Lab Exercise & Hands on

Network Protocol Analyzer Toolkit :

Wireshark
Pervasive Computing Research Group Faculty of Computer Science & Information System Universiti Teknologi Malaysia

Getting Wireshark
Running on Windows & Linux Platform
Wireshark is newly version of Ethereal Install Wireshark in your PC / Notebook Running it with start a new live capture button

(1) Hands on : Generated traffic

Check your IP Address (depend your OS: ipconfig / ifconfig), do dhcp setting Type ping www.utm.my / etc
Added command type with ping /help

Running and capture your Wireshark Press Stop Button and do Analyze it
the payload features of data Describe it

Save with name ping (save as type :wireshark / tcpdump)

(2) Hands on : Generated traffic

Browsing with your favorite web site
Open your browser, type the URL and faced it

Running and capture your Wireshark Press Stop Button and do Analyze it
the payload features of data IP Header : IP source, destination, Flags, Header length, TTL TCP / UDP Header : Port source, destination, Seq_number, ACK_number, Win, Length, etc ICMP Header : Type, Checksum, etc

Save with name browsing (save as type :wireshark / tcpdump)

(3) Hands on : Generated traffic

Transfer your files with other PC or upload /download it to Internet Running and capture your Wireshark Press Stop Button and do Analyze it
the payload features of data IP Header : IP source, destination, Flags, Header length, TTL TCP / UDP Header : Port source, destination, Seq_number, ACK_number, Win, Length, etc ICMP Header : Type, Checksum, etc

Save with name transfer (save as type : wireshark / tcpdump)

Analyzed
Display Filter | Analyze | Display filter : to filtering our expression
Go to| Analyze | Display filter, i.e : choose HTTP, then click Apply

Shown a detailed packet

Choose what we want, and go to | Analyze | follow TCP / UDP stream Some crucial information showed

Statistic
Features from wireshark to shown statistic count all activities

Tips working with Wireshark

Cannot analyzed if pcap file exceed 300 MB Reliability / stability process depend specification machines Used tshark command
Windows OS : in cmd go to c:\Program Files\wireshark Type tshark r nameyourfile.pcap
More command, type tshark -h

(3) Hands on : Exercise

Open your favorite web 2.0 Application / streaming / IM
Analyzed it and see what is unique in every single packet Compare it with hands on (1) (2)

(4) Hands on : Exercise

Mapping your network
Type ping to every computer in your broadcast do analyze and mapping all PC in your network Draw topology with IP Address, MAC Address, named of computer for each PC. Summarize
The total IP Address The total traffic / packet data The total of Protocol: TCP/ UDP/ ICMP/ others

(4) Hands on : Exercise

Home work
Three Way handshake process in every hand on Lab (including IP, TCP, UDP, ICMP features header) Draw it with your explanation process handshake based on IP Address, port address and sequences / ACK process Compare it with your hands on (1) (3)

Deris Stiawan. Holds an M.Eng from University of Gadjah Mada, Indonesia,

since 2006, he is Computer Science faculty member at University of Sriwijaya, Indonesia. He is member of IEEE and currently pursuing his Ph.D degree at Faculty of Computer Science & Information System, Universiti Teknologi Malaysia (UTM) working in intrusion prevention system. He joined research group Information Assurance and Security Research Group (IASRG) in the area of Intrusion Prevention and Detection (ITD) at UTM. His professional profile has derived to the field of computer network and network security, specially focused on intrusion prevention and network infrastructure. http://webs.fsksm.utm.my/blog/pcrg/derissetiawan/