Please see file
Preparation
1. Download and install the TCP/IP packet capture program
2. Decide on a website of your choice for which you will capture and analyze TCP/IP traffic streams and identify the URL of your selected website (e.g.,
3. Use the
Week 7 Assignment Template
Download Week 7 Assignment Template
to complete and upload your work to the course room.
Resources
·
Wireshark DocumentationLinks to an external site.
.
·
Wireshark Frequently Asked QuestionsLinks to an external site.
.
·
Wireshark User’s Guide – Chapter 2: Building and Installing WiresharkLinks to an external site.
.
·
Wireshark Essential TrainingLinks to an external site.
.
Overview
Each protocol in the TCP/IP stack uses a specialized packet to transmit and receive data and protocol-specific information at its layer of the protocol stack. For example, there is the TCP segment packet at the TCP layer and there is the IP datagram packet at the IP layer that encapsulates or includes the TCP segment as its data. Packet capture programs like Wireshark allow us to capture these TCP/IP packets as frames from a network interface card that is connected to the Internet. More importantly, these packet capture programs enable us to analyze TCP/IP traffic and examine the networking information therein.
In this assignment, you will use Wireshark to capture and analyze the DNS, IP, and TCP packets of the traffic streams associated with browsing a website of your choice. You will document your capture and analysis with screenshots highlighting the key information analyzed. You will also explain what you did, interpret the result of your analysis, and reflect on this learning experience in a one-page written summary.
Instructions
1. Start the TCP/IP packet capture program
WiresharkLinks to an external site.
.
2. Configure Wireshark Time Display Format to display time as “Date and Time of Day” as follows: View > Time Display Format > Date and Time of Day
· Do not use the default configuration of Time Display Format as “Seconds Since the Beginning of Capture.”
3. Start Wireshark Capture on your network interface that is connected to the Internet.
4. In a web browser window, type in the URL of your chosen website and hit ENTER to access the website.
5. Stop Wireshark Capture after a few seconds.
6. Analyze the Wireshark frame that encapsulates the DNS query about your chosen URL to identify:
· The IP address of your network interface as the source IP address.
· The URL of your chosen website.
· The DNS Queries part of the frame.
Screenshot your identified frame, similar to figure 1.a, below. On the screenshot, highlight the IP address of your network interface as the source IP address, the URL of your chosen website, and the DNS Queries part of the frame.
7. Analyze the Wireshark frame that encapsulates the DNS response to the query about your chosen URL to identify:
· The IP address of your network interface as the destination IP address.
· The URL of your chosen website.
· The DNS Answers part of the frame.
Screenshot your identified frame, similar to Figure 1.b, below. On the screenshot, highlight the IP address of your network interface as the destination IP address, the URL of your chosen website, and the DNS Answers part of the frame.
8. Analyze the Wireshark frame that encapsulates the TCP handshake’s first SYN TCP segment from your network interface to your chosen URL to identify:
· The header checksum in the IP packet.
· The source IP address, the destination IP address in the IP packet.
· The source port number and the destination port number in the TCP packet.
Screenshot your identified frame, similar to figure 2.a below. On the n screenshot, highlight the header checksum, the source IP address, and the destination IP address in the IP packet. Clearly highlight on the screenshot the source port number and the destination port number in the TCP packet.
9. Analyze the Wireshark frame that encapsulates the TCP handshake’s SYN, ACK TCP segment from your chosen URL to your network interface to identify:
· The header checksum in the IP packet.
· The source IP address, the destination IP address in the IP packet.
· The source port number and the destination port number in the TCP packet.
Screenshot your identified frame, similar to that shown in Figure 2.b below. On the screenshot, highlight the header checksum, the source IP address, and the destination IP address in the IP packet. Clearly highlight on the screenshot the source port number and the destination port number in the TCP packet.
10. Analyze the Wireshark frame that encapsulates the TCP handshake’s last ACK TCP segment from your chosen URL to your network interface to identify:
· The header checksum in the IP packet.
· The source IP address, the destination IP address in the IP packet.
· The source port number and the destination port number in the TCP packet.
Screenshot your identified frame, similar to that shown in Figure 2.c below. On the screenshot, highlight the header checksum, the source IP address, and the destination IP address in the IP packet. Clearly highlight on the screenshot the source port number and the destination port number in the TCP packet.
Use the Week 7 Assignment Template to submit the following:
11. The screenshots you took. The screenshots should be labeled, in the same order as these instructions, and highlighted to identify the requested analysis information.
12. Write at least 1 page on each of the following for a 3 – 5 page summary:
· Explaining the overall process.
· Interpreting your analysis results.
· Reflecting on your learning experience.
This course requires the use of Strayer Writing Standards (SWS). The library is your home for SWS assistance, including citations and formatting. Please refer to the
Library site
for all support. Check with your professor for any additional instructions.
The specific course learning outcome associated with this assignment is:
· Analyze TCP/IP traffic packets to interpret key protocol information.