Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Wireshark capture filter mac address range

03/11/2021 Client: muhammad11 Deadline: 2 Day

Faculty of Science & Technology

ITECH1003/ITECH5003 Networking Assignment

Wireshark Capture Filter assignment

This assignment requires students to:

· Become familiar with Wireshark capture filters.

· Document the qualifiers used in capture filters.

· Construct and use capture filters to capture specific network traffic.

· Include screen shots of captured network traffic and present them with associated discussion.

Part 1 – Wireshark and traffic capture basics

Describe what the term promiscuous mode means in relation to capturing network traffic with Wireshark and similar network traffic analysers.

[ 1 mark ]

The Capture > Options dialog allows the Name Resolution of Network Layer names. Describe what this means and describe how it could be used for capturing network traffic.

[ 1 mark ]

Describe the difference between a network switch and a network hub. Then explain how switched networks limit the network traffic that is visible to Wireshark in comparison to networks that used hubs. (Note – switches are the technology used in today’s computer networks)

[ 2 marks ]

In TCP/IP networking IP addresses are used to identify specific computers (or hosts) on the network, clients use ports numbers to specify a particular instance of a client program (for example a specific tab on a web browser) and servers normally use well known port numbers on which to listen for client requests. For instance ftp at the server uses ports 20 and 21.

From the web or any other source determine the well-known port numbers of the following server programs:

· ftp data

· ftp control

· http

· NTP

· ssh

Also find the well know port numbers for 6 other network protocols and describe the function that each protocol performs.

[ 2 marks ]

Part 2 : Capture filters

In this section of the assignment you are required to learn the syntax for creating Wireshark Capture Filters. Then document and use capture filters to capture specific network traffic.

Discussion of Berkeley Packet Filter (BPF) syntax

The following discussion gives a brief explanation of the BPF syntax to help you get started with constructing your own capture filters.

Wireshark capture filters use the Berkeley Packet Filter (BPF) syntax to specify particular traffic. This syntax is used by the libpcap (in Unix/Linux) and Winpcap (in Windows) libraries that are used by Wireshark to capture network traffic.

Note – WinDump is the Windows version of a Linux/Unix program called TCPDump and hence TCPDump documentation applies to capture filter syntax as used on Windows machines.

Syntax

The BPF syntax consists of one or more Primitives that specify a particular type of traffic to capture.

Some examples of simple primitives are shown below:

(i) host 192.168.12.22

(ii) host google.com

(iii) src host google.com

(iv) tcp port 80

Things to note about these primitives:

· Primitives start with one or more qualifiers (eg. host, src host, dst host etc.)

· Primitives end with an ID (eg. 192.168.12.22, google.com, 80 etc.)

Note – If you use named IDs like google.com then you need to enable name resolution in the capture filter dialog box when specifying capture filters.

In summary a capture filter consists of one or more primitives and those primitives consist of one or more qualifiers followed by an ID.

{ <------- primitive ------> } { operator } { <- primitive -> }

dst host 192.168.12.13 && tcp port 80

The references dst, host, tcp and port are called qualifiers.

The references 192.168.12.13 and 80 are called ID’s.

The boxed example above also shows the AND operator being used to join two primitives to make a capture filter expression. The AND operator is one of the three possible operators that are allowed in capture filters, the other two are OR and NOT.

Sources of documentation of the Berkeley Filter Syntax that you should refer to are:

Documentation that describes the BPF syntax can be found at https://www.winpcap.org/docs/docs_40_2/html/group__language.html

There are also good cheat sheets for TCPDump (Wireshark Capture Filters) and Wireshark Display filters at: http://packetlife.net/library/cheat-sheets/

The Wireshark Users Guide (Access from Help in Wireshark)

End of discussion of BPF syntax

Documenting BPF qualifier syntax

There are three types of BPF qualifiers:

· Type (3)

· Dir (2)

· Proto (8)

The Type qualifier has three possible options: host, net and port. The other two qualifier types also have associated options, there are 4 options associated with Dir qualifier type and 8 options associated with Proto qualifier type (please disregard the fddi, decnet options as they are seldom used in today’s networks).

You are required to describe what each qualifier means and list a total of 10 capture filter examples that incorporate at least 1 qualifier and one ID, and explain how each capture filter works.

[ 3 marks ]

Documenting the 3 logical operators for combining primitives

The boxed example above show the logical AND operator ( && ) being used to combine two primitives. There are two other such logical operators.

Document all three logical operators and give one example of how each could be used in a capture filter.

[ 1 mark ]

Implementing BPF capture filters

In this section of the assignment you are required to create a range of capture filters, implement those capture filters in Wireshark and take a screenshot of associated captured traffic.

Your screen captures must include the Time, Source, Destination and Protocol fields of the Wireshark display along with at least two packets (the graphic below shows three, packets 7,8 & 9).

Because the Time field is displayed to such a fine resolution your screenshot capture will be unique from all other students doing this assignment. This will therefore act as an automatic plagiarism detector.

After creating an appropriate capture filter you may need to generate appropriate traffic for Wireshark to capture. For instance, if you create a Capture Filter to capture ftp traffic you will need to run an ftp client to effect the traffic capture. Likewise, when capturing web traffic you could use a browser to generate appropriate traffic. To capture ICMP traffic you might use the ping command because it uses the ICMP protocol to query other hosts.

Example capture filter:

Filter requirements

Capture all traffic between your computer (that is running Wireshark) and the Google search engine in response to the query “caviar” being entered.

Procedure:

Open a browser to www.google.com

From the Wireshark interface select:

Capture > Options >

Select the desired interface (or select all interfaces)

Enter host google.com in the capture filter entry area

Select the display option Resolve network layer names

Start the capture

Then enter the word caviar into the google query field of the browser

Wireshark will captures the require traffic.

Note – Make sure you have selected the correct network interface, or select all interfaces if you are unsure.

Capturing traffic from/to another machine (2 marks)

In network analysis you will frequently need to capture all traffic or specific traffic between your machine that is running Wireshark and another specified machine.

For this exercise you should generate traffic between the machines with the ping command.

Create capture filters that will:

1. Capture all traffic between your machine (the one running Wireshark) and another machine. Use the IP address of the other machine to identify it in the filter.

2. Capture all traffic between your machine (the one running Wireshark) and another machine. Use the MAC address of the other machine to identify it.

3. Capture all traffic from the other machine. Use either the IP or MAC address of the remote machine to identify it.

4. Capture only ICMP traffic between the two machines

Your discussion for this section should:

· include two screenshots

· list all capture filters you used

· describe how each capture filter works.

Excluding particular network traffic (2 marks)

Create a set of capture filters that will:

· Capture broadcast traffic only

· Exclude broadcast traffic

· Capture all traffic from a range of network addresses but exclude broadcast traffic

Briefly discuss how each capture filter works.

Using port numbers in capture filters (1 mark)

Create capture filters that will capture the following types of network traffic:

1. DNS traffic

2. DNS traffic being sent from your machine

3. DHCP traffic in either direction

Briefly discuss how each capture filter works.

Challenge exercise (zero marks)

The BPF syntax can detect specific content at specific offsets from the start of network packets.

An example of such syntax would be tcp[13] & 4 == 4

This particular capture filter can detect TCP packets that have the RST flag set.

Describe this syntax so that a layman could understand how such filters work.

Marking Criteria

This assignment is worth 15% of ITECH1003 assessment.

The assignment must be submitted before the due date/time to ensure assessment penalties as stipulated in the course description are not applied.

The marks for each section are shown against each requirement above.

Students are required to demonstrate their understanding of each part of the assignment clearly and concisely and if specified include associated Wireshark screenshots and clear discussion to demonstrate you have fully understood the topic.

Students should realise that any screenshot taken by them will be unique by virtue of Wireshark’s precise time display, hence if identical screenshots appear in two separate assignments then it will be immediately identified as plagiarism. Therefore, all students need to interact with Wireshark to capture their own traffic and ensure that no other student has access to their screenshot files.

All screen captures that you use in the assignment report must include the Time, Source, Destination and Protocol fields of the Wireshark display along with at least two network packets as outlined on page 3 of this assignment specification.

Please acknowledge by way of referencing, if you have used information from books, papers, websites and other published and unpublished materials.

Students should submit their completed report as a single word or pdf document to Moodle by the due date as specified on your ITECH1003 course description.

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Instant Assignment Writer
Solutions Store
Engineering Guru
Accounting & Finance Master
Ideas & Innovations
Academic Master
Writer Writer Name Offer Chat
Instant Assignment Writer

ONLINE

Instant Assignment Writer

I am an academic and research writer with having an MBA degree in business and finance. I have written many business reports on several topics and am well aware of all academic referencing styles.

$41 Chat With Writer
Solutions Store

ONLINE

Solutions Store

I have read your project details and I can provide you QUALITY WORK within your given timeline and budget.

$41 Chat With Writer
Engineering Guru

ONLINE

Engineering Guru

As per my knowledge I can assist you in writing a perfect Planning, Marketing Research, Business Pitches, Business Proposals, Business Feasibility Reports and Content within your given deadline and budget.

$22 Chat With Writer
Accounting & Finance Master

ONLINE

Accounting & Finance Master

I have worked on wide variety of research papers including; Analytical research paper, Argumentative research paper, Interpretative research, experimental research etc.

$22 Chat With Writer
Ideas & Innovations

ONLINE

Ideas & Innovations

I reckon that I can perfectly carry this project for you! I am a research writer and have been writing academic papers, business reports, plans, literature review, reports and others for the past 1 decade.

$44 Chat With Writer
Academic Master

ONLINE

Academic Master

I reckon that I can perfectly carry this project for you! I am a research writer and have been writing academic papers, business reports, plans, literature review, reports and others for the past 1 decade.

$44 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Read Barrera & Kramer (2012) & Watch Cultural Humility (2012),Reflect by writing a response ~500-600 words - How did macbeth die - I need 800 words essay on the Book Born A Crime with the topic being race - Nissan case study milestone 2 - Bart starr commemorative celebration rawhide inc september 14 - Charlie echo delta alphabet - Comp xm exam board query answers - OB2 - Video from tik tok - Fresh fruit broken bodies chapter 1 summary - Knight company reports the following costs and expenses in may - Grounding and shielding wikipedia - 9/27 river road wollstonecraft - Actfl opi sample questions - Finance homework - Campagnolo eps v3 troubleshooting - Damage for ductile metals abaqus - Megtron 6 vs fr4 - Arrow shooting greek god - Trader joe's wool dryer balls price - First Draft of a Review Assignment - Project Management software - Homework for lab 5 force mass and acceleration answers - Rapid sand filter pdf - Nye social control theory greg doucette deadlift record - How to raise a credit note in myob accountright - Nihilism in crime and punishment - DiscussionB 2-1 and 2-2 - Surface management strategies - Speech for school captain - Discuss how science plays a crucial role in many courtrooms - Driving hazards list icbc - Mlc masterkey business super abn - Colder than here harriet monologue - The blue stones by isak dinesen pdf - Number of bones in giraffe neck - Find a grave yearly necrology - Paradox in macbeth act 1 scene 2 - Business law - Seismograph lab answer key - Produce visualizations and then tell the story of your visualizations - Benefits of integrity in the bible - Ex post facto experiment - 3 Full pages - Quality brick company produces bricks in two - Essay - San diego sheet metal inc - How to write an interview essay - Profit share agreement australia - Dissertation Week-1 - Mary kay products in india - The mean annual premium for automobile insurance - Wgu capstone business plan - Acc 202 final project presentation to investors - Saving the rainforest reading street - Security and data loss prevention - Hackham west children's centre - Discussion - Shear force in a beam experiment - Waves on a string lab answers - Www cfainstitute org toolkit your online preparation resource - How to create a cost benefit analysis in excel - 841 wynnewood rd philadelphia pa 19151 - The barbie and ken killers - Pqr and sqr form a linear pair - Amc clinical exam appeal - Cambridge ict starters initial steps pdf - Rob roy postcard albums - Specific heat capacity of copper sulfate - Daniels print shop purchased new printer - How would you summarize the quotation from robespierre - 4 day ppl split - Kingspan optim r price - Freshwater creek steiner school - Diverging lens ray diagram - We said feminist fairy tales not fractured fairy tales - Lección 5 grammar quiz - Jamie eason live fit - Canned pumpkin puree coles - Burwood council clean up day - Ramesh ramanathan net worth - Go kart race track design - Opposite each general audit procedure write the management assertions - Lion rock pty ltd strathfield au - Santa monica college dental hygiene - Canning bridge early learning centre - Asr 9922 fan v2 - Current event analysis - Complicated variable decelerations definition - Shell hsse golden rules - 16mm bolt torque nm - The rainbow chapter summary - Wgu c229 task 1 version 5 - Liquid tea bar san bernardino - Cloud Computing Assignment: PaaS, IaaS, and Identity as a Service - Gyprock wall sheet sizes - Shell tellus s2 vx 46 msds - Rvc accelerated vet med - Hnc electrical engineering graded unit - Week 5