LAB 12
Introduction
In this lab you will use the Wireshark packet analyzer to capture and display the control information and data stored in packets transmitted over a network. Wireshark collects network traffic data and creates files that display packet header information in a layered format like that used by the Internet model. These layers can be expanded to view details that may prove helpful in determining the source of problems that your network might be experiencing. Creating filters that hide unwanted data and facilitate data analysis will also be discussed in this lab.

Starting Wireshark
To begin click the Start button on the Windows Task Bar. Click the All Programs option in the System menu to show all menu choices (Figure 1). Click the Wireshark choice to start the application. Note: If you do not see the Wireshark choices in the menu then you will need to install Wireshark on your computer. Consult Appendix E for detailed instructions on how to download, install, and configure Wireshark.

Figure 1: The All Programs menu showing the Wireshark choices

Figure 2: The Wireshark splash screen After launching Wireshark, the Wireshark splash screen (Figure 2) appears while the application is loading program components into computer memory. After all components are loaded the splash screen disappears and the Wireshark application window appears (Figure 3). The Wireshark application window includes a menu bar, the main toolbar, and a filter toolbar. In Figure 3 the Capture menu has been expanded to show its menu choices. The Interfaces choice lets you assign a network adapter for capturing packet data transmitted over the network. Clicking the Stop choice terminates a capture session. The Capture Filters choice provides an interface for specifying conditions that hide unwanted information in the capture display. Notice that shortcuts for the Interfaces, Start, and Stop options are available on the main toolbar directly beneath the menu bar. The Filter toolbar provides an option for creating filters by typing them directly into the Filter text box. The Expression button provides a list of pre-defined expressions and operators that can be used to minimize the amount of typing needed to create a display filter.

Figure 3: The Wireshark application window with the Capture menu displayed

Figure 4: The Wireshark Capture Interfaces dialog box

Capture Session Basics
When you start a Wireshark capture session all packets transmitted over the network to your computer are collected, stored in a temporary file, and then displayed in the main Wireshark application window. To start the capture process you first identify which network interface on your computer will be used for collecting packet data. When you are satisfied that your computer has collected the desired information, you then terminate the capture session by clicking the Stop button. If the data file created is too complex, you can create a filter to hide unwanted packets from view. The filtered packet information can then be used to analyze network-related problems or to gain insight into the protocols used during a message transfer. Starting a Capture Session This section outlines the steps required to run a capture session. Begin by clicking on the Interfaces option in the Capture menu (Figure 3). The Wireshark Capture Interfaces dialog box appears (Figure 4). Select a network interface that can be used for data collection purposes from those listed in the Description column. Such an interface will have an IP address corresponding to the network segment where the traffic you are interested in originates. Click th...

1 10 11 12 13 14 15 16 17 172.16.216.60 2 3 4 5 6 7 8 80 9 abbrevi access acronym ad adapt addit address administr allow alphabet also altern amount analysi analyz answer appear append appendix appli applic approach arrang arrow ascend assign associ assum automat avail bar base basi basic begin beneath besid block bottom box brows browser build builder built built-in button byte captur caus center chang charact character-bas choic chosen circl claus clear click clientipaddress close collect color column combin command common communic comparison comparisonoper complet complex compon compound comprehens comput condit configur consult consum contain continu control conveni copi correct correspond could count creat criteria cut data data-link defin depend descend describ descript design desir destin detail determin dialog differ direct disappear discuss display display-filt divid dns done download drop drop-down e earlier effort eight either enter entri eq equal error exampl except exercis exist expand experienc express extran facilit featur field figur file filter finish first flag focus follow form format fortun full function gain ge general given go good googl greater green hand head header help hexadecim hidden hide highlight homepag host http ibm identifi immedi includ indic inform insight instal instruct interest interfac internet introduct involv ip ip.addr ip.dst ip.src ipconfig issu key key-valu keyword know knowledg lab launch layer le least left length less let like line line-by-lin link list live load locat logic mac main make mani manual mark may meet memori menu menus messag method might minim minut model modifi mous much multipl name necessari need network network-rel new next note notic nslookup number observ obtain ok one open oper option order organ origin outlin packet page pane paramet physic point pop pop-up port possibl pre pre-defin press previous problem procedur process program protocol prove provid purpos queri question quit rang raw reappli reason recreat red reduc relat relationship relev remaind remov report repres represent request requir restor return review right right-click row run satisfi save scan screen scroll second section secur see segment seldom select send sens sent sequenc server serverhomepageurl session set short shortcut shot show shown sign simpl simpli singl site sort sourc specif specifi splash standard start statement status step stop store string subfield submit syntact system take task tcp tedious temporari termin text textbox thousand three thus time time-consum time-to-l titl togeth tool toolbar top total traffic transfer transmit transport troubleshoot twelv two type typic unfortun unless unwant upon url us use util valid valu variat version view want way web window wireshark without word work would www.ibm.com yet zero