Gabrielle Taylor
09/27/22
Lab 1
1. If a packet is highlighted by black, what does it mean for the packet?
It has errors.
2. What is the filter command for listing all outgoing http traffic?
ether src host 1c:91:80:e0:07:98 (or your own mac address)
3. List up to 10 different protocols that appear in the protocol column in the unfiltered
packet-listing window in step 4 above. As I don’t have control over the data flowing over
your network at the time of your lab, I don’t know exactly how many and what protocols
those will be. I do expect that you have a bunch (if less than 5, please look harder). Just
list out those that you see, but don’t bother to list more than 10. (5 Points)
UDP, ICMPv6, DNS, TCP, MDNS
4. How long did it take from when the HTTP GET message was sent until the HTTP OK
reply was received? (By default, the value of the Time column in the packet- listing
window is the amount of time, in seconds, since Wireshark tracing began. To display the
Time field in time-of-day format, select the Wireshark View pull down menu, then select
Time Display Format, then select Time-of-day.) Include a screenshot and describe where
you got the data to answer this question. (15 Points)
4.194163-3.766095=0.428068s
I got this data from the time column after using the display filter “http”
5. What is the Internet address (IP address) of www.ece.cmu.edu? What is the Internet
address of your computer (This might be a private address, if you are behind a NAT
device. No worries, we’ll learn about that later)? Include a screenshot and describe where
you got the data to answer this question. (15 Points)
The ip of address of of www.ece.cmu.edu: 128.2.131.95
My ip address: 1c:91:80:e0:07:98
Because I couldn’t find how to or figure out how to get that info in Wireshark not to
mention running into so many errors, I used what I knew already. I went to my
� advandced wifi settings to find my ip address. I used terminal and a command called “dig
“
to find the websites internet address.
6. How many packets did you capture (total of all protocols, not just HTTP)?
4675 packets
� 7. Use your newly acquired Wireshark skills to capture the process when your browser
loads the front page of MSN’s website (i.e. http://www.msn.com). How many packets did
you capture? Were all of them HTTP? How many HTTP requests did you make? Were
all the replies "200 OK"? Did you find anything else interesting? Please ensure you have
examined this packet capture in detail, using appropriate Wireshark functionality. Write
up what you saw (yes, please include screen captures where you think they are
necessary). (40 Points)
So, in response to this question or the whole lab for that matter this method or lab isn’t made for
the technological advancements of today. The lab assumes that the websites listed still use http in
this case and time, they don’t. Most sites today use https to be secure, which means that
information shows up encrytpted in wireshark. I used different sites to get similar or the same
results but this question was very unique. If there is another way to decrypt https traffic in
wireshark I would like to be enlightened but as of right now I believe you can not. As, this being
my first time ever using wireshark and drawing information from it I’d say I did pretty good but I
want it also to be considered that I am a sophomore in a senior class that should have the
prerequisite of visual networking, I wasn’t aware of that but decided to just tough the class out.
I’m saying all this to say I ask that you help me understand if there is a way before taking points
off.
