Page 1 of 21

University of Jordan
Faculty of Engineering & Technology
Computer Engineering Department
Computer Networks Laboratory 907528
Lab. 1 Cabling & Packet Sniffing
1. To become familiar with the different types of cables used in the lab.
Objectives
2. To become familiar with cable tester equipment
3. To become familiar with the WIRESHARK packet sniffer software package.

1. Read thoroughly and prepare the experiment sheet.
Pre-lab Preparation:
2. Review the sections in the book regarding HTTP communications.
3. Review the Ethernet frame format, the IPv4 packet format and the TCP/UDP segment formats.
4. You must bring a printed copy of this experiment with you to the lab.

You can find the problem sheet on Drive D: of the lab PCs.
Procedure:
Part 1: Cabling

Choosing the cables necessary to make a successful LAN or WAN connection requires
consideration of the different media types. There are many different Physical layer implementations
that support multiple media types.
UTP cabling connections are specified by the Electronics Industry Alliance/Telecommunications
Industry Association (EIA/TIA).
The RJ-45 connector is the male component crimped on the end of the cable. When viewed from
the front, the pins are numbered from 8 to 1. When viewed from above with the opening gate
facing you, the pins are numbered 1 through 8, from left to right. This orientation is important to
remember when identifying a cable.

Page 2 of 21

Types of Interfaces
In an Ethernet LAN, devices use one of two types of UTP interfaces - MDI or MDIX.
The MDI (media-dependent interface) uses the normal Ethernet pinout. Pins 1 and 2 are used for
transmitting and pins 3 and 6 are used for receiving. Devices such as computers, servers, or routers
will have MDI connections.
The devices that provide LAN connectivity - usually hubs or switches - typically use MDIX
(media-dependent interface, crossover) connections. The MDIX connection swaps the transmit
pairs internally. This swapping allows the end devices to be connected to the hub or switch using a
straight-through cable.
Typically, when connecting different types of devices, use a straight-through cable. And when
connecting the same type of device, use a crossover cable.

Straight-through UTP Cables
A straight-through cable has connectors on each end that are terminated the same in accordance
with either the T568A or T568B standards.
Identifying the cable standard used allows you to determine if you have the right cable for the job.
More importantly, it is a common practice to use the same color codes throughout the LAN for
consistency in documentation.
Use straight-through cables for the following connections:
Switch to a router Ethernet port
Computer to switch
Computer to hub




Page 3 of 21

Crossover UTP Cables
For two devices to communicate through a cable that is directly connected between the two, the
transmit terminal of one device needs to be connected to the receive terminal of the other device.
The cable must be terminated so the transmit pin, Tx, taking the signal from device A at one end, is
wired to the receive pin, Rx, on device B. Similarly, device B's Tx pin must be connected to device
A's Rx pin. If the Tx pin on a device is numbered 1, and the Rx pin is numbered 2, the cable
connects pin 1 at one end with pin 2 at the other end. These "crossed over" pin connections give
this type of cable its name, crossover.
To achieve this type of connection with a UTP cable, one end must be terminated as EIA/TIA
T568A pinout, and the other end terminated with T568B pinout.
To summarize, crossover cables directly connect the following devices on a LAN:
Switch to switch
Switch to hub
Hub to hub
Router to router Ethernet port connection
Computer to computer
Computer to a router Ethernet port




Page 4 of 21

Rollover UTP Cables
In a rolled cable, the colored wires at one end of the cable are in the reverse sequence of the colored
wires at the other end of the cable.

Console Cables (RJ-45 to DB-9 Female)

This cable is also known as Management Cable.
The connection to the console is made by plugging the DB-9 connector into an available EIA/TIA
232 serial port on the computer. It is important to remember that if there is more than one serial
port, note which port number is being used for the console connection. Once the serial connection
to the computer is made, connect the RJ-45 end of the cable directly into the console interface on
the router.

Page 5 of 21

MDI/MDIX Selection
Many devices allow the UTP Ethernet port to be set to MDI or MDIX. This can be done in one of
three ways, depending on the features of the device:
1. On some devices, ports may have a mechanism that electrically swaps the transmit and
receive pairs. The port can be changed from MDI to MDIX by engaging the mechanism.
2. As part of the configuration, some devices allow for selecting whether a port functions as
MDI or as MDIX.
3. Many newer devices have an automatic crossover feature. This feature allows the device to
detect the required cable type and configures the interfaces accordingly. On some devices,
this auto-detection is performed by default. Other devices require an interface
configuration command for enabling MDIX auto-detection.



Page 6 of 21

Serial Cables
In the lab experiments, you may be using Cisco routers with one of two types of physical serial
cables. Both cables use a large Winchester 15 Pin connector on the network end. This end of the
cable is used as a V.35 connection to a Physical layer device such as a CSU/DSU.
The first cable type has a male DB-60 connector on the Cisco end and a male Winchester connector
on the network end. The second type is a more compact version of this cable and has a Smart Serial
connector on the Cisco device end. It is necessary to be able to identify the two different types in
order to connect successfully to the router.









Data Communications Equipment and Data Terminal Equipment
The following terms describe the types of devices that maintain the link between a sending and a
receiving device:
Data Communications Equipment (DCE) - A device that supplies the clocking services to another
device. Typically, this device is at the WAN access provider end of the link.
Data Terminal Equipment (DTE) - A device that receives clocking services from another device
and adjusts accordingly. Typically, this device is at the WAN customer or user end of the link.
If a serial connection is made directly to a service provider or to a device that provides signal
clocking such as a channel service unit/data service unit (CSU/DSU), the router is considered to be
data terminal equipment (DTE) and will use a DTE serial cable.
DCEs and DTEs are used in WAN connections. The communication via a WAN connection is
maintained by providing a clock rate that is acceptable to both the sending and the receiving device.
In most cases, the ISP provides the clocking service that synchronizes the transmitted signal.
For example, if a device connected via a WAN link is sending its signal at 1.544 Mbps, each
receiving device must use a clock, sending out a sample signal every 1/1,544,000th of a second.
The timing in this case is extremely short. The devices must be able to synchronize to the signal
that is sent and received very quickly.
Page 7 of 21


By assigning a clock rate to the router, the timing is set. This allows a router to adjust the speed of
its communication operations (the router will therefore use a data communications equipment
(DCE) cable), thereby synchronizing with the devices connected to it.

When making WAN connections between two routers in a lab, connect two routers with a serial
cable to simulate a point-to-point WAN link. In this case, decide which router is going to be the
one in control of clocking. Routers are DTE devices by default, but they can be configured to act as
DCE devices.
The V35 compliant cables are available in DTE and DCE versions. To create a point-to-point serial
connection between two routers, join together a DTE and DCE cable. Each cable comes with a
connector that mates with its complementary type. These connectors are configured so that you
cannot join two DCE or two DTE cables together by mistake.









Page 8 of 21

How to prepare a UTP cable
Example: Instructions to prepare a Crossover cable
Things you'll need:
RJ-45 Crimp Tool
Cat-5e Cable
RJ-45 Jacks
Step 1

Prepare your workspace. Take the roll of UTP cable and cut the cable to length using the cutting
blade on the crimp tool.
Step 2

Splice the end by using the splicing blades to expose the unshielded twisted pairs.
Step 3

Take each twisted pair and make four wire strands, each going out from the center of the wire.
Step 4

Now take the individual twisted wire pairs and untwist them down to individual wires in the
following order: Striped Orange, Orange, Striped Green, Blue, Striped Blue, Green, Striped Brown,
Brown.


Page 9 of 21

Step 5

Next, grasp the wires with your thumb and index finger of your non-dominant hand. Take each wire
and snug them securely side by side.
Step 6

Using the cutting blade of the crimp tool, cut the ends off of the wires to make each wire the same
height.
Step 7

Still grasping the wires, insert the RJ-45 jack on the wires with the clip facing away from you.
Step 8

Insert the jack into the crimper and press down tightly on the tool to seal the wires in place.
Step 9

Once the first head is made, repeat steps two through eight. When untwisting the wires down to sing
strands, use the following order: Striped Green, Green, Striped Orange, Blue, Striped Blue, Orange,
Striped Brown, Brown.
Step 10
Plug in the cable to test connectivity.
Page 10 of 21

Part 2: Cables Testing
In this lab, we are going to use MicroScanner2 UTP cable tester device to verify that cables were
prepared correctly else diagnosing cable's faults.
MicroScanner2 Features



Page 11 of 21




Auto Shutoff
The tester turns off after 10 minutes if no keys are pressed and nothing changes at the testers
connectors.
Changing the Length Units




Page 12 of 21



Page 13 of 21







Page 14 of 21



Diagnosing Wiremap Faults
Open
Wires connected to wrong pins at connector or punchdown blocks
Faulty connections
Damaged connector
Damaged cable
Wrong pairs selected in setup
Wrong application for cable

Page 15 of 21

Split Pair
Wires connected to wrong pins at connector or punchdown block.

Reversed Pairs
Wires connected to wrong pins at connector or punchdown block.

Crossed Pairs
Wires connected to wrong pins at connector or punchdown block.
Mix of 568A and 568B wiring standards (12 and 36 crossed).
Crossover cables used where not needed (12 and 36 crossed).
Short
Damaged connector
Damaged cable
Conductive material stuck between pins at connector.
Improper connector termination
Wrong application for cable

*******************************************
*** Solve associated parts in the problem sheet ***
*******************************************


Page 16 of 21

Part 3: WIRESHARK Packet Sniffer
The purpose of this part is to introduce the packet sniffer WIRESHARK. WIRESHARK will be
used for the lab experiments. This part introduces the basic operation of a packet sniffer, and a test
run of WIRESHARK.
The basic tool for observing the messages exchanged between executing protocol entities is called
a packet sniffer. As the name suggests, a packet sniffer captures (sniffs) messages being
sent/received from/by your computer; it will also typically store and/or display the contents of the
various protocol fields in these captured messages. A packet sniffer itself is passive. It observes
messages being sent and received by applications and protocols running on your computer, but
never sends packets itself. Similarly, received packets are never explicitly addressed to the packet
sniffer. Instead, a packet sniffer receives a copy of packets that are sent/received from/by
application and protocols executing on your machine.
Figure 1 shows the structure of a packet sniffer. At the right of Figure 1 are the protocols (in this
case, Internet protocols) and applications (such as a web browser or ftp client) that normally run on
your computer. The packet sniffer, shown within the dashed rectangle in Figure 1 is an addition to
the usual software in your computer, and consists of two parts. The packet capture library receives
a copy of every link-layer frame that is sent from or received by your computer. Recall from the
discussion from section 1.5 in the text (Figure 1.202) that messages exchanged by higher layer
protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all are eventually encapsulated in link-layer
frames that are transmitted over physical media such as an Ethernet cable. In Figure 1, the assumed
physical media is an Ethernet, and so all upper layer protocols are eventually encapsulated within
an Ethernet frame. Capturing all link-layer frames thus gives you all messages sent/received
from/by all protocols and applications executing in your computer.













The second component of a packet sniffer is the packet analyzer, which displays the contents of all
fields within a protocol message. In order to do so, the packet analyzer must understand the
structure of all messages exchanged by protocols. For example, suppose we are interested in
displaying the various fields in messages exchanged by the HTTP protocol in Figure 1. The packet
analyzer understands the format of Ethernet frames, and so can identify the IP datagram within an
Page 17 of 21

Ethernet frame. It also understands the IP datagram format, so that it can extract the TCP segment
within the IP datagram.
Finally, it understands the TCP segment structure, so it can extract the HTTP message contained in
the TCP segment. Finally, it understands the HTTP protocol and so, for example, knows that the
first bytes of an HTTP message will contain the string GET, POST, or HEAD
Running Wireshark
When you run the Wireshark program, the Wireshark graphical user interface shown in Figure 2
will be displayed. Initially, no data will be displayed in the various windows.


The Wireshark interface has five major components:
The command menus are standard pulldown menus located at the top of the window. Of
interest to us now are the File and Capture menus. The File menu allows you to save
captured packet data or open a file containing previously captured packet data, and exit the
Wireshark application. The Capture menu allows you to begin packet capture.
The packet-listing window displays a one-line summary for each packet captured,
including the packet number (assigned by Wireshark; this is not a packet number contained
in any protocols header), the time at which the packet was captured, the packets source
and destination addresses, the protocol type, and protocol-specific information contained in
the packet. The packet listing can be sorted according to any of these categories by clicking
Page 18 of 21

on a column name. The protocol type field lists the highest level protocol that sent or
received this packet, i.e., the protocol that is the source or ultimate sink for this packet.
The packet-header details window provides details about the packet selected (highlighted)
in the packet listing window. (To select a packet in the packet listing window, place the
cursor over the packets one-line summary in the packet listing window and click with the
left mouse button.). These details include information about the Ethernet frame (assuming
the packet was sent/received over an Ethernet interface) and IP datagram that contains this
packet. The amount of Ethernet and IP-layer detail displayed can be expanded or
minimized by clicking on the plus-or-minus boxes to the left of the Ethernet frame or IP
datagram line in the packet details window. If the packet has been carried over TCP or
UDP, TCP or UDP details will also be displayed, which can similarly be expanded or
minimized. Finally, details about the highest level protocol that sent or received this packet
are also provided.
The packet-contents window displays the entire contents of the captured frame, in both
ASCII and hexadecimal format.
Towards the top of the Wireshark graphical user interface, is the packet display filter field,
into which a protocol name or other information can be entered in order to filter the
information displayed in the packet-listing window (and hence the packet-header and
packet-contents windows). In the example below, well use the packet-display filter field to
have Wireshark hide (not display) packets except those that correspond to HTTP messages.
Taking Wireshark for a Test Run
1. Start up your favorite web browser, which will display your selected homepage.
2. Start up the Wireshark software. You will initially see a window similar to that shown in
Figure 2, except that no packet data will be displayed in the packetlisting, packet-header, or
packet-contents window, since Wireshark has not yet begun capturing packets.
3. To begin packet capture, select the Capture pull down menu and select Options. This will cause
the Wireshark: Capture Options window to be displayed, as shown in Figure 3.

Page 19 of 21


















4. You can use most of the default values in this window, but uncheck Hide capture info dialog
under Display Options. The network interfaces (i.e., the physical connections) that your
computer has to the network will be shown in the Interface pull down menu at the top of the
Capture Options window. In case your computer has more than one active network interface
(e.g., if you have both a wireless and a wired Ethernet connection), you will need to select an
interface that is being used to send and receive packets (mostly likely the wired interface).
After selecting the network interface (or using the default interface chosen by Wireshark), click
Start. Packet capture will now begin - all packets being sent/received from/by your computer
are now being captured by Wireshark!
5. Once you begin packet capture, a packet capture summary window will appear, as shown in
Figure 4. This window summarizes the number of packets of various types that are being
captured, and (importantly!) contains the Stop button that will allow you to stop packet capture.
Dont stop packet capture yet.


Page 20 of 21














6. While Wireshark is running, enter the URL:
http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html
And have that page displayed in your browser. In order to display this page, your browser will
contact the HTTP server at gaia.cs.umass.edu and exchange HTTP messages with the server in
order to download this page. The Ethernet frames containing these HTTP messages will be
captured by Wireshark.
7. After your browser has displayed the INTRO-wireshark-file1.html page, stop Wireshark packet
capture by selecting stop in the Wireshark capture window.
This will cause the Wireshark capture window to disappear and the main Wireshark window to
display all packets captured since you began packet capture.
The main Wireshark window should now look similar to Figure 2. You now have live packet
data that contains all protocol messages exchanged between your computer and other network
entities! The HTTP message exchanges with the gaia.cs.umass.edu web server should appear
somewhere in the listing of packets captured. But there will be many other types of packets
displayed as well (see, e.g., the many different protocol types shown in the Protocol column in
Figure 2).
8. Type in http (without the quotes, and in lower case all protocol names are in lower case in
Wireshark) into the display filter specification window at the top of the main Wireshark
window. Then select Apply (to the right of where you entered http). This will cause only
HTTP message to be displayed in the packet-listing window.
Page 21 of 21

9. Select the first http message shown in the packet-listing window. This should be the HTTP
GET message that was sent from your computer to the gaia.cs.umass.edu HTTP server. When
you select the HTTP GET message, the Ethernet frame, IP datagram, TCP segment, and HTTP
message header information will be displayed in the packet-header window3. By clicking plus
and- minus boxes to the left side of the packet details window, minimize the amount of Frame,
Ethernet, Internet Protocol, and Transmission Control Protocol information displayed.
Maximize the amount information displayed about the HTTP protocol. Your Wireshark display
should now look roughly as shown in Figure 5. (Note, in particular, the minimized amount of
protocol information for all protocols except HTTP, and the maximized amount of protocol
information for HTTP in the packet-header window).

















10. Exit Wireshark

*******************************************
*** Solve associated parts in the problem sheet ***
*******************************************