Laboratory 3 – Advanced Wireshark

You should do a report  within 7 days and return to the e-portal platform.

To solve the first tasks we use .pcap files (already saved logs broadcasts), which can be downloaded at tasks – DOWNLOAD FILE .PCAP

TASKS:

  1. Analyze the collected packets using the „Conversation” tool and „endpoints” tools. Which information can be obtained through the use of these two tools ?. What information gives us a tool that conversation and End Points. Work on the file: lotsohweb.pcap
  2. What is the difference beetwen information from Step 1 of the information shown in the Resource Monitor (see screen) ??
  3. Using lotsofweb.pcap show the percentage distribution and amount in MB of transferred data for individual protocols. (Tool Protocol Hierarchy Statistics)
  4. Turn sniffing packets in real time (with the option of „not udp”), open the page TVN24.pl and analyze data with tool „Protocol Hierarchy Statistics” – introduce their applications
  5. Open the file lotsofweb.pcap. Show graphically the flow of data over time. (IO Graph Wireshark tool). What is a graph? Show on the percentage of packets were wykresiejaki HTTP packets and UDP (filtering)
  6. Open the file lotsofweb.pcap. Show graphically the flow of data over time. (IO Graph Wireshark tool). What is a graph? Show the graph of the percentage of packets were HTTP packets and UDP (filtering)
  7. Sniff opening page onet.pl with enabled „not udp” filter and with the option „name resolution” in Capture options -> name resolution. (See these options). Save the data in the file onet.pcap. Analyze this file using the „Conversation” „End Points” and „Protocol Hierarchy Statistics”. Review the data collected and pull requests – how many DNS queries was how many other sites have been visited outside onet.pl. How much data (KB / MB was collected from these pages), how long it took to load these data?
  8. Take again the task 7 (of włączonymAdBlockiem) – Compare and show differences
  9. Open again the file onet.pcap and open the tool  „flow graph” What can you learn from this tool?

 

!! NOTE if you repeat the exercise 7 or 8 -you need do clear web cache and DNS cache (use ipconfig / flushdns for clear dns cache)