Promiscuous mode allows a network interface card NIC to capture all the packets that come across the wire even if they are not destined for that particular host
The name resolution option will try to resolve the IP addresses given into human readable form.
Wireshark issues queries to the DNS to resolve IP host names. Using name resolution is easier and less time consuming. Once capturing of packets has been done and a name has been resolved, you should reload so that the packets can be rebuilt with the resolved name.
A hub is a network device that connects network devices together. It transmits only one data packet at a time. When a hub receives a packet from one computer all other computers wait until the packet reaches its destination. In a hub, when a packet is received from one port, it is transmitted to all other ports.
A switch is also a device that is used to connect network devices. Unlike the hub, multiple data packets can be sent through the network simultaneously. Also, a switch forwards a data packet to the destination address only and not to all ports.
Because switches send data to only a specific port, it does not allow capturing of packets to the other ports or devices. Unlike a hub that sends data to all its ports hence making it more efficient to capture all the packets for all ports in wireshark
|
Program |
Port |
|
ftp data |
20 |
|
ftp control |
21 |
|
http |
80 |
|
NTP |
123 |
|
ssh |
22 |
Also find the well know port numbers for 6 other network protocols and describe the function that each protocol performs.
|
PROTOCOL |
FUNTION |
PORT |
|
Simple Mail Transfer Protocol(SMTP) |
Used for sending mails |
25 |
|
Telnet |
Used for unencrypted command line login |
23 |
|
Domain Name System (DNS) |
used to convert IP addresses to domain names |
53 |
|
Border Gateway Protocol (BGP) |
used for maintaining large routing tables and traffic processes |
179 |
|
Trivial File Transfer Protocol (TFTP) |
used by devices to upgrade software and firmware |
69 |
|
Simple Network Management Protocol (SNMP) |
Used for network management |
161 and 162 |
There are three types of BPF qualifiers:
Type qualifier. It specifies the type of thing, its name id or the number it represents. It includes the host, net and port.
Host 192.168.12.56 this capture filter is used to capture all the traffic between the machine that has Wireshark and the IP address of the specified computer. All the packets that are sent between the two computers are captured
tcp port 80. This filter is used to capture all the packets that are passing through the port 80. This refers to TCP traffic.
net 192.168.10.0/24. This filter is used to capture all the traffic on that particular network.
Dir qualifiers specify a particular transfer direction to and/or from id. Possible directions are src, dst
src 192.168.10.5 this capture filter is used to capture all traffic from that particular machine. Only the traffic generated from that computer will be captured. dst net 192.168.0.0/24 this capture filter is used to capture all the traffic to a range of the specified IP addresses
Proto qualifiers restrict the match to a particular protocol. Examples: ether, tcp, tr, ip, ip6, arp, rarp and udp. ether proto 0x888e capture filter. Used to capture only ethernet generated traffic of type EAPOL
IP capture filter. This captures all the traffic that are IPV4 tcp portrange 1000-1500 this capture traffic on a specified range of ports arp captures all the arp based traffic rarp this capture filter captures all reverse arp traffic ip6 this capture traffic captures all traffic of ip version 6. IPv6 traffic. udp and port 53. This captures all DNS requests
Documenting the 3 logical operators for combining primitives
AND operator &&.
Udp and port 53. This filter captures all the UDP traffic that comes on port 53
OR operator ||.
TCP port 53 or port 80. This captures tcp traffic that comes on either port 53 or 80
NOT operator !.
TCP port 80 and not host 192.168.1.12. this filter captures all the traffic coming from port 80 but not any traffic coming from the specified host
I assigned my second machine an IP address of 192.168.43.1
From the above screen shot the filter that I used was host 192.168.43.2. This filter captures all the packets between the two computers.
I used the above filter for the mac address of the destination computer. It is used to capture packets using the mac address
The filter src is used to capture packets from a specified target. In this case I used src with the target Ip address. Here all the packets from the target are captured
Using the ICMP filter in Wireshark, I captured only ICMP traffic between the two computers
Excluding particular network traffic (2 marks)
Broadcast. This filter captures only the broadcast traffic
Not broadcast. This filter captures all the traffic except broadcast traffic
Tcp portrange 0 – 1900 and not broadcast. This captures all the tcp traffic on the range provided excluding broadcast traffic
Using port numbers in capture filters (1 mark)
Port 53. This is used to capture only DNS traffic
Port 53 and ip.dst == 192.168.43.236
This is used to capture all the DNS traffic and the traffic that is being generated by that same machine. The IP address used is for my machine
To capture DHCP traffic we use the port for DHCP. That is port 67 and 67.
Therefore, the capture filter is port 67 or 68
tcp [13] & 4 == 4 This particular capture filter can detect TCP packets that have the RST flag set. Explain it in simpler form.
This is helpful when you want to find a particular traffic using tcpdump. The number 4 correspond to where the TCP flag falls on the binary scale. Therefore, the filter is finding the 13th byte in the TCP header, and only grabbing packets o RST flag.
References
1.1 Difference Between Switch and Hub | Cisco CCNA 640-802 Study Guide. (2018). Retrieved from https://ccna-guidance.blogspot.co.ke/2010/08/11-difference-between-switch-and-hub.html
40 Network Protocols with Port NOs. Transport Protocols and Meanings. (2018). Retrieved from https://vincenttechblog.com/40-network-protocols-with-port-numbers-transport-protocols-and-meanings/
Cheat Sheets – PacketLife.net. (2018). Retrieved from https://packetlife.net/library/cheat-sheets/
DHCP – The Wireshark Wiki. (2018). Retrieved from https://wiki.wireshark.org/DHCP
CaptureFilters – The Wireshark Wiki. (2018). Retrieved from https://wiki.wireshark.org/CaptureFilters
How to Remember Your TCP Flags – Daniel Miessler. (2018). Retrieved from https://danielmiessler.com/study/tcpflags/
TCP Flags Explained. (2018). Retrieved from https://syedali.net/2014/12/29/tcp-flags-explained/
How to Remember Your TCP Flags – Daniel Miessler. (2018). Retrieved from https://danielmiessler.com/study/tcpflags/
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download