In this lab you will use the Wireshark packet analyzer to capture and display the control information and data stored in packets transmitted over a network. Wireshark collects network traffic data and creates files that display packet header information in a layered format like that used by the Internet model. These layers can be expanded to view details that may prove helpful in determining the source of problems that your network might be experiencing. Creating filters that hide unwanted data and facilitate data analysis will also be discussed in this lab.
To begin click the Start button on the Windows Task Bar. Click the All Programs option in the System menu to show all menu choices (Figure 1). Click the Wireshark choice to start the application. Note: If you do not see the Wireshark choices in the menu then you will need to install Wireshark on your computer. Consult Appendix E for detailed instructions on how to download, install, and configure Wireshark.
Figure 1: The All Programs menu showing the Wireshark choices
Figure 2: The Wireshark splash screen After launching Wireshark, the Wireshark splash screen (Figure 2) appears while the application is loading program components into computer memory. After all components are loaded the splash screen disappears and the Wireshark application window appears (Figure 3). The Wireshark application window includes a menu bar, the main toolbar, and a filter toolbar. In Figure 3 the Capture menu has been expanded to show its menu choices. The Interfaces choice lets you assign a network adapter for capturing packet data transmitted over the network. Clicking the Stop choice terminates a capture session. The Capture Filters choice provides an interface for specifying conditions that hide unwanted information in the capture display. Notice that shortcuts for the Interfaces, Start, and Stop options are available on the main toolbar directly beneath the menu bar. The Filter toolbar provides an option for creating filters by typing them directly into the Filter text box. The Expression button provides a list of pre-defined expressions and operators that can be used to minimize the amount of typing needed to create a display filter.
Figure 3: The Wireshark application window with the Capture menu displayed
Figure 4: The Wireshark Capture Interfaces dialog box
Capture Session Basics
When you start a Wireshark capture session all packets transmitted over the network to your computer are collected, stored in a temporary file, and then displayed in the main Wireshark application window. To start the capture process you first identify which network interface on your computer will be used for collecting packet data. When you are satisfied that your computer has collected the desired information, you then terminate the capture session by clicking the Stop button. If the data file created is too complex, you can create a filter to hide unwanted packets from view. The filtered packet information can then be used to analyze network-related problems or to gain insight into the protocols used during a message transfer. Starting a Capture Session This section outlines the steps required to run a capture session. Begin by clicking on the Interfaces option in the Capture menu (Figure 3). The Wireshark Capture Interfaces dialog box appears (Figure 4). Select a network interface that can be used for data collection purposes from those listed in the Description column. Such an interface will have an IP address corresponding to the network segment where the traffic you are interested in originates. Click th...