Experiment No.

2
FRAME CAPTURING AND ANALYZING USING WIRESHARK
1. Objective(s):
The activity aims to introduce and familiarize students to the packet sniffing Wireshark software
and look on the Encapsulation process
2. Intended Learning Outcomes (ILOs):
The students shall be able to:
2.1 learn the general information of packet sniffing software called WireShark.
2.2 be familiar with the interface and features of WireShark
2.3 capture packets using WireShark
2.4 observe the encapsulation process
3. Discussion:
In this experiment, we use a packet-sniffer called Wireshark. Wireshark (formerly known as
ETHEREAL) is a free packet sniffer/analyzer which is available for both UNIX-like (Unix, Linux, Mac OS
X, BSD, and Solaris) and Windows operating systems. It captures packets from a network interface and
displays them with detailed protocol information. Wireshark, however, is a passive analyzer. It only
captures packets without manipulate them; it neither sends packets to the network nor does other active
operations. Wireshark is not an intrusion-detection tool either. It does not give warning about any
network intrusion. It, nevertheless, can help network administrators to figure out what is going on inside
a network and to troubleshoot network problems. In addition of being an indispensable tool for network
administrators, Wireshark is a valuable tool for protocol developers, who may use it to debug protocol
implementations. It is also a great educational tool for computer-network students who can use it to see
details of protocol operations in real time.
One usage of Wireshark is to analyze packets using the upper 4 layers of the TCP/IP protocol suite.
Encapsulation-decapsulation can be shown by this packet-sniffer. Wireshark works both as a packet-
capturer and a packet-analyzer. The packet capturer seizes a copy of all outgoing and incoming frames
(at the data-link layer) and passes them to the packet-analyzer. The packet-analyzer can then extract
different headers and the ultimate message for analysis. Figure 1.1 shows the role of frame capturing
and packet analyzing in a packet-sniffer.

Figure 1.1 frame capturing and packet analyzing in a packet-sniffer

1
4. Resources:
Wireshark software; Windows OS PC (with Admin access); SOHO router or an internet connection
5. Procedure:
1. Downloading and Installing.
To download the Wireshark software, connect to the Internet using the website:
http://www.wireshark.org/download.html
After the downloading is complete, install the software on your computer.

2. Open the Wireshark program and observe the window and its sections. The Wireshark window is
made of seven sections: title bar, menu bar, filter bar, packet list pane, packet detail pane, packet
byte pane, and status bar. After taking time to examine the sections, briefly discuss the
functionality of each section on 6.1. (Do not go to step 3 without answering section 6.1).

3. Begin capturing packets by selecting the Capture from the pull down menu and click Options to
open the Wireshark capture options dialog box. You normally will use the default values in the
capture options dialog box, but there are some options that you may need to override the default.
In particular, you may want to uncheck “Hide capture info dialog.”

4. The network interfaces are shown in the Interface drop-down list at the top of the dialog box. Select
the network interface (or use the default interface chosen by Wireshark). If the IP address in the
dialog box is unknown, you must select a different interface; otherwise, the Wireshark will not
capture any packet. Select the LAN Card of your computer. After the above two steps, click Start.
Wireshark starts to capture packets that are exchanged between your computer and the network.
If, after a minute, Wireshark does not capture any packet, there must be a problem; check for
possible reason and troubleshooting. Write your observations on 6.2. (Do not go to step 3
without writing your observations on section 6.1).

5. Whenever you feel you have captured all the packets (frames) that you need to do your lab report,
you can stop capturing. To do so, you need to use the Capture pulldown menu and click Stop.
Wireshark stops capturing the frames. After you have stopped capturing, you may want to save the
captured file for future use.

6. If the LAN doesn’t have internet connection, assign static IP address on the computer. (Refer to
board instructions). In this lab, we retrieve a web page and then, using Wireshark, capture packets.
Start up your web browser and clear the browser's cache memory but do not access any site yet.

7. To refresh Wireshark, close it and open the Wireshark and start capturing. Open your
browser in such a way that Wireshark window can still be seen. Use the filter box to capture
only frames that the source or the sink protocol is HTTP. Note that you need to type http in
lowercase in the filter box and click Apply.

8. Now, go back to your browser, access any website if there is internet connection or if there is none
the router’s setup page can be accessed instead by typing http://192.168.10.1. Stop capturing and
save the captured file. Answer 6.3.

2
Course: BS Electronics Engineering Experiment No.: 2
Name: Garcia, Ave Jianne D. Section:
Group Members: Date Performed: January 18, 2018
Date Submitted: January 18, 2018
Instructor: Engr. Ronn Concepcion II

6. Data and Results:

6.1. WireShark seven sections:

a. title bar
Shows the title of the window, the the closing, max-imizing, and minimizing
icons.

b. menu bar
Gives the function for file, edit, view, go, capture, analyze, statistics, telephony,
wireless, and tools bars.
c. filter bar Allows us to display packet we are interested in while hiding the rest. In using
these we can start capturing frames, Wireshark captures and analyze any
outgoing and incoming frames.
d. packet list pane
Displays all the packets in the current capture file.

e. packet detail pane

Shows the current packet (selected in the “Packet List” pane) in a more detailed
form.
f. packet byte pane
Shows the data of the current packet (selected in the “Packet List” pane) in a
hex dump style
g. status bar
Displays informational messages. The left side will show context related
information, the middle part will show information about the current capture file,
and the right side will show the selected configuration profile.
6.2. WireShark capture observations:
3
6.3. Using the first frame with the source protocol HTTP, answer the following question

6.3.1. How do you know if the frame is incoming or outgoing?

Is the frame an outgoing or an incoming frame?
Ans: Incoming

6.3.2. What is the source IP address of the network-layer header in the frame?
Ans: 77.234.45.60

6.3.3. What is the destination IP address of the network-layer header in the frame?
Ans: 192.168.43.158

6.3.4. What is the total number of bytes in the whole frame?

Ans: 356 + 234 = 590 bytes

6.3.5. What is the number of bytes in the Ethernet (data-link layer) header?
Ans: 0

6.3.6. What is the number of bytes in the IP header?

Ans: None

6.3.7. What is the number of bytes in the TCP header?

Ans: 66 bytes

6.3.8. What is the total byte in the message (at the application layer)?
Ans: 1402 bytes

6. Conclusion:

Based on the observation, the experiment was all about using the packet-sniffer called Wireshark.
Obviously, it was a great help in troubleshooting network problems, examining security problems, and
to debug protocol implementations. When using this software, one must have complete knowledge in
each parts and functions to properly and easily perform it. I was able to capture packets using
Wireshark and distinguish the exact number of bytes of designated sources and addresses. I therefore
conclude that it is one of the easiest way that provide complete information especially when undergoing
problems such as slow network connections, network traffic analysis, and debugging web.

4
 8.Assessment:
BEGINNER ACCEPTABLE PROFICIENT
CRITERIA SCORE
1 2 3
I. Laboratory Skills
Members do not Members occasionally
Manipulative Members always
demonstrate needed demonstrate needed
Skills demonstrate needed skills.
skills. skills
Members are unable Members are able to Members are able to set-up
Experimental
to set-up the set-up the materials the material with minimum
Set-up
materials. with supervision. supervision.
Members do not Members occasionally Members always
Process Skills demonstrate targeted demonstrate targeted demonstrate targeted
process skills. process skills. process skills.
Members do not Members follow safety
Safety Members follow safety
follow safety precautions most of
Precautions precautions at all times.
precautions. the time.
II. Work Habits
Time
Members do not finish Members finish on Members finish ahead of
Management /
on time with time with incomplete time with complete data
Conduct of
incomplete data. data. and time to revise data.
Experiment
Members have
Members do not know
defined Members are on tasks and
their tasks and have
responsibilities most have defined
no defined
Cooperative and of the time. Group responsibilities at all times.
responsibilities.
Teamwork conflicts are Group conflicts are
Group conflicts have
cooperatively cooperatively managed at
to be settled by the
managed most of the all times.
teacher.
time.
Clean and orderly
Clean and orderly
Messy workplace workplace with
Neatness and workplace at all times
during and after the occasional mess
Orderliness during and after the
experiment. during and after the
experiment.
experiment.
Members require
Ability to do Members require
occasional Members do not need to be
independent supervision by the
supervision by the supervised by the teacher.
work teacher.
teacher.
Other Comments/Observations: Total Score