Netw360 W7 Ilab Report

Wireshark Introduction and Examining Wireless Frames

Introduction

Guidelines: It’s always best to introduce a paper to the reader. It sets the tone and provides an overview of what will be covered and what the goals are.

• What is the intent of the lab? What issues are addressed? Why is it important? What are the goals?

Specific questions from the tutorial

Guidelines: Answer all questions in full college-level sentences and paragraphs.

1. What type of software is Wireshark? Why is this important to users of Wireshark?

Wireshark is a network protocol analyzer, and is the standard in many industries. It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it is still under active development. Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and display them in human-readable format. Wireshark includes filters; color-coding and other features that let you dig deep into network traffic and inspect individual packets.

2. When analyzing a network capture, what data appears in each of Wireshark’s three panes?

The top pane is where captured data packets are listed, and they are usually ordered by the time they were sent. The packets highlighted in green in my screenshot are all transmissions from my computer to the backend which Appstorm uses to compose posts. The blue ones are caused by my computer probing the network at the moment this screenshot was taken, looking for Dropbox clients to connect to. Most of the information people would want when using Wireshark is shown in this pane, such as addresses and ports used for connections, the protocol used and so forth. However, let’s take it a bit further.

3. What does a display filter do, and when would you use one?

The first filter says "show me packets where an ip.addr exists that does not equal 192.168.4.1". That is, as long as one ip.addr in the packet does not equal 192.168.4.1, the packet...