Wireshark Capture: Network Traffic
Wireshark Capture
The first step that needed to be taken in order to start this project was the download of the program Wireshark. In order to download Wireshark all I had to do was access the Wireshark website which was located at http://www.wireshark.org/download.html. Once that the program was loaded I was able to run a session and capture network traffic. When you first run a capture you have to choose which interface you are using. For this situation, I am running off of a wireless access card so I had to choose the “wireless” interface.
Once I started the capture, you immediately see captures of packets scroll down the screen with the different protocols displayed as well as detailed information on what is inside that packet. In figure 1.1 I accessed a website and we can clearly see the 3-way handshake that occurs so I can gain access to that website. My pc sends a SYN request asking permission for access, I then receive and SYN ACK. My computer completes the process by sending an ACK response.
(Figure) 1.1
When I try to gain access to a site that is secure and requires authentication such as a log in screen. I am the TLSV1 Protocol is given. This is a transport layer security protocol which is given when I access an HTTPS website. These protocols provide cryptographic security for all the information that I am sending over this site. All my information is encrypted and cannot be viewed openly by someone using a sniffer on the network. Figure 1.2 shows the capture to the USAA website which required authentication to access.
Figure (1.2) We were given instruction to capture certain packets across our network. The first packet were given is ARP. What this protocol does is that it associates a MAC address with an IP address by broadcasting “who has this IP address”. It then waits for the response. The MAC address of the response is then stored in the ARP table for future references. Below in figure 1.3 is a capture of the ARP protocol from my
The first step that needed to be taken in order to start this project was the download of the program Wireshark. In order to download Wireshark all I had to do was access the Wireshark website which was located at http://www.wireshark.org/download.html. Once that the program was loaded I was able to run a session and capture network traffic. When you first run a capture you have to choose which interface you are using. For this situation, I am running off of a wireless access card so I had to choose the “wireless” interface.
Once I started the capture, you immediately see captures of packets scroll down the screen with the different protocols displayed as well as detailed information on what is inside that packet. In figure 1.1 I accessed a website and we can clearly see the 3-way handshake that occurs so I can gain access to that website. My pc sends a SYN request asking permission for access, I then receive and SYN ACK. My computer completes the process by sending an ACK response.
(Figure) 1.1
When I try to gain access to a site that is secure and requires authentication such as a log in screen. I am the TLSV1 Protocol is given. This is a transport layer security protocol which is given when I access an HTTPS website. These protocols provide cryptographic security for all the information that I am sending over this site. All my information is encrypted and cannot be viewed openly by someone using a sniffer on the network. Figure 1.2 shows the capture to the USAA website which required authentication to access.
Figure (1.2) We were given instruction to capture certain packets across our network. The first packet were given is ARP. What this protocol does is that it associates a MAC address with an IP address by broadcasting “who has this IP address”. It then waits for the response. The MAC address of the response is then stored in the ARP table for future references. Below in figure 1.3 is a capture of the ARP protocol from my