Using Wireshark to Analyze a Packet Capture File (NETLAB)


You will be examining a saved packet capture file with Wireshark, to practice finding information from it.

Use your Kali32 Machine

Open the Kali32 virtual machine. Log in as root with the password toor

Downloading the Packet Capture File

In a Terminal window, execute these commands:

wireshark p3.pcap

Press Enter twice to close Wireshark warnings.

The file opens in Wireshark, as shown below on this page.

Analyzing the Packet Capture File

Examine the wireshark window and find answers to the following questions:
  1. This packet capture file contains two TCP handshakes. Find the first handshake and write down the packet numbers of those packets (the column labeled "No.").

  2. In this session, a client machine initiated a connection to a server and then downloaded a file. What is the client's IP address?

  3. How many HTTP GET request packets are there?

  4. Find the first HTTP GET request packet. What was the server's IP address? (The server is the Destination).

  5. Examine the first packet. Look at the center pane in Wireshark. How many bytes were sent on the wire to form this packet? Last Modified: 8-14-13 1:39 PM
    Modified for NETLAB 6-16-16