Skip to content

WA2. WireShark: Filter and Statistics

Statement

A customer organization (assume it is UoPeople) has just called in, complaining of a very slow network. The senior network engineer has run some remote tests and suspects that the problems may be related to the protocols on the network. You have been sent to the Organization to scope the network and check the different types of protocols running on the network. Your tasks are as listed below:

  1. Capture network packets while you interact with the Uopeople student portal.
  2. Open the command prompt on your PC and run a ping test on google.com.
  3. Stop the packet capture and study the packets captured to answer the following questions:
    • a. What is the total number of network packet protocols seen in the packet capture? Name at least five of them with relevant screenshots.
    • b. Filter for HTTP packets. How many HTTP packets can you see (take a screenshot)?
    • c. Filter for DNS packets. How many DNS packets can you see (take a screenshot)?
    • d. Filter for ARP packets. How many ARP packets can you see (take a screenshot)?
    • e. Filter for TCP packets. How many TCP packets can you see (take a screenshot)?

Refer to this manual for step-by-step instructions on the assignment.

Submit all the required information and screenshots for this assignment in a single MS Word or PDF format.

Answer

1. Capture network packets while you interact with the UoPeople student portal

  • The following screenshot shows the Wireshark interface while capturing packets from the network.
capture network packets while you interact with the UoPeople student portal
Image 1: Wireshark interface while capturing packets from the network

2. Open the command prompt on your PC and run a ping test on google.com

  • The following screenshot shows the command prompt while running a ping test on google.com.
open the command prompt on your PC and run a ping test on google.com
Image 2: Command prompt while running a ping test on google.com

3. Stop the packet capture and study the packets captured to answer the following questions

3-a. What is the total number of network packet protocols seen in the packet capture? Name at least five of them with relevant screenshots

  • To get the total number of packets captured, I looked into the right bottom corner of the Wireshark interface (UoPeople, 2024).
  • The total number of packets captured is 2557.
  • To get the list of protocols used, I used the Statistics menu and selected Protocol Hierarchy; however, the numbers were not clear to me (the screenshot below: Image 3); so I sorted the packets pane by protocol and manually listed all the protocols that I found (Sharpe, Warnicke, & Lamping, n.d.).
  • The total number of protocols used is 13; they are as follows:
    1. ARP: Address Resolution Protocol.
    2. DNS: Domain Name System.
    3. HTTP: Hypertext Transfer Protocol.
    4. ICMP: Internet Control Message Protocol.
    5. ICMPv6: Internet Control Message Protocol version 6.
    6. IGMPv2: Internet Group Management Protocol version 2.
    7. MDNS: Multicast Domain Name System.
    8. OCSP: Online Certificate Status Protocol.
    9. QUIC: Quick UDP Internet Connections.
    10. SSDP: Simple Service Discovery Protocol.
    11. TCP: Transmission Control Protocol.
    12. TLSv1.2: Transport Layer Security version 1.2.
    13. TLSv1.3: Transport Layer Security version 1.3.
    14. UDP: User Datagram Protocol.
protocol hierarchy
Image 3: Protocol Hierarchy

3-b. Filter for HTTP packets. How many HTTP packets can you see (take a screenshot)?

  • I typed http in the filter bar and pressed Enter (UoPeople, 2024).
  • I found 14 HTTP packets (the screenshot below: Image 4), the number is shown in the bottom left corner under Displayed: 14 (0.5%).
  • Image 3: Protocol Hierarchy confirms the number.
filter for HTTP packets
Image 4: Filter for HTTP packets

3-c. Filter for DNS packets. How many DNS packets can you see (take a screenshot)?

  • I typed dns in the filter bar and pressed Enter (UoPeople, 2024).
  • I found 152 DNS packets (the screenshot below: Image 5), the number is shown in the bottom left corner under Displayed: 152 (5.9%).
filter for DNS packets
Image 5: Filter for DNS packets

3-d. Filter for ARP packets. How many ARP packets can you see (take a screenshot)?

  • I typed arp in the filter bar and pressed Enter (UoPeople, 2024).
  • I found 9 ARP packets (the screenshot below: Image 6), the number is shown in the bottom left corner under Displayed: 9 (0.4%).
filter for ARP packets
Image 6: Filter for ARP packets

3-e. Filter for TCP packets. How many TCP packets can you see (take a screenshot)?

  • I typed tcp in the filter bar and pressed Enter (UoPeople, 2024).
  • I found 2074 TCP packets (the screenshot below: Image 7), the number is shown in the bottom left corner under Displayed: 2074 (81.1%).
filter for TCP packets
Image 7: Filter for TCP packets

References