26 Nov 2010 Leave a comment
Step 1: install and launch Wireshark
Step 2: select an interface to use for capturing pakets
Step 3 : Analysyze web trafict information (optional)
a. The conection to the google server with a query to the DNS server to lookup the server IP address. The destination server IP address will most likely start with 64.x.x.x what is the source and destination of the first packet sent to the google server?
b. Open another browser window and go to the ARIN who is database http://www.arin .net/whois/ or use another whois lookup tool and enter thr IP address of the destination server. To what organization is this IP address assigned? 192.168.1.103
c. What are the protocols is used to establish the connection to the web server and deliver the web page to your local host? TCP
d. What is the color used to establish the connection to the server and deliver the web page to your local host? hijau
e. What is the color used to highlight the traffic between your host and the google web server? gray
Step 5: filter a network capture
a. Open a command prompt window by clicking start > all programs > run and typing cmd.
b. Ping a host IP address on your local network and observer? ICMP
c. When icmp is typed in the filter text box what kind of raffic is was displayed? Ketika kita ping ke host IP address yang ada di jaringan local kita
d. Click the filter: Expression button on the wireshark eindow. Scroll down the list and view the filter possibilities there. Are TCP, HTTP,ARP and other protocols listed? Ya ada
a. There are hundreads of filters listed in the filter: expression option. It may be possible that, in a large network , there would be enormounts and many different types of traffic. Which three filters in the long list do you think might be most useful to a network administrator
b. Is wreshark a tool for out of band or in band network monitoring