Practical 02- Playing With Ethereal

Computer Networks Lab Version 1.0 Playing with Ethereal

1. Go to http://www.ethereal.com and select download and then download the ethereal version for Windows. Install the Ethereal on your computer. 2. Winpcap can be found at http://winpcap.polito.it/. Select get Winpcap and download the version 3.1. Install it on your machine. (Probably I will try to install them on machines to save your time, if did install them already, then escape the first 2 steps) 3. Open the web browser on the machine. Let the default page loaded. 4. Run Ethereal on your machine. 5. Select Capture->interfaces. Then select prepare button for the correct interface (correct interface means by which you are connecting to the web. If you have difficulties, ask me please) 6. In ethereal capture options dialogue, uncheck all options in display options and check option 1 and 3 (not 2) in name resolution. Then press start. 7. What you will see, don’t bother about that at the moment. Go to your opened web page, and in the URL, type http://www.microsoft.com. 8. Press stop in the ethereal software when the page is fully loaded in the browser. It will take you to the details of the packets. 9. OOPS! Lots of packet details! No worries! There, in the filter option (see Figure), type http. Press enter.

Figure: Ethereal Output 10. What you will see now, is the HTTP packets exchanged between you and Microsoft’s server(s).

Rushdi Shams

1

Dept of CSE, KUET

PDF Created with deskPDF PDF Writer - Trial :: http://www.docudesk.com

11. Loads of information right? Ok, don’t worry. They will be resolved to you soon as you go through the following questions (Take screenshots to provide evidence for your assignments).
Can you tell the IP address of yours and IP address of Microsoft?
What is the version of HTTP?
Did you notice that the GET thing? What is the resemblance of its occurring? (e.g. for which case it’s occurring and for which case it’s not?)
Are there multiple IP addresses representing Microsoft? If so, what is the reason? 12. Now, select the first packet in the listing of captured packets (see Figure) (If you are drowning in packets, use the arrow with a bar over it symbol to get to the first packet). Go to the details of selected packet header pane (see Figure) (Take Screenshots to provide evidence for your assignment).
Expand HTTP Protocol. What is the name of your web browser and its version?
Which language it accepts?
Can you please tell the source port and destination port by expanding TCP?
What do you think- which one is the client port and which one is the server port? How did you answer this question (if you are really correct)? 13. Now, in the filter option, type tcp and press enter. 14. Before the HTTP GET, did you notice the 3 TCP packets exchanged between two parties? They are 3 way handshakes. Take a screenshot of it as well as notes on the sequence numbers and acknowledge numbers. 15. Phew! Loads of work you have done with HTTP and TCP! Ok, in the filter option, delete anything written (or rather I say blank it?). Then press enter. 16. You see some different coloured packets there? You see the protocol ARP and DNS there? If not, please ask me if I can help you with these. 17. Well, what are ARP and DNS then? It is too early for you, but you should ask me about this. You need to explain it inside your assignment (don’t worry, it is easier one!). 18. Ok, go to start menu->run. Write cmd. Then on the command prompt, write ipconfig /all. You see loads of information about your networks. Do you see the DNS server’s address there? Does it match with the one at Ethereal output? Deliverable: The report should contain introduction, procedure, screenshots, answer of all the questions and conclusion. The report must be delivered both in .doc format and in printed format. I will not accept any hand written report. You should not copy other people’s work. If you take a reference from the Internet or other source, then appropriately state them in the end of your report. You will be penalized a resubmission if you copy any of your classmate’s work (that classmate will be penalized too for this) or if you take ideas from the Internet or other source but do not refer to them at all.

Rushdi Shams

2

Dept of CSE, KUET

PDF Created with deskPDF PDF Writer - Trial :: http://www.docudesk.com