- Start Wireshark
- Select your Ethernet or Wireless network connection (Double Click on it)
- Stop the auto capture of packet data...
- Get ready to restart the capture of data... but before you do, be ready to click on a web page link... not yet, just be ready, Do the following quickly...
- Start capture (and click capture with out saving)
- click on this link to a web page
- Stop the capture of packet data
- 3 Click on link here
- You should see an HTTP "get" packet like this... Scroll around to find it mixed in all the packets that were scanned.
- GET /cyberSecuritySVCTE/wireshark/wireshark_lab_001.htm HTTP/1.1
- Is it kinda hard to find this specific HTTP "get" packet?
- Let's try doing while using a filter
- In the top left display filter field, type HTTP
- The field will turn green, indicating that this is a valid Wireshark display filter
- Cool, now you see just the HTTP packets. and specifically you can see the HTTP "Get" packet where your browser requested the load of a web page.
- You can click on the "Packet Details" section in the middle section of the display, and see an expanded view of the details of this packet
Question time:
- What is the top URL of the web site this HTTP "get" packet came from?
- GET /cyberSecuritySVCTE/wireshark/wireshark_lab_001.htm HTTP/1.1
- How did you find it?
- Take a screen shot to turn in
- What is the destination IP address? Is it for the requested page or somewhere else?
- Take a screen shot to turn in
To capture the packet data and save it to a Google or Word doc and then turn it in as a PDF do the following:
- in wireshark, capture the packets, and highlight the specific one you want to look at
- in the Packet details frame "right" mouse click and select "expand all"
- Then you will want to copy the packet data and paste it into a Google or Word doc
- Paste this in a Doc and highlite the sections as you answer the Lab questions
No comments:
Post a Comment