Using Wireshark for Real-World Scenarios

Note: Everything must be typed and drawn using a computer!

 

In this exercise you are asked to examine the popular social networking web site Twitter. When recording packets using

Wireshark, use wired LAN connection to reduce overhead packets.

 

Part I-A- Twitter Login & Logout:

    1. Make sure you have a valid Twitter account.
    2. Make sure your LAN connection is working.
    3. Do the following: Start Wireshark. Log into your Twitter account with a valid user id and password. Log out of your account. Stop the Wireshark. Capture the received packets. Save the file as YourName_twitter_login_logout.pcap.
    4. Show the timing diagram for the first three packets constituting the TCP handshake (identify IP and TCP addresses and packet types) prior to starting the login process.
    5. What is the remote server IP address (Twitter server address)?
    6. Which port the Twitter server is using to login the user?
    7. What protocol Twitter server is using to login the user? Is this a secure protocol?
    8. How do you filter all the TCP packets whose FIN flag is set? In your captured packets, how many packets have this flag set?
    9. Can you see your login information? Show a snapshot of this information.
    10. Following the first stream (TCP session), explain how the session is terminated and show all the packets exchanged after the last piece of data is transferred. You must use a timing diagram to show all the packets.

 

Part I-B- Twitter Message:

    1. Do the following: Log into your Twitter account with a valid user id and password. Send a message: "I Love ES465 class!!" Stop the Wireshark. Save the file as YourName_twitter_tweet.pcap.
    2. Review the captures file. Was your message encrypted? Show a snapshot to justify your answer.
    3. What protocol Twitter server uses to send your message?

 

Part I-C- Twitter Private Message:

    1. Do the following: Log into your Twitter account with a valid user id and password. Send a private message to your friend: "I was walking over the fence and suddenly I fell down!" Stop the Wireshark. Save the file as YourName_twitter_private_tweet.pcap.
    2. Review the captures file. Was your message encrypted? Show a snapshot to justify your answer.
    3. What protocol Twitter server uses to send your message?

 

Part I-D- Conclusion: Based on the steps above. Explain exactly, what you learned.

 

Part II- Download Example A file. This file is an example of a case where the Internet access is not operating. Answer the following questions:

    1. Exactly explain what is the purpose of the first two frames. What is happening.
    2. What is the destination of the first frame?
    3. Which transport protocol the DNS application uses in this case?
    4. Which port DNS server listens to?
    5. What type of query (record) the host is making from the DNS server?
    6. Take a snapshot of the Flow Graph and explain exactly what is happening. Why does the destination address keep changing? Make sure your setting is for General Flows.
    7. What is the address for the assumed default gateway?
    8. Is there any problem in this communication? If so, explain.
    9. Explore all the possible problems in this scenario. What are the potential things that can be wrong? Remember ARP protocol is operating just fine.
    10. Now assume the following are true: (a) other users can access the Internet and access Google and Yahoo; (b) there is no issue with protocol stack of the host . In this case what could be the only logical problem? What do you think was the cause of this problem?

 

Part III- Download Example B file. This file is yet another example of a case where the Internet access is not operating. Answer the following questions:

    1. In this case, first, the host makes a query for A record for www.google.com. What type of response the name server provides?
    2. Explain how the IP address of www.google.com is determined based on the response of the name server.
    3. Why type of TCP segment is frame number 3? What is its purpose?
    4. Assuming we filter all the retransmitted packets, how many frames will be displayed? Hint: pay attention to the flag values.
    5. Is there any problem in this communication? If so, explain.
    6. Explore all the possible problems in this scenario. What are the potential things that can be wrong?

 

 

Part IV- For this part carefully read about Network Tools. Select one of the following tools and write about it: Cain & Abel, Scapy, Netdude, NetworkMiner, tcprelay, hping. Please POST your description to the google DOC for network tools. Limit your description to a single page. In your description you must address the following in the same format:

    1. Operating system requirement.
    2. web site to download the tool
    3. Purpose of the tool
    4. Make a scenario and take some snapshots. Very briefly, describe the scenario. If a scenario example already exists, just provide a brief description and the link to the original document.
    5. Related books, links, etc.
    6. Useful YouTube videos describing the tool
    7. Similar tools

____________________________________________________

Part V -   Whose fault is it? Download Example file. Use this for class exercise. Check MD5 Hash value of the file.