CT320: Packet Sniffing

Network Protocol Lab

The purpose of this assignment is to learn about network protocols by using a “packet sniffer” to examine network traffic on the local area network in our lab.                 

Description

For this assignment you will create a document called R7.txt with a section for each network protocol that you capture using the packet sniffer. For this recitation we are using the tcpdump packet sniffer.                 

Part 1 — Introduction to Packet Sniffers

First, find out the name of your network interface.

• The name of the interface varies—it may be eno0, or sometimes eth0.
• The ip route command shows your interface name at the end of the first line.

Here is a sample tcpdump command:                 

    sudo tcpdump -A -i eno0 'tcp port https and host google.com' | tee log

Open your web browser and go to www.google.com.                 

1. Why sudo?
2. What does -A do?
3. What does -i eno0 do?
4. What does the rest do?
5. What does the | tee log do?
6. What does the entire command do?

Packet sniffers capture network traffic by listening to the local network interface in promiscuous mode. Thus, all LAN traffic is detected, not just packets that involve your computer. Make sure you know how to specify the interface and how to dump an ASCII interpretation of the packets. The filtering mechanism in tcpdump is very useful for this assignment, since it allows the user to filter out unwanted traffic.                 

Part 2 — HTTP Protocol

Use tcpdump to capture an HTTP request and reply from: http://icanhazip.com/                 

1. What version of HTTP protocol is being used?
2. How many packets of data are returned?
3. How many bytes?
4. What is the format of the data?
5. Can you see the web page in the payload of the reply?

Part 3 — HTTPS Protocol

Use tcpdump to capture an HTTPS (did you see the ‘S’?) request and reply from: https://cs.colostate.edu/~ct320/alphabet.txt                 

1. What version of HTTP protocol is being used?
2. How many packets of data are returned?
3. How many bytes?
4. What is the format of the data?
5. Can you see the web page in the payload of the reply?

Part 4 — Network protocols

For each protocol in the following list, use tcpdump to capture the associated packets, and explain the purpose and size of each request and reply:                 

1. ICMP protocol (ping command)
2. SSH protocol (ssh remote login)
3. SCP protocol (scp file copy)

Format your explanation like this:

• Name of protocol: ICMP
• Purpose: ICMP’s purpose in life
• Request: What sending an ICMP packet means—what’s in it?
• Reply: What a reply ICMP packet means—what’s in it?

Part 5 — Other Protocols

Use tcpdump to find at least two other protocols that are ongoing in the network lab. List your answers in the same format as the previous section.                 

Part 6 — Credit

Show your R7.txt to the TA for credit.