Ethernet WireShark
Download
Report
Transcript Ethernet WireShark
Ethernet WireShark
Utkarsh Mahajan
Id: A1238
Download:
http://www.wireshark.org/download.html
Referance:
http://en.wikipedia.org/wiki/Wireshark
What is Wire shark?
Wireshark is a free packet sniffer computer application. It is used for
network troubleshooting, analysis, software and communications protocol
development, and education. In May 2006 the project was renamed from
Ethereal due to trademark issues.
Features:
Wireshark is software that "understands" the structure of different
networking protocols. Thus, it is able to display the encapsulation and the
fields along with their meanings of different packets specified by different
networking protocols. Wireshark uses pcap to capture packets, so it can
only capture the packets on the networks supported by pcap.
1.Data can be captured "from the wire" from a live network connection or
read from a file that records the already-captured packets.
2.Live data can be read from a number of types of network, including
Ethernet, IEEE 802.11, PPP, and loopback.
3.Captured network data can be browsed via a GUI, or via the terminal
(command line) version of the utility, tshark.
4.Captured files can be programmatically edited or converted via
command-line switches to the "editcap" program.
5.Display filters can also be used to selectively highlight and color packet
summary information.
6.Data display can be refined using a display filter.
7.Hundreds of protocols can be dissected.
Start from capture
Settings
After start
Sort by source
Packet details pane
Filters
Some practice problems and the solution of that
problems.
What is the 48-bit Ethernet address of your computer?
Ans: 00 1F 3A 01 18 60
2.What is the 48-bit destination address in the Ethernet frame?
Ans: 00:1c:10:52:fa:1f
3.Give the hexadecimal value for the two-byte Frame type field.
Ans: 0x0800
4. What is the size of Ethernet packet captured?
Ans: 1484 bytes
5. How many bytes are the IP header?
Ans: 20 bytes
What is the value of the Ethernet source address? Is this the address of
your computer, or of http://www.svuca.edu What device has this as its
Ethernet address?
Ans: 00:1f:e1:12:07:a9
This is not the address of my computer and also not the address
Of http://www.svuca.edu/home/index.php .
This is the Ethernet address of the router to which PC was
connected.
What is the destination address in the Ethernet frame?
Ans: ff:ff:ff:ff:ff:ff