2 Start capturing packets then open a webpage a Follow the T

2. Start capturing packets then open a webpage. a. “Follow” the TCP Stream and describe what you see. b. Filter by HTTP and describe what you see. c. Select an HTTP packet in the packet list pane. In the packet details frame, click on the Frame, Ethernet, IP, and TCP parts of the packet to see more information. Describe what you see

Solution

Solution:

a) orking with TCP based protocols it can be very helpful to see the data from a TCP stream in the way that the application layer sees it.Perhaps you are looking for passwords in a Telnet stream, or you are trying to make sense of a data stream. Maybe you just need a display filter to show only the packets of that TCP stream. If so, Wireshark’s ability to follow a TCP stream will be useful to you.

TCP packet in the packet list of the stream/connection you are interested in and then select the Follow TCP Stream menu item from the Wireshark Tools menu

The stream content is displayed in the same sequence as it appeared on the network. Traffic from A to B is marked in red, while traffic from B to A is marked in blue.

choose from the following actions:

choose to view the data in one of the following formats:

b)

A complete list of HTTP display filter fields can be found in the display filter reference

Show only the http based traffic: http

Show only the famous \"404: page not found\" responses: http.response.code==404

show only file data received over http( the content of the reponses):http.content_type.

capture http traffic over the default port(80):tcp port 80.

Capture HTTP traffic over the default SSL port (443): tcp port 443.

c)

Each line in the packet list corresponds to one packet in the capture file. If you select a line in this pane, more details will be displayed in the \"Packet Details\" and \"Packet Bytes\" panes.

While dissecting a packet, Wireshark will place information from the protocol dissectors into the columns. As higher level protocols might overwrite information from lower levels, you will typically see the information from the highest possible level only.

Example, let\'s look at a packet containing TCP inside IP inside an Ethernet packet. The Ethernet dissector will write its data (such as the Ethernet addresses), the IP dissector will overwrite this by its own (such as the IP addresses), the TCP dissector will overwrite the IP information, and so on.

The default columns will show:

Ethernet is an example of protocols included in the TCP/IP suite. It\'s at the data link

TCP/IP is usually found on Ethernet, but it can be used on other networks as well. Also, you can have Ethernet without TCP/IP, and in fact a lot of proprietary industrial networks do exactly that. In addition, you can also run TCP/IP in parallel with other things like UDP on the same Ethernet connection.

No. The number of the packet in the capture file. This number won\'t change, even if a display filter is used.

Time The timestamp of the packet. The presentation format of this timestamp can be changed,

Source The address where this packet is coming from.

Destination The address where this packet is going to.

Protocol The protocol name in a short (perhaps abbreviated) version. Info Additional information about the packet content.

Ethernet = the hardware on which the frames travel
A frame basically consists of the Ethernet header, data payload, and error check.

TCP/IP = the set of rules that define how the data payloads in the frames are arranged and understood.

I think many people call frames \'packets\', but if you get into the details of TCP/IP the term \'packet\' means something a bit different.