Using Wireshark to Analyze a Packet Capture File (NETLAB)
Purpose
You will be examining a saved packet capture
file with Wireshark, to practice finding
information from it.
Use your Kali32 Machine
Open the Kali32 virtual machine. Log in as root
with the password toor
Downloading the Packet Capture File
In a Terminal window,
execute these commands:
wget http://samsclass.info/106/proj13/p3.pcap
wireshark p3.pcap
Press Enter twice to close Wireshark warnings.
The file opens in Wireshark, as shown below on this page.
Analyzing the Packet Capture File
Examine the wireshark window and find answers to the following questions: - This packet capture file contains two TCP handshakes. Find the first handshake and write down the packet numbers of those packets (the column labeled "No.").
- In this session, a client machine initiated a connection to a server and then downloaded a file. What is the client's IP address?
- How many HTTP GET request packets are there?
- Find the first HTTP GET request packet. What was the server's IP address? (The server is the Destination).
- Examine the first packet. Look at the center pane in Wireshark. How many bytes were sent on the wire to form this packet? Last Modified: 8-14-13 1:39 PM
Modified for NETLAB 6-16-16