lab 0_jean paul
TRANSCRIPT
-
7/29/2019 Lab 0_Jean Paul
1/3
1
04-641 LAB 0
Name:NIZEYIMANA Jean Paul
Andrew ID:jnizeyim
Course: Fundamentals of Telecommunications and Computer Networks
1. Different protocols that appear in the protocol column in the unfiltered packet-listing window are:
LLMNR, NBNS, DHCPv6, TCP, DB-LSP-, SSL, ARP, SSDP, TLSv1
Here is a screenshot with those protocols when I downloaded my homepage from my browser ser.
2.
From the frame section of the GET message we can see the arrival time of the packet.
Here we have: 12:49:53.345837000
Again from that section, we can see the arrival time for the HTTP OK reply which is 12:49:53.
0.881765000
The time it took will be the difference of both times (HTTP Ok reply minus HTTP GET message):
-
7/29/2019 Lab 0_Jean Paul
2/3
2
. 881765000 - . 345837000 = 0.535928000 seconds
3. From the Internet Protocol section we can find this information.
Src(Source) is the local computers IP address which is my computer and the Dst(Destination) is the
web servers IP address.
- The IP address of www.ece.cmu.edu is 128.2.129.29
- The IP address of my computer is 172.29.52.209
4. From the Statistics menu on summary I can see the number of all packets captured. Mine are 194
packets.
- To determine how many packets contain my IP address I used IP address172.29.52.209 filter :
ip.addr ==172.29.52.209 And I have 166 packets containing my IP address.- When reverse the filter to determine how many packets dont contain my ip address, I used
IP Address isnt 172.29.52.209 filter : !(ip.addr ==172.29.52.209). And I have 28 packets.There is no problem here.
IP and filters are applied to both the source and destination addresses.
The wrong syntax would be ip.addr!=172.29.52.209 this doesnt work well because it does not do the
expected. If one of the IP addresses does not equal the specified address while the other IP address
does equal, the packet will still be considered to be a match.
In its place, that expression will even be true for packets where either source or destination IP address
equals 172.29.52.209. The reason for this, is that the expression ip.addr != 172.29.52.209 must be read as
"the packet contains a field named ip.addr with a value different from 172.29.52.209".
As results I have 187 packets instead of 28 packets.
The correct filter is !(ip.addr ==172.29.52.209); this must be read as There is no IP address in the
packet which matches 172.29.52.209.
-
7/29/2019 Lab 0_Jean Paul
3/3
3
5. The difference between the temporary and permanent packet coloring is that temporary coloring is
only used when the program is running while permanent coloring is saved to a file and its available on
a next session.
To add temporary coloring we select a packet and press the key together with one of the number
keys. It will try to create a conversation filter based on TCP first, then UDP, then IP and at last
Ethernet. For example if I press + 2 I have the pink color.Temporary filters can also be created by selecting the "Colorize with Filter > Color X" menu items
when right-clicking in the packet-detail pane.
To permanently colorize packets, we select the Coloring Rules... menu item from the View menu.
6. Colorizing http.response packet to pink.
From the menu I selected wireshark open a dialog box
with different buttons. I clicked on button, and it opened another dialog box
in the field I entered http and in the field I choose in the
http.response and finally I choose pink as Background color.
The purpose of this colorization was to make easy the access of all http responses by giving them a
different color. The same thing can be done on any protocol.
By clicking on button I can save my coloring rule as a file so that it can be used next time I
want it. To use it the next time I have to click on import and add that colorization.