Task 1.

Capture packets transferred while browsing a selected website (e.g. a page from some website, a search engine home page). Investigate the protocols used in each packet, the values of the header fields and the packet sizes. Colour Coding: Youll probably see packets highlighted in green, blue, and black. Wireshark uses colours to help you identify the types of traffic at a glance. By default, green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic, and black identifies TCP packets with problems for example, they could have been delivered out-of-order.

Task 2.

While capturing packets enter the URL: http://gaia.cs.umass.edu/ethereal-labs/INTRO-ethereal-file1.html and have that page displayed in your browser. In order to display this page, your browser will contact the HTTP server at gaia.cs.umass.edu and exchange HTTP messages with the server in order to download this page. The Ethernet frames containing these HTTP messages will be captured by Wireshark. After your browser has displayed the INTRO-ethereal-file1.html page, stop Wireshark packet capture by selecting Capture > Stop in the Wireshark in the command menus. The Wireshark window will display all packets captured since you began packet capture. You now have live packet data that contains all protocol messages exchanged between your computer and other network entities. The HTTP message exchanges with the gaia.cs.umass.edu web server should appear somewhere in the listing of packets captured. But there will be many other types of packets displayed as well (see, e.g., the many different protocol types shown in the Protocol column). Even though the only action you took was to download a web page, there were evidently many other protocols running on your computer that are unseen by the user.

Task 3. http filtering

Type in http into the display filter specification window (without the quotes, and in lower case all protocol names are in lower case in Wireshark). Then select Apply (to the right of where you entered http). This will cause only HTTP message to be displayed in the packet-listing window. The HTTP GET message that was sent from your computer to the gaia.cs.umass.edu HTTP server should be shown among the first few http message shown in the packet-listing window. When you select the HTTP GET message, the Ethernet frame, IP datagram, TCP segment, and HTTP message header information will be displayed in the packet-header window. Recall that the HTTP GET message that is sent to the gaia.cs.umass.edu web server is contained within a TCP segment, which is contained (encapsulated) in an IP datagram, which is encapsulated in an Ethernet frame. By clicking on the expansion buttons to the left side of the packet details window, you can minimize or maximize the amount of Frame, Ethernet, Internet Protocol, and Transmission Control Protocol information displayed. Maximize the amount information displayed about the HTTP protocol.

Task 4.

Explore at least the following features of Wireshark: filters, Flow Graphs (TCP), statistics, protocol hierarchies