Embed Size (px)
DESCRIPTION
Lab Exercise & Hands on Network Protocol Analyzer Toolkit : Wireshark
Citation preview
Lab Exercise & Hands on
Network Protocol Analyzer Toolkit :
Wireshark
Pervasive Computing Research Group
Faculty of Computer Science & Information System
Universiti Teknologi Malaysia
Getting Wireshark
• Running on Windows & Linux Platform
– Wireshark is newly version of Ethereal
– Install Wireshark in your PC / Notebook
– Running it with start a new live capture button
(1) Hands on : Generated traffic
• Check your IP Address (depend your OS: ipconfig / ifconfig), do dhcp setting
• Type ping www.utm.my / etc – Added command type with ping /help
• Running and capture your Wireshark
• Press Stop Button and do Analyze it – the “payload” features of data
– Describe it
• Save with name ping (save as type :wireshark / tcpdump)
(2) Hands on : Generated traffic
• Browsing with your favorite web site – Open your browser, type the URL and faced it
• Running and capture your Wireshark • Press Stop Button and do Analyze it
– the “payload” features of data – IP Header : IP source, destination, Flags, Header length,
TTL – TCP / UDP Header : Port source, destination, Seq_number,
ACK_number, Win, Length, etc – ICMP Header : Type, Checksum, etc
• Save with name browsing (save as type :wireshark / tcpdump)
(3) Hands on : Generated traffic
• Transfer your files with other PC or upload /download it to Internet
• Running and capture your Wireshark • Press Stop Button and do Analyze it
– the “payload” features of data – IP Header : IP source, destination, Flags, Header
length, TTL – TCP / UDP Header : Port source, destination,
Seq_number, ACK_number, Win, Length, etc – ICMP Header : Type, Checksum, etc
• Save with name transfer (save as type : wireshark / tcpdump)
Analyzed
• Display Filter | Analyze | Display filter : to filtering our expression
– Go to| Analyze | Display filter, i.e : choose HTTP, then click Apply
• Shown a detailed packet
– Choose what we want, and go to | Analyze | follow TCP / UDP stream
– Some crucial information showed
Statistic
• Features from wireshark to shown statistic count all activities
Tips working with Wireshark
• Cannot analyzed if pcap file exceed 300 MB
• Reliability / stability process depend specification machines
• Used tshark command
– Windows OS : in cmd go to c:\Program Files\wireshark
– Type tshark –r nameyourfile.pcap
• More command, type tshark -h
(3) Hands on : Exercise
• Open your favorite web 2.0 Application / streaming / IM
– Analyzed it and see what is unique in every single packet
– Compare it with hands on (1) – (2)
(4) Hands on : Exercise
• Mapping your network
– Type ping to every computer in your broadcast
– do analyze and mapping all PC in your network
– Draw topology with IP Address, MAC Address, named of computer for each PC.
– Summarize
• The total IP Address
• The total traffic / packet data
• The total of Protocol: TCP/ UDP/ ICMP/ others
(4) Hands on : Exercise
• Home work
– Three Way handshake process in every hand on Lab (including IP, TCP, UDP, ICMP features header)
– Draw it with your explanation process handshake based on IP Address, port address and sequences / ACK process
– Compare it with your hands on (1) – (3)
Deris Stiawan. Holds an M.Eng from University of Gadjah Mada, Indonesia, since 2006, he is Computer Science faculty member at University of Sriwijaya, Indonesia. He is member of IEEE and currently pursuing his Ph.D degree at Faculty of Computer Science & Information System, Universiti Teknologi Malaysia (UTM) working in intrusion prevention system. He joined research group Information Assurance and Security Research Group (IASRG) in the area of Intrusion Prevention and Detection (ITD) at UTM. His professional profile has derived to the field of computer network and network security, specially focused on intrusion prevention and network infrastructure. http://webs.fsksm.utm.my/blog/pcrg/derissetiawan/
