Lab 01