Wireshark Essay: Network Analysis For Performance Optimization.

This assignment is to designed to develop student’s analytical skills in addition to Wireshark utilization to capture data from live network traffic. Through the labs, students have learned how to analyse HTTP packets, TCP packets streams, audio streaming with TCP. Students have learned to identify the performance parameters such as load distribution, throughput graph, time sequence graph, flow graph and window scaling graph.Overview and General Instructions of Assignment Students need to use captured Wireshark data to explain the performance of the distributed system
behind the given web system. In report, students need to focus on the effect of different browsing data on graphs, and justify the effect of it. 

a) List 3 different protocols that appear in the protocol column in the unfiltered packet-listing window in. Support your answer with an appropriate screenshot from your computer.
b) How long did it take from when the HTTP GET message was sent until the HTTP OK reply was received? (By default, the value of the Time column in the packet-listing window is the amount of time, in seconds, since Wireshark tracing began. To display the Time field in time-of-day format, select the Wireshark View pull down menu, then select Time Display Format, then select Time-of-day.)
c) What is the Internet address of the gaia.cs.umass.edu? What is the Internet address of your computer? Support your answer with an appropriate screenshot from your computer.

Task – 1b
From the (MIT lab Network), students need to chase and capture data packets from three websites in the table below (Table 1). Students have to analyse the performance for each website in regards of:
? Load Distribution
? Throughput Graph
? Time Sequence Graph
? Flow Graph (Both general and TCP flow)
? Window Scaling Graph 

vestigate streaming audio delivery over TCP by listening to Internet live radio and capturing the transmitted packets.
From a second network (Home, work, etc.), students have to chase and capture one more website which has an audio stream (such as radio stations, Students are free to choose any website. Show your analysis using TCP Stream Graph and Time Sequences Graph.

Explanation of data captured using Wireshark

The report is prepared for the analysis of a network solution using the network monitoring tool and identification of the loads and performance of the network. Wireshark is used for identification of the performance parameters and development of the analytical skill for capturing live data traffic from the network and generate graphs for the analysis of the protocols used for communication. The performance of the distributed system should be analysed and the graphs and the browsing data should be analysed for the justification of the effect.

The protocols listed in the protocol column are listed and appropriate screenshot are added in the report for its demonstration. Three different websites are visited and the packet is captured using Wireshark for the analysis of each of the website. The use of the Wireshark helps in analysis of the port number and the Ip address of the source and the destination address and management of the flow of the data packet in the network. It helps in analysis of the security and the network and can be used by the network administrator for monitoring the data flow of the network. The interface of a client computer is used for capturing the data packets and different types of graphs are generated for the identification of the sequence, throughput, flow graph and scaling graph.

Task 1a – Explanation of the data captured

1. The three different types of protocols that are seen in the protocol column when the packet list is unfiltered are as follows:

• UDP
• TCP, and
• ARP

                The following screenshot is given for supporting the answer

 

The time taken for the HTTP GET request to HTTP OK reply is given in the following frames. The arrival time and the time delta for the previous packet can be fetched from the captured packet with the details such as the frame number, packet length and the capture length. The two frames i.e. one for the GET request and the one for the OK reply message is analysed and the time is noted and they are subtracted for finding the time taken until the HTTP OK reply message is received. Here the difference between the times are

.43960400 - .426032000

= 0.013572 sec

192. The internet address of gai.cs.umass.edu is 192.168.43.1

The internet address of the client computer is 192.168.43.173

This is analysed from the following frame of the packet captured

Frame 32: 77 bytes on wire (616 bits), 77 bytes captured (616 bits) on interface 0

Ethernet II, Src: HonHaiPr_f2:4c:ed (9c:30:5b:f2:4c:ed), Dst: VivoMobi_d1:30:ad (dc:1a:c5:d1:30:ad)

Internet Protocol Version 4, Src: 192.168.43.173, Dst: 192.168.43.1

    0100 .... = Version: 4

    .... 0101 = Header Length: 20 bytes (5)

    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)

    Total Length: 63

    Identification: 0x0055 (85)

    Flags: 0x0000

    Time to live: 128

    Protocol: UDP (17)

    Header checksum: 0x625a [validation disabled]

    [Header checksum status: Unverified]

    Source: 192.168.43.173

    Destination: 192.168.43.1

User Datagram Protocol, Src Port: 64050, Dst Port: 53

Domain Name System (query)

 Task 1b – Significance of the project

The performance of the following websites are analysed in terms of their load distribution, throughput graph, time sequence graph, flow graph and window scaling graph. Each of the graphs have different functionality such as:

Throughput graph – It is used for the analysis of the average throughput and the goodput

Window Scaling – It is used for the analysis of the window size and the outstanding bytes

Time sequence – it is used for the generation of a simple graph that is quite similar with the tcptrace and includes the forward segments, selective acknowledgement, zero windows and the reverse window size.

Flow Graph – It is used for the demonstration of the flow of the data packets and the messages between the client and the server.

There are different filters that can eb applied in wireshark for getting more specific result and optimizing the result of the analysis of the network performance.

Load Distribution

 

 

 

 

 

Task 2 – Explanation of the output of the graphs in terms of network performance

TCP Stream Graph

The generation of the throughput graph helps in analysis of the stability of the website and identification of any problem for transferring the data packets and media files between the client and the server. In the right hand side of the graph the average throughput is displayed for the identification of the bandwidth utilization of the current network.

Time Sequence Graph

The generation of the time sequence graph helps in identification of the tcp packet ranging between 0 – 900 for a time limit of 0.6 sec.

Conclusion

After the analysis of the three websites it can be concluded that the performance of the distributed system can be analysed and the effects of the different types of browsing data are analysed using the graph and justification of its effects. Different types of graphs such as load distribution, throughput, time sequence, flow graph and windows scaling graph are generated from the captured packet of the different websites for analysing the performance. The time taken for seeking the HTTP request and receiving of the reply from the server are analysed that helps in gathering the details of the data flow and the screenshots are attached in the report for the demonstration of the performance of the network. The wireshark can be used for analysis of different types of data transmission such as audio streaming, media and information transmission. It can be used as a web analytical tool and used for comparing the website performance with the application of different filters and graphs.

References

• Chappell, L. Wireshark 101: Essential Skills for Network Analysis-Wireshark Solution Series. Laura Chappell University., 2017.
• Sanders, C. Practical packet analysis: Using Wireshark to solve real-world network problems. No Starch Press., 2017.
• Ndatinya, V., Xiao, Z., Manepalli, V.R., Meng, K. and Xiao, Y. Network forensics analysis using Wireshark. International Journal of Security and Networks, 10(2), pp.91-106., 2015.
• Walnycky, D., Baggili, I., Marrington, A., Moore, J. and Breitinger, F. Network and device forensic analysis of android social-messaging applications. Digital Investigation, 14, pp.S77-S84., 2015.
• Messier, R. Packet Capture and Analysis. Network Forensics, pp.81-112., 2017.
• Cappers, B.C. and van Wijk, J.J. Semantic Network Traffic Analysis using Deep Packet Inspection and Visual Analytics., 2017.
• Quadrio, G., Bujari, A., Palazzi, C.E., Ronzani, D., Maggiorini, D. and Ripamonti, L.A. Network analysis of the steam in-home streaming game system: poster. In Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking (pp. 475-476). ACM., 2016, October.
• Armstrong, M.E., Jones, K.S., Namin, A.S. and Newton, D.C. What Vulnerability Assessment and Management Cybersecurity Professionals Think Their Future Colleagues Need to Know. In Proceedings of the 49th ACM Technical Symposium on Computer Science Education(pp. 1082-1082). ACM., 2018, February.
• Atwater, E., Bocovich, C., Hengartner, U. and Goldberg, I. Live Lesson: Netsim: Network simulation and hacking for high schoolers. In 2017 {USENIX} Workshop on Advances in Security Education ({ASE} 17). USENIX} Association}., 2017 August.
• Cuppens, F. WirelessHART NetSIM: A WirelessHART SCADA-Based Wireless Sensor Networks Simulator. In Security of Industrial Control Systems and Cyber Physical Systems: First Workshop, CyberICS 2015 and First Workshop, WOS-CPS 2015 Vienna, Austria, September 21–22, 2015 Revised Selected Papers(Vol. 9588, p. 63). Springer., 2016, June.