New

Learn smart - Learn online. Upto 88% off on courses for a limited time. View Courses

Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!
loader
Add File

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!

ITECH5003 Networking Assignment

tag 0 Download 3 Pages / 504 Words tag 16-11-2020
  • Course Code: ITECH5003
  • University: Federation University
    icon

    MyAssignmentHelp.com is not sponsored or endorsed by this college or university

  • Country: Australia

Question:

Describe what the term promiscuous mode means in relation to capturing network traffic with Wireshark and similar network traffic analysers.

[ 1 mark ]

The Capture > Options dialog allows the Name Resolution of Network Layer names. Describe what this means and describe how it could be used for capturing network traffic.

[ 1 mark ] 

Describe the difference between a network switch and a network hub. Then explain how switched networks limit the network traffic that is visible to Wireshark in comparison to networks that used hubs.  (Note – switches are the technology used in today’s computer networks)

 [ 2 marks ] 

In TCP/IP networking IP addresses are used to identify specific computers (or hosts) on the network, clients use ports numbers to specify a particular instance of a client program (for example a specific tab on a web browser) and servers normally use well known port numbers  on which to listen for client requests. For instance ftp at the server uses ports 20 and 21.

From the web or any other source determine the well-known port numbers of the following server programs:

  • ftp data
  • ftp control
  • http
  • NTP
  • ssh

Also find the well know port numbers for 6 other network protocols and describe the function that each protocol performs.

[ 2 marks ]

Part 2 : Capture filters

In this section of the assignment you are required to learn the syntax for creating Wireshark Capture Filters. Then document and use capture filters to capture specific network traffic.

Discussion of Berkeley Packet Filter (BPF) syntax

The following discussion gives a brief explanation of the BPF syntax to help you get started with constructing your own capture filters.

Wireshark capture filters use the Berkeley Packet Filter (BPF) syntax to specify particular traffic. This syntax is used by the libpcap (in Unix/Linux) and Winpcap (in Windows) libraries that are used by Wireshark to capture network traffic. 

Note – WinDump is the Windows version of a Linux/Unix program called TCPDump and hence TCPDump documentation applies to capture filter syntax as used on Windows machines.

Syntax

The BPF syntax consists of one or more Primitives that specify a particular type of traffic to capture.

Some examples of simple primitives are shown below:

  • host 168.12.22
  • host com
  • src host google.com
  • tcp port 80

Things to note about these primitives:

  • Primitives start with one or more qualifiers (eg. host, src host, dst host etc.)
  • Primitives end with an ID (eg. 168.12.22,  google.com,  80  etc.)

Note –    If you use named IDs like  google.com then you need to enable name resolution in the capture filter dialog box when specifying capture filters.

In summary a capture filter consists of one or more primitives and those primitives consist of one or more qualifiers followed by an ID.

{ <-------  primitive ------> } { operator } { <- primitive -> }

dst   host  192.168.12.13       &&              tcp  port  80

The references  dst,  host, tcp  and port   are called qualifiers.

The references  192.168.12.13    and  80   are called   ID’s. 

The boxed example above also shows the AND operator being used to join two primitives to make a capture filter expression. The AND operator is one of the three possible operators that are allowed in capture filters, the other two are  OR  and  NOT.

Sources of documentation of the Berkeley Filter Syntax that you should refer to are:

There are also good cheat sheets for TCPDump (Wireshark Capture Filters) and Wireshark Display filters at: 

The Wireshark Users Guide (Access from Help in Wireshark)

End of discussion of BPF syntax 

Documenting BPF qualifier syntax

There are three types of BPF qualifiers:

  • Type (3)
  • Dir (2)
  • Proto (8)

The Type qualifier has three possible options:  host, net  and port. The other two qualifier types also have associated options, there are 4 options associated with Dir qualifier type and 8 options associated with Proto qualifier type (please disregard the fddi, decnet options as they are seldom used in today’s networks).

You are required to describe what each qualifier means and list a total of 10 capture filter examples that incorporate at least 1 qualifier and one ID, and explain how each capture filter works.

[ 3 marks ]

Documenting the 3 logical operators for combining primitives

The boxed example above show the logical AND operator ( && ) being used to combine two primitives. There are two other such logical operators.

Document all three logical operators and give one example of how each could be used in a capture filter.

[ 1 mark ]

Implementing BPF capture filters

In this section of the assignment you are required to create a range of capture filters, implement those capture filters in Wireshark and take a screenshot of associated captured traffic.

Your screen captures must include the Time, Source, Destination and Protocol fields of the Wireshark display along with at least two packets (the graphic below shows three, packets 7,8 & 9).

Because the Time field is displayed to such a fine resolution your screenshot capture will be unique from all other students doing this assignment. This will therefore act as an automatic plagiarism detector. 

After creating an appropriate capture filter you may need to generate appropriate traffic for Wireshark to capture. For instance, if you create a Capture Filter to capture ftp traffic you will need to run an ftp client to effect the traffic capture. Likewise, when capturing web traffic you could use a browser to generate appropriate traffic. To capture ICMP traffic you might use the ping command because it uses the ICMP protocol to query other hosts.

Example capture filter:

Filter requirements

Capture all traffic between your computer (that is running Wireshark) and the Google search engine in response to the query “caviar” being entered.

Procedure:

From the Wireshark interface select:

Capture > Options >

Select the desired interface (or select all interfaces)

      Enter    host google.com   in the capture filter entry area

           Select the display option    Resolve network layer names

Start the capture 

Then enter the word   caviar     into the google query field of the browser

Wireshark will captures the require traffic. 

Note –   Make sure you have selected the correct network interface, or select all interfaces if you are unsure. 

Capturing traffic from/to another machine (2 marks)

In network analysis you will frequently need to capture all traffic or specific traffic between your machine that is running Wireshark and another specified machine.

For this exercise you should generate traffic between the machines with the ping command.

Create capture filters that will:

  1. Capture all traffic between your machine (the one running Wireshark) and another machine. Use the IP address of the other machine to identify it in the filter.
  2. Capture all traffic between your machine (the one running Wireshark) and another machine. Use the MAC address of the other machine to identify it.
  3. Capture all traffic from the other machine. Use either the IP or MAC address of the remote machine to identify it.
  4. Capture only ICMP traffic between the two machines

Your discussion for this section should:

  • include two screenshots
  • list all capture filters you used
  • describe how each capture filter works.

Excluding particular network traffic (2 marks)

Create a set of capture filters that will:

  • Capture broadcast traffic only
  • Exclude broadcast traffic
  • Capture all traffic from a range of network addresses but exclude broadcast traffic

Briefly discuss how each capture filter works.

Using port numbers in capture filters (1 mark) 

Create capture filters that will capture the following types of network traffic:

  1. DNS traffic
  2. DNS traffic being sent from your machine
  3. DHCP traffic in either direction

Briefly discuss how each capture filter works. 

Challenge exercise (zero marks)The BPF syntax can detect specific content at specific offsets from the start of network packets.

An example of such syntax would be  tcp[13] & 4 == 4

This particular capture filter can detect   TCP packets that have the  RST flag set.

Describe this syntax so that a layman could understand how such filters work. 

Marking Criteria

This assignment is worth 15% of ITECH1003 assessment.

The assignment must be submitted before the due date/time to ensure assessment penalties as stipulated in the course description are not applied.

The marks for each section are shown against each requirement above.

Students are required to demonstrate their understanding of each part of the assignment clearly and concisely and if specified include associated Wireshark screenshots and clear discussion to demonstrate you have fully understood the topic.

Students should realise that any screenshot taken by them will be unique by virtue of Wireshark’s precise time display, hence if identical screenshots appear in two separate assignments then it will be immediately identified as plagiarism. Therefore, all students need to interact with Wireshark to capture their own traffic and ensure that no other student has access to their screenshot files.

All screen captures that you use in the assignment report must include the Time, Source, Destination and Protocol fields of the Wireshark display along with at least two network packets as outlined on page 3 of this assignment specification.

Please acknowledge by way of referencing, if you have used information from books, papers, websites and other published and unpublished materials.

Students should submit their completed report as a single word or pdf document to Moodle by the due date as specified on your ITECH1003 course description.

Download Sample Now

Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.

Upload
Unique Document

Document
Under Evaluation

Get Money
into Your Wallet

Total 3 pages

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2020). Networking Assignment. Retrieved from https://myassignmenthelp.com/free-samples/itech5003-networking-assignment/network-interface.html.

My Assignment Help (2020) Networking Assignment [Online]. Available from: https://myassignmenthelp.com/free-samples/itech5003-networking-assignment/network-interface.html
[Accessed 15 August 2022].

My Assignment Help. 'Networking Assignment' (My Assignment Help, 2020) <https://myassignmenthelp.com/free-samples/itech5003-networking-assignment/network-interface.html> accessed 15 August 2022.

My Assignment Help. Networking Assignment [Internet]. My Assignment Help. 2020 [cited 15 August 2022]. Available from: https://myassignmenthelp.com/free-samples/itech5003-networking-assignment/network-interface.html.


We Can Help!

Get top notch assistance from our best tutors !
Excel in your academics & career in one easy click!

icon

Other Samples

Content Removal Request

If you are the original writer of this content and no longer wish to have your work published on Myassignmenthelp.com then please raise the content removal request.

icon

5% Cashback

On APP - grab it while it lasts!

Download app now (or) Scan the QR code

*Offer eligible for first 3 orders ordered through app!

screener
ribbon
callback request mobile
Have any Query?