[Solved] Wireshark Now go back to Wireshark and us

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Sep 09, 2024

Wireshark Now go back to Wireshark and use the filter option by going to Analyze Display Filters Ede y Display Filter Ethernet address 0008 15000845

Wireshark

Now go back to Wireshark and use the filter option by going to Analyze Display Filters Ede y Display Filter Ethernet address 0008 15000845 Ethernet typ 00806 (AR) Ethernet broadcast No ARP P only P address 19216801 xAkess her e address iunt 192 16801, don't vse te for this Px only TCP onty UOP only #her narne IP address 19 reer string ipaddr. 168.21% Put in your IP address so that all packets not interacting with your IP address will be filtered. Now, if you go back to the main screen, youll see that only packets with a destination or source of your IP address are shown. Enable all name resolution and start a new capture. After starting the capture, use your browser to go to the CNN website at www.enn.com. There may be 1,000 or more packets due to the video that is loading, Once the site loads on your browser, stop the capture. Near the top of your capture, you should see some entries for DNS. Click on the first DNS entry This should be your computer's request to figure out what IP address enn.com has. Click on the details below to see if this is correct. Now, click on the DNS packet response, which gives your computer the response from the DNS, so your computer knows what the IP address is. Open the details below to see what IP address (es) you have received from the DNS. QUESTION 3: What IP addresses are given to your computer in order to access cnn.com? Most major websites have multiple IP addresses in order to spread out the workload among multiple IP addresses and in case one IP address isn't working 192.168.2176 192.168 2-170 H2 0742880 standard 192.168 21176 cnn.com 41 : Ox0100 (standard query) ttonsi 1 Author ity RRS 9 cond pane, click on the"+"signs to expand the details Now click on the first pack which has one of the IP addresses of cnn.com in the destination and has HTTP as the protocol. In the second pane you will see five major headings. The first heading is just information from Wireshark. It says something similar to: "Frame 459 (509 bytes on wire, 509 bytes captured)". Ignore this first line. It just tells you about where this packet was in the set of all packets that Wireshark captured. QUESTION 4 Look at the next four headings. Ethernet ProtocolP Internet Protocol Transmission Control Protocol? Hypertext Transfer protocol? Why are there four different things in this same message? QUESTION 5: How are these four protocols related? Capture a screen shot of this page and paste it in your homework. To capture a screen shot use a key at the upper right of your keyboard labeled "Print Screen/SysRg" Then go to your word processing package and choose "Paste" Expand QUESTION 6: What does the information in this packet state about the browser you are using and the operating system you are using? Does it show that you are sending a cookie? Information about your computer is being sent to cnn.com's server, since it will may send different depending on the browser you are using, operating system, programs you can run, etc. Find the HTTP protocol line FROM ONN. It may be the first, second, or third one from CNN since they may shift you to a different server to handle your request. Open up the Hypertext Transfer Protocol line in the second pane by clicking on it. Click on the line that says Data. Look at the highlighted text in the bottom window. QUESTION 7: What do you think that text is (hint: you can go to your browser window and choose the menu "view" then "source and compare it, the hypertext transfer protocol to answer the following question: Now go back to Wireshark and use the filter option by going to Analyze Display Filters Ede y Display Filter Ethernet address 0008 15000845 Ethernet typ 00806 (AR) Ethernet broadcast No ARP P only P address 19216801 xAkess her e address iunt 192 16801, don't vse te for this Px only TCP onty UOP only #her narne IP address 19 reer string ipaddr. 168.21% Put in your IP address so that all packets not interacting with your IP address will be filtered. Now, if you go back to the main screen, youll see that only packets with a destination or source of your IP address are shown. Enable all name resolution and start a new capture. After starting the capture, use your browser to go to the CNN website at www.enn.com. There may be 1,000 or more packets due to the video that is loading, Once the site loads on your browser, stop the capture. Near the top of your capture, you should see some entries for DNS. Click on the first DNS entry This should be your computer's request to figure out what IP address enn.com has. Click on the details below to see if this is correct. Now, click on the DNS packet response, which gives your computer the response from the DNS, so your computer knows what the IP address is. Open the details below to see what IP address (es) you have received from the DNS. QUESTION 3: What IP addresses are given to your computer in order to access cnn.com? Most major websites have multiple IP addresses in order to spread out the workload among multiple IP addresses and in case one IP address isn't working 192.168.2176 192.168 2-170 H2 0742880 standard 192.168 21176 cnn.com 41 : Ox0100 (standard query) ttonsi 1 Author ity RRS 9 cond pane, click on the"+"signs to expand the details Now click on the first pack which has one of the IP addresses of cnn.com in the destination and has HTTP as the protocol. In the second pane you will see five major headings. The first heading is just information from Wireshark. It says something similar to: "Frame 459 (509 bytes on wire, 509 bytes captured)". Ignore this first line. It just tells you about where this packet was in the set of all packets that Wireshark captured. QUESTION 4 Look at the next four headings. Ethernet ProtocolP Internet Protocol Transmission Control Protocol? Hypertext Transfer protocol? Why are there four different things in this same message? QUESTION 5: How are these four protocols related? Capture a screen shot of this page and paste it in your homework. To capture a screen shot use a key at the upper right of your keyboard labeled "Print Screen/SysRg" Then go to your word processing package and choose "Paste" Expand QUESTION 6: What does the information in this packet state about the browser you are using and the operating system you are using? Does it show that you are sending a cookie? Information about your computer is being sent to cnn.com's server, since it will may send different depending on the browser you are using, operating system, programs you can run, etc. Find the HTTP protocol line FROM ONN. It may be the first, second, or third one from CNN since they may shift you to a different server to handle your request. Open up the Hypertext Transfer Protocol line in the second pane by clicking on it. Click on the line that says Data. Look at the highlighted text in the bottom window. QUESTION 7: What do you think that text is (hint: you can go to your browser window and choose the menu "view" then "source and compare it, the hypertext transfer protocol to answer the following