CT320

CT320: Network and System Administration                

Fall 2017                

Packet Sniffing                

CT320: Packet Sniffing                

Network Protocol Lab                

The purpose of this assignment is to learn about network protocols by using a “packet sniffer” to examine network traffic on the local area network in our lab.                 

Description                

For this assignment you will create a document called R7.txt with a section for each network protocol that you capture using the packet sniffer. For this recitation we are using the tcpdump packet sniffer.                 

Part 1 — Introduction to Packet Sniffers                

Here is a sample tcpdump command:                 

    sudo tcpdump -A -i eth0 'tcp port https and host google.com' | tee log

Open your web browser and go to www.google.com.                 

  1. Why sudo?
  2. What does -A do?
  3. What does -i eth0 do?
  4. What does the rest do?
  5. What does the | tee log do?
  6. What does the entire command do?

Packet sniffers capture network traffic by listening to the interface on the local system, thus all LAN traffic is detected. Make sure you know how to specify the interface and how to dump an ASCII interpretation of the packets. The filtering mechanism in tcpdump is very useful for this assignment, since it allows the user to filter out unwanted traffic.                 

Part 2 — HTTP Protocol                

Use tcpdump to capture an HTTP request and reply from: http://icanhazip.com/                 

  1. What version of HTTP protocol is being used?
  2. How much data is returned and what is the format?
  3. Can you see the web page in the payload of the reply?

Part 3 — HTTPS Protocol                

Use tcpdump to capture an HTTPS (did you see the ‘S’?) request and reply from: https://cs.colostate.edu/~ct320/alphabet.txt                 

  1. What version of HTTP protocol is being used?
  2. How much data is returned and what is the format?
  3. Can you see the web page in the payload of the reply?

Part 4 — Network protocols                

For each protocol in the following list, use tcpdump to capture the associated packets, and explain the purpose and size of each request and reply:                 

  1. ICMP protocol (ping command)
  2. SSH protocol (ssh remote login)
  3. SCP protocol (scp file copy)

Part 5 — Other Protocols                

Use tcpdump to find at least two other protocols that are ongoing in the network lab. What is the purpose of the protocol and who is generating it? What is the reply to the protocol from the local host, and what is the purpose?                 

Part 6 — Credit                

Show your R7.txt to the TA for credit.                 

Modified: 2017-11-16T15:36                 

User: Guest                 

Check: HTML CSS
Edit History Source
Apply to CSU | Contact CSU | Disclaimer | Equal Opportunity
Colorado State University, Fort Collins, CO 80523 USA
© 2015 Colorado State University
CS Building