Lab 6: Packet Sniffing with Wireshark

Objectives:

To use a packet sniffing protocol analyzer to look at data transferred over networks.

Equipment list:

computer, a software called wireshark

Notes and Observations:

I found the FTP protocol frame that shows the password for the FTP server my professor set up for the lab. This shows that the FTP protocol is not secure.

password loser.png

I looked at a packet with the DNS query. This packet contains the following protocols: Ethernet II, Internet Protocal, User Datagram Protocal, and Domain Name System.dns protocol.png

I looked at HTTP data from when I went to Flickr.com. The web page seems to have been downloaded in two frames. The following protocols were used: Ethernet II, Internet Protocol, Transmission Control Protocol, and Hypertext Transfer Protocol. Under Ethernet II are the field names Destination, source, and Type. Under Internet Protocol are Differentiated Services Field, Total Length, and Identification. Under Transmission Control Protocol are Source Port, Destination Port, and Sequence number. Under Hypertext Transfer Protocol are Host, Connection, and Upgrade-Insecure-Requests.http.png

References:

https://www.wireshark.org/

Questions:

The instructions for this lab contained numerous questions. They will be answered here.

What is FTP used for?

To transfer files between computers on a network.

What is DNS used for?

To convert human-readable hostnames into machine-readable IP addresses.

Which layer does ICMP reside in? What do the ICMP initials mean and what is it used for?

Layer 3 of the OSI model. The Internet Control Message Protocol is used for sending error messages.

What is the process for a machine to be assigned an IP address using DHCP?

The client discovers available DHCP servers, then the server offers available addresses. The client then requests an address and the server acknowledges the client’s request.

What is the purpose of TCP sequence numbers?

To keep track of how much data is sent.

What is the purpose of IP source & destination addresses?

To deliver packets of data across a network.

What is DHCP?

Dynamic host configuration protocol is a protocol that automatically assigns IP addresses to computers.

What is the relationship between the OSI model of networking and the real-world TCP/IP model we saw in this lab activity?

The application, presentation, and session layers of the OSI model correspond to the application layer of the TCP/IP model. Both have a transport layer. The network layer of the OSI model corresponds to the internet layer of the TCP/IP model. The data link and physical layers of the OSI model correspond to the network access layer of the TCP/IP model.

What are the implications of having a tool like Wireshark freely available? For network administration? For security?

Wireshark makes life a great deal easier for network administrators. It is always great to have something free and open source available in place of potentially costly software. Wireshark can have negative implications on security because anyone on your network can spy on everything you do. It really brings to light the importance of securing your network.

Conclusions:

I was unaware of just how available this type of technology is. It really makes me second guess the security of the internet. Anyone with access to my network can see everything I do. I could even spy on my parents if I wanted to! Not that I would ever do that. This lab also brought to my attention just how much data is transferred and how many protocols are involved during seemingly simple tasks. To a human user, downloading a webpage seems like such a simple process, but a lot is actually going on in the computer. I’m kind of amazed that it works as reliably as it does. It just seems like there is a lot that could go wrong.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s