Wire shark Packet Capture
The experiments were run from the university lab using the HP computer of 32 bits. I ran that the experiments using the Wireshark application on June 9, 2016, and the figures below were a witness of the findings from those experiments plus the files that are also attached for reference. My first experiment was done to find out the general flow of the network traffic, and that is as shown in the figure below. The figure shows the general flow of the packets of various types including the TCP, UDP, and HTTP packets including the IP addresses of both the source as well as that of the destinations. The different destination ports are shown in the figure below after which the filter are shown including the TCP, HTTP, IP addresses, and the DNS filters.
- TCP Traffic
When one wants to inspect some specific information like traffic a traffic being sent from a phone call, one can close down all the other applications so that he/she only narrows down to the specific traffic on which one is interested (Qadeer et al., 2010). The information above shows the traffic filtered from the DNS, the TCP, HTTP, and the one sent from the university server and the Youtube video of URL: https://www.youtube.com/watch?v=BPNTC7uZYrI. That helped me to narrow down to the specific information on which I wanted to focus, and so I achieved my objectives. It is also this narrowing down of to the specific traffic that helps one to identify the issues that may be affecting a given network, such as the packets not being sent or any other fault that requires being addressed. Below are also the display filter expressions that would help to know the number of each particular types of packets flowing to and from a network.
The DISPLAY filter to show TCP packets with SYN, PSH and RST
- flags.syn==1 && tcp.flags.psh==0 && tcp.flags.rst==0
SYN packets = 2/3; PSH packets = 1/6; RST packets = 1/6.
DISPLAY filter expression for the packets sent vs. those received from other website
tcpdump -v src host <192.168.0.107> and port <80>&&<443>>>out.txt 2>>err.txt -w capture.cap
I got to know that using the source IP “ip.src == 192.168.0.107” will help one to restrict the wireshark view to only the source packets of the IP specified above in the filter. On the other hand, to filter the destination filter requires one to use the expression, for instance: ip.dst == 192.168.1.1 (Dabir & Matrawy, 2007). The other filters that I applied include the filter by port number, filter by protocol and also matching the packets that contain some sequence as in the case of the TCP packets containing SYN, PSH, and RST.
The Wireshark experiments were carried out from the University lab, and the results have been displayed. The Wireshark application helps in the troubleshooting of a given network for problems, and I recommend it for any organization that wants to maintain their network in good working conditions. It gives the network administrator the knowledge on the source of the network problems so that they can be effectively addressed I good time before they can cause substantial harm to the network.
Dabir, A., & Matrawy, A. (2007, November). Bottleneck analysis of traffic monitoring using wireshark. In Innovations in Information Technology, 2007. IIT’07. 4th International Conference on (pp. 158-162). IEEE.
Qadeer, M. A., Zahid, M., Iqbal, A., & Siddiqui, M. (2010, February). Network traffic analysis and intrusion detection using packet sniffer. In Communication Software and Networks, 2010. ICCSN’10. Second International Conference on (pp. 313-317). IEEE.