Assignment
The purpose of this lab is to learn about a widely-used network protocol analyzer protocol that lets you see what's happening on your network at the microscopic level. It is the de facto standard across many commercial and non-profits enterprises, government agencies and educational institutions.
Note: It is important in this lab to not only discuss the processes and results but also show them. Make sure to take screenshots, embed them, and discuss them in your document and label them (e,g,, Lab1-Image1)
Deliverable: In the dropbox folder under lab1, turn in your answer via a PDF document with your lastname and page number at the bottom-right of each page. Use your bowie state domain name-Lab1.
1. create a new group of data by generating and capturing about two minutes of traffic over the Web and via the command line interface.
2. Wireshark provides several methods for analyzing a group of data. To begin, click Statistics in the main menu and then click Summary. The Wireshark Summary window appears.
3. How many packets did you capture? What was their average size?
4. Close the Wireshark: Summary window.
5. Click Statistics in the main menu and then click Protocol Hierarchy. The Wireshark: Protocol Hierarchy Statistics window appears, revealing, for example, the percentage of your traffic that used Ethernet frames, the percentage that used IP and TCP, and so on.
a. Did any of your traffic use a type of frame that was not Ethernet?
b. What percentage of your traffic relied on IP?
c. How many of your packets, if any, used IPv6?
6. Close the Wireshark: Protocol Hierarchy Statistics window.
7. Click Statistics on the main menu and then click Endpoints. The Endpoints window appears, with the Ethernet tab selected by default. Wireshark defines endpoints as a logical end of any transmission, such as a node, and identifies each endpoint with an IP address or MAC address.
8. In the Ethernet tab, nodes are listed in order of the highest volume of traffic generated and received, cumulatively. What node sits at the top of this list, and what kind of equipment does it represent?
9. Click the IPv4 tab. A list of endpoints appears. As with the endpoints listed in the Ethernet tab, the one responsible for the greatest number of bytes transmitted and received (cumulatively), is listed first. Which IP address is at the top of this list? To what node does it belong?
10. Click the IPv6 tab. How many transmissions and protocols were using this protocol?
11. Close the Endpoints window.
12. When network engineers are diagnosing a problem with a particular connection, it often helps to filter out unrelated traffic and follow the data through the troubled connection. There are several ways to do this in Wireshark. As an example, right-click on a line that represents a frame carrying HTTP data, then choose Follow TCP Stream.
13. The Follow TCP Stream window appears, displaying frames belonging to each endpoint highlighted with different colors. Meanwhile, the main capture display has changed to include only traffic involved in the same data exchange. From what you can tell, what happened during this exchange?
14. Click Close to leave the Follow TCP Stream window.
15. Continue exploring the features of Wireshark if you like or click File on the main menu and then click Quit to close the program.
16. You will be asked whether you want to save your capture file before quitting. Click Quit without Saving.