Add to collection(s) Add to saved
  1. No category
Uploaded by dkm7794

packet-sniffing-1

advertisement 
lOMoARcPSD|13772325
Packet Sniffing-1
Computer and Communication Systems (University of Greenwich)
StuDocu is not sponsored or endorsed by any college or university
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
Packet Sniffing
This laboratory is to be completed on your home machine.
Instructions
Work in groups of four. Create a document entitled Packet
Sniffing. The document must commence with the University ID,
surname, forename, of all group members.
Registration
Number
Surname
Forename
%
Contribution
Student 1
Student 2
Student 3
Student 4
All group members must individually upload the document.
Populate the document with the completed tasks showing
sufficient annotated and commented evidence. All References
must adhere to Harvard https://www.gre.ac.uk/articles/ils/referencing
Technical Support
CMS Technical Support can be contacted by email
FLAS_Labs-team@greenwich.ac.uk
Marking Scheme
Page 1 of 8
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
Task 1
Capture a HTTP Request Sequence
40
%



Task 2
Clearly identifying the DNS look up request
and response
Clearly identifying the three-way handshake
by showing the contents of the packets and
identifying the relevant flags
Clearly identifying the first few HTTP packets
and a request for an image file
Filtering the capture HTTP Request Sequence
30
%


Task 3
Demonstrate a good understanding of
filtering using Wireshark
Reasonable results, properly tabulated
TASK 3: Capture a cookie
20
%


Task 4
Demonstrate a good understanding of the
structure of a cookie
Discuss the application of how it could be
used by an adversary
Identify which port your HTTPS request goes to
10
%


Clearly identify which port is used by a
server
Clearly identify which port is used by the
client
Page 2 of 8
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
Introduction
Wireshark is a free, open source packet analyser, used for
network troubleshooting, analysis, software and
communications protocol development and security. It captures
network packets and displays detailed packet information. It
runs on Windows and MACs.
Download Wire Shark https://www.wireshark.org/
Training Videos
Wireshark Tutorial - Installation and Password sniffing
https://www.youtube.com/watch?v=4_7A8Ikp5Cc
Mike Lehrter's - Introduction to Wireshark – Part 1
Introduction to Wireshark: Basics + Packet Analysis
https://www.youtube.com/watch?v=jvuiI1Leg6w
How I Use Wireshark
https://www.youtube.com/watch?v=7CYpjf19GkA
My First Packet Tracer Lab
https://studylib.net/doc/9045407/my-first-packet-tracer-lab
Page 3 of 8
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
How is a webpage retrieved from a server?
When a web browser fetches a file from a web server, it does so
using Hypertext Transfer Protocol (HTTP), with which a
computer sends the request for the file, and the web server
sends back a response, followed by the file itself.
The stages to retrieving a web page are:
Establish the IP address of a web server with the Domain Name
System (DNS). DNS is a hierarchical naming system built on a
distributed database for resources connected to the Internet or
a private network. It translates domain names into numerical
identifiers for locating and addressing these devices worldwide.
Before a client attempts to connect with a server, the server
must first bind to a port to open it up for connections: this is
called a passive open. Once the passive open is established, a
client may initiate an active open.
To establish a connection, a three-way handshake occurs.
Page 4 of 8
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
I.
The client sends a synchronisation (SYN flag set) packet to
initiate a connection. The SYN packet holds a Sequence
Number, a 32-bit field in the TCP header.
Let the Sequence Number be x.
II.
The server receives the packet, records x from the client,
and replies with an acknowledgment and synchronisation
(SYN-ACK) with the sequence number that this host is
expecting to receive (x + 1). The server also initiates a
return session. This includes a TCP segment with its own
initial Sequence Number value of y.
III.
Finally, the client sends an ACK back to the server with an
acknowledgment number value of y + 1
TASK 1 – Capture a HTTP Request Sequence
Start Wireshark. Start capturing on Wireshark and view
bbc.co.uk on a web browser. Stop capturing when you have
enough packets i.e. when the pictures have finished loading.
Take screenshots and clearly annotate a listing of the packets
captured, to identify the following: a) DNS request for the IP address that corresponds to the
Uniform Resource Locator (URL)
b) DNS response returned with the IP address clearly
seen
c) HTTP – TCP starting the 3-way handshake (SYN bit =1)
Page 5 of 8
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
– note sequence numbers
d) HTTP – TCP response from server (port 80) (SYN bit
=1, ACK bit = 1)
e) HTTP – TCP acknowledgement to the server (ACK bit
=1) – look at seq numbers again now browser starts to
request web pages
f) HTTP GET - which the request to retrieve the web page
g) HTTP returned with data – this will be the header for
the web page
h) HTTP data packets each with Hyper Text Mark Up
Language (HTML) code in it – the data to display the Web
page
Hint – use the filter, to open the contents of the packets in the
bottom window.
TASK 2 – Filtering the capture HTTP Request Sequence
a) Run Wireshark. Choose the relevant interface and start
capturing. Then, open a browser and visit some
websites.
b) Stop capturing once the web page has loaded.
c) Measure the average outbound packets/s and bits/s.
Hint: To show only packets that have your IP, type:
ip.addr == yourIP Then, click on Statistics ->
IPv4 statistics, and select one of the options.
Compare All Addresses with the other options.
Page 6 of 8
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
d) What percentage of the captured traffic is IPv4?
Hint: Click on Statistics -> Conversations and select
the IPv4 tab to find the total packets.
e) Investigate Statistics -> Source and Destination
Addresses – Ethernet to get packet counts (source and
destination)
Note – yourIP means put in your own IP address from your
computer https://www.whatismyip.com/
TASK 3 – Capture a cookie
Connect to Facebook or some other website that uses cookies.
a. Can you capture the cookie?
b. How can this be used by an adversary?
Hint: You may want to use the http.cookie filter
TASK 4 – Identify which port the HTTPS request goes to
Visit a website, while running the Wireshark capture. Stop the
capture.
Filter to look for only DNS packets – Hint: You may want to use
the dns filter.
That shows the start of the packet sequences to retrieve the
packets from the Web site
Go to a TCP packet from that sequence and record the port
number on the server. That gives you the packet number of
the start of the sequence. Remove the filter to see the rest of
Page 7 of 8
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
the packets.
Hint – open the TCP packet in the bottom pane to see the
source and destination addresses
Look at the port number for the same sequence on your
computer – is this the same?
If not, then why not?
Page 8 of 8
Downloaded by Dk M (dkm7794@gmail.com)
Related documents
Warriors of the net questions 1. What three things are put on the
Warriors of the net questions 1. What three things are put on the
Lab1
Lab1
Algebra 1 Preparing for Success Packet
Algebra 1 Preparing for Success Packet
Download
advertisement