Вы находитесь на странице: 1из 6

L

T
O
B
R
P
S
2013 Cisco and
Lab - Us
Topology
Objectives
Part 1: Pr
Selec
Part 2: Ca
Captu
Locat
Exam
Backgroun
In this lab
the Hyper
such as H
establish
the Intern
server. A
Note: This
Required R
1 PC (Win
Part 1: P
In Part 1,
Step 1: Re
For this la
also called
a. Open
d/or its affiliates.
sing Wir

repare Wires
ct an appropri
apture, Loca
ure a web ses
te appropriate
mine informatio
nd / Scenar
b, you will use
rText Transfe
HTTP or File T
a reliable TC
et, a three-wa
PC can have
s lab cannot b
Resources
ndows 7, Vist
Prepare W
you start the
etrieve the P
ab, you need t
d the MAC ad
a command
All rights reserve
eshark t
shark to Capt
ate NIC interf
ate, and Exam
ssion to www.
e packets for a
on within pac
rio
Wireshark to
r Protocol (HT
Transfer Proto
P session bet
ay handshake
multiple, sim
be completed
a, or XP with
Wireshark
Wireshark pr
PC interface
to retrieve yo
ddress.
prompt windo
ed. This docume
to Obse
ture Packets
face to captur
mine Packets
.google.com.
a web sessio
kets, includin
o capture and
TTP) and a w
ocol (FTP) firs
tween the two
e is initiated a
multaneous, ac
d using Netlab
a command
k to Captu
rogram and se
e addresses
ur PCs IP ad
ow, type ipco
ent is Cisco Publi
erve the
s
re packets.
s
n.
g IP addresse
examine pac
web server, su
st starts on a
o hosts. For e
and a session
ctive TCP ses
b. This lab ass
prompt acces
ure Packe
elect the app
s.
ddress and its
onfig /all and
ic.
TCP 3-W
es, TCP port
ckets generat
uch as www.g
host, TCP us
example, whe
n is establishe
ssions with va
sumes that yo
ss, Internet ac
ets
ropriate interf
s network inte
then press E
Way Han
numbers, an
ted between t
google.com. W
ses the three-
en a PC uses
ed between th
arious web sit
ou have Inter
ccess, and W
face to begin
erface card (N
Enter.
ndshake

d TCP contro
the PC brows
When an appl
-way handsha
a web brows
he PC host an
tes.
rnet access.
Wireshark insta
capturing pa
NIC) physical
Page 1 of 6
e
ol flags.
ser using
lication,
ake to
ser to surf
nd web
alled)
ckets.
address,
L

S
Lab - Using W
2013 Cisco and
b. Write
sourc
The P
The P
Step 2: Sta
a. Click
b. After W
c. In the
your L
Wireshark to
d/or its affiliates.
down the IP
ce address to
PC host IP ad
PC host MAC
art Wiresha
the Windows
Wireshark sta
e Wireshark:
LAN.
Observe the
All rights reserve
and MAC add
look for when
dress:
address:
rk and sele
Start button
arts, click Inte
Capture Inte
e TCP 3-Way
ed. This docume
dresses asso
n examining c
ct the appro
and on the p
erface List.
erfaces windo
y Handshake
ent is Cisco Publi
ciated with th
captured pack
opriate inte
op-up menu,
ow, click the c
e
ic.
he selected Et
kets.
erface.
double-click
check the box
thernet adapt
Wireshark.
x next to the i
ter, because t
nterface conn
Page 2 of 6

that is the

nected to

192.168.1.5
00-24-21-A2-E3-52
L

P
S
S
Lab - Using W
2013 Cisco and
Note:
802.3
the In
Part 2: C
Step 1: Cli
a. Go to
You s
Note:
here:

b. The c
Step 2: Lo
If the com
entire pro
System (D
packets th
default ga
a. Frame
www.
send
What
b. Frame
c. Find t
start o
Wireshark to
d/or its affiliates.
If multiple int
3 (Ethernet) ta
terface Detai
Capture, L
ck the Start
www.google
should see ca
Your instruct
capture windo
cate approp
mputer was rec
cess in the ca
DNS), and the
he computer m
ateway; theref
e 11 shows th
google.com t
the first pack
is the IP add
e 12 is the res
the appropriat
of the TCP th
Observe the
All rights reserve
terfaces are l
ab, and verify
ls window aft
Locate, a
t button to s
.com. Minimiz
aptured traffic
tor may provi
ow is now acti
priate packe
cently started
aptured outpu
e TCP three-w
must get to w
fore, it started
he DNS query
to the IP addr
et to the web
ress of the D
sponse from
te packet for
ree-way hand
e TCP 3-Way
ed. This docume
isted and you
y that the MAC
ter verification
nd Exam
start the da
ze the Google
similar to tha
de you with a
ve. Locate th
ets for the w
d and there ha
ut, including th
way handsha
www.google.co
d with the DN
y from the PC
ress of the we
server.
NS server tha
the DNS serv
the start of yo
dshake.
y Handshake
ent is Cisco Publi
u are unsure w
C address ma
n.
mine Pack
ata capture.
e window, and
at shown belo
a different web
e Source, De
web sessio
as been no ac
he Address R
ke. The captu
om. In this ca
S query to re
C to the DNS s
eb server. The
at the comput
ver with the IP
our three-way
e
ic.
which interfac
atches what y
kets

d return to W
ow in step b.
bsite. If so, en
estination, a
n.
ctivity in acce
Resolution Pro
ure screen in
ase, the PC al
solve www.go
server, attem
e PC must ha
ter queried?
P address of w
y handshake.
ce to check, c
you wrote dow
Wireshark. Sto
nter the webs
nd Protocol
essing the Inte
otocol (ARP),
Part 2, Step
lready had an
oogle.com.
mpting to resol
ave the IP add
www.google.c
In this examp
click Details.
wn in Step 1b
p the data ca
site name or a
columns.
ernet, you can
Domain Nam
1 shows all th
n ARP entry f
lve the doma
dress before
com.
ple, frame 15
Page 3 of 6
Click the
b. Close
apture.
address

n see the
me
he
for the
in name,
it can
5 is the
www.google.com
200.107.10.52
L

S
Lab - Using W
2013 Cisco and
What
d. If you
Wires
Step 3: Ex
TC
a. In our
serve
and d
inform
b. Click
view o
c. Click
Note:
neces
Wireshark to
d/or its affiliates.
is the IP add
have many p
shark filter cap
amine infor
CP control fl
r example, fra
r. In the pack
isplays the de
mation in the p
the + icon to
of the TCP inf
the + icon to
You may hav
ssary informa
Observe the
All rights reserve
ress of the G
packets that a
pability. Enter
rmation with
lags.
ame 15 is the
ket list pane (t
ecoded inform
packet details
the left of the
formation.
the left of the
ve to adjust th
tion.
e TCP 3-Way
ed. This docume
oogle web se
are unrelated
r tcp in the filt
hin packets
start of the th
top section of
mation from th
s pane (middle
e Transmissio
e Flags. Look
he top and m
y Handshake
ent is Cisco Publi
erver?
to the TCP co
ter entry area
s including
hree-way han
f the main win
hat packet in
e section of th
n Control Pro
at the source
iddle window
e
ic.
onnection, it
a within Wires
IP addresse
ndshake betw
ndow), select
the two lower
he main wind
otocol in the p
e and destinat
ws sizes within
may be nece
shark and pre
es, TCP por
ween the PC a
the frame. Th
r panes. Exam
dow).
packet details
tion ports and
n Wireshark to
ssary to use t
ess Enter.
rt numbers,
and the Goog
his highlights
mine the TCP
s pane to expa
d the flags tha
o display the
Page 4 of 6
the

, and
le web
the line
P
and the
at are set.
http://173.194.46.84/
L

Lab - Using W
2013 Cisco and
What
How w
What
How w
Which
What
d. To se
Packe
initial
What
Wireshark to
d/or its affiliates.
is the TCP so
would you cla
is the TCP d
would you cla
h flag (or flags
is the relative
elect the next
et In Convers
request to sta
are the value
Observe the
All rights reserve
ource port nu
assify the sou
estination por
assify the des
s) is set?
e sequence n
frame in the t
sation. In this
art a session.
es of the sour
e TCP 3-Way
ed. This docume
mber?
rce port?
rt number?
tination port?
umber set to?
three-way han
s example, th
.
rce and destin
y Handshake
ent is Cisco Publi
?
?
ndshake, sele
his is frame 16
nation ports?
e
ic.
ect Go on the
6. This is the

e Wireshark m
Google web
menu and sele
server reply t
Page 5 of 6

ect Next
to the

54734
Puerto dinmico o privado
80
Puerto bien conocido
Seq y Len
0
Source Port: 80 Dst Port: 54734
L

R
1
2
Lab - Using W
2013 Cisco and
Which
What

e. Finally
windo
Exam
Which
The re
conne
begin
f. Close
Reflection
1. There are
different ty

2. What othe

Wireshark to
d/or its affiliates.
h flags are se
are the relati
y, examine th
ow displays th
mine the third a
h flag (or flags
elative seque
ection is now
.
e the Wiresha
e hundreds of
ypes of traffic
er ways could
Observe the
All rights reserve
et?
ve sequence
he third packe
he following in
and final pack
s) is set?
ence and ackn
established, a
rk program.
filters availab
c. Which three
d Wireshark b
e TCP 3-Way
ed. This docume
and acknowl
et of the three
nformation in
ket of the han
nowledgemen
and commun
ble in Wiresha
e filters in the
e used in a p
y Handshake
ent is Cisco Publi
edgement nu
e-way handsh
this example:
ndshake.
nt numbers ar
ication betwe
ark. A large n
list might be
production net
e
ic.
umbers set to
ake in the ex
:
re set to 1 as
een the source
network could
the most use
twork?
?
xample. Clicki
a starting po
e computer a
have numero
eful to a netwo
ng frame 17 i
int. The TCP
and the web s
ous filters and
ork administra
Page 6 of 6
in the top

server can
d many
ator?
Seq, Ack y Len
1 y 24
Seq, Ack y Len
ICMP, TCP y ARP
Para identificar que aplicacin es la que ms utiliza la red