NET0183 Networks and Communications
Laboratory 4 experimenting with Wireshark
Part A (basic details)
In order to help study frame contents and packet delivery during packet sniffing, record the following
details below and have them checked by the laboratory supervisor.
IP address of your computer
MAC address of your computer
speed of your computer´s wireless NIC
speed of the wireless router
Part B (complexities of wireless packet sniffing)
Read the section on Wireshark documentation called http://wiki.wireshark.org/CaptureSetup/WLAN.
Listen to the teacher´s explanation of the framing conventions used by wired and wireless Ethernet.
Part C (frame header)
Perform a wireless packet trace using Wireshark. Describe what you are capturing in the frame header
(e.g. wireless Ethernet frame header, fake wired Ethernet frame header,... ) and have this checked by
the laboratory supervisior.
description of frame header
Part D (packet truncation)
In performing an experiment, information beyond the TCP header is usually not captured to respect
users´ privacy and to prevent hostile use of confidential data. Normally, an IPv4 header is 20 bytes and a
TCP header is 20 bytes. (A UDP header is 8 bytes.) Determine what level of truncation to apply to a
packet in Wireshark capture options which ensures you capture both IPv4 and TCP headers. See 4.5.
The "Capture Options" dialog box in Wireshark documentation. Have this value checked by the
laboratory supervisor.
level of truncation (bytes)
1
NET0183 Networks and Communications
Part E (basic statistics)
In Statistics-Summary, Wireshark provides various traffic summaries including the observed Avg.
Mbit/sec . Go to the part of the Wireshark website which lists videos or go to any favourite news site
which has videos. Capture a new trace while watching one of the videos in your web browser. (It is
assumed the video is not cached in your browser.) Stop the trace as soon as the video finishes. Make a
note of the observed Avg. Mbit/sec. and have it checked by the laboratory supervisor.
observed Avg. Mbit/sec
The laboratory supervisor will discuss with students the reasons for the range of rates observed.
Part F (bursty traffic)
Using Statistics – IO Graphs in Wireshark, generate a plot of packet numbers against time. Use a tick
interval of 0.1 second. Have your graph checked by the laboratory supervisor.
Part G (display filters)
Verify that the display filter ip.flags.df == 1 and ip.flags.mf ==1 (or ip.flags.df == 0x01 and ip.flags.mf
==0x01) results in no packets being selected. (IPv4 packets should not have the don´t fragment bit and
the more fragment bit set at the same time.) Have your display checked by the laboratory supervisor.
IMPORTANT: A list of filter field names for IP can be found at Display Filter Reference: Internet Protocol .
Part H (exporting data in CSV format)
In Wireshark, columns can be added to the display and the data exported in CSV format for data analysis
and processing in Excel. In Wireshark, use Edit > Preferences > Columns > Add to add columns. Select
Custom as the Field type and in Field name enter a relevant filter field name for IP such as ip.len. Add a
second column, but this time simply select the built-in name Packet length (bytes). What is the
difference between the two? Write your answer below and have your answer checked by the laboratory
supervisor.
difference between ip.len and Packet length (bytes)
In Wireshark, use File>Export to save the data with your two extra columns into a CSV format file. Load
the file into Excel and demonstrate that you have successfully done so to the laboratory supervisor.
2