Wireshark Packet Capture

Download the appropriate Wireshark platform and install it on your computer https://www.wireshark.org/download.html

View the below links for some Wireshark tutorials.

http://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/

https://www.youtube.com/watch?v=y-4UQSXkqig

Search for online tutorials and other handy information, such as YouTube videos for using Wireshark in addition to the above.

Packet Capture Experiment Description Write the exact packet capture filter expressions to accomplish the following:

1. Capture all TCP traffic to/fromhttps://webcampus.wilmu.edu, during the time when you are logging in to your Webcampus account. Your capture should already be running.

2. Capture all HTTP traffic to/from Webcampus, when you log in to your Webcampus account

3. Find a popular YouTube video and play it while capturing all traffic to/from YouTube.

4. Save all your captured packets as you will need to submit them along with your report.

After you run Wireshark with the above capture filters and collect the data, do the following:

1. Write a DISPLAY filter expression to count all TCP packets (captured under item #1) that have the flags SYN, PSH, and RST set. Show the fraction of packets that had each flag set.

2. Use a DISPLAY filter expression to separate the packets sent by your computer vs. received from Webcampus and YouTube Note that when sniffing out TCP packets, you will be receiving TCP packets, SSL packets, and HTTP packets. This is because HTTP/SSL run on top of TCP and you capture their packets by default because they are subclasses of TCP packets. So, capture them all and store in a local database. Then use display filters to separate the subset of TCP packets that are also HTTP packets. (You can do this by filtering only packets on port 80). Note that some of your sessions, e.g., Facebook, may be using secure HTTP (HTTP/SSL or HTTPS), which uses the port number 443.

Report Preparation and Submission

The report should contain the following information:

Location where the experiments were run (University campus/lab, home, other) and the type of your computer. Exact Wireshark filters used for capture and display. To improve the readability of your report, provide the filter expressions in separate lines and use the Courier font to write the filters. Screenshots of the filters results Explanation for every component of your filter expressions. The exact URL for all Youtube videos that you visited for this experiment. Include any reference sources. Attach the captured packets files to your submission.