Lab 11 -- Investigating Transport Layer Protocols with Wireshark

Investigating Transport Layer Protocols with Wireshark

This lab introduces a protocol inspection tool ("packet-sniffer"), called Wireshark, and encourages you to use it to investigate a transport layer protocol. You may find it helpful to read the Wireshark Introduction from Kurose and Ross.

  1. Work in pairs to build a simple LAN consisting of two workstations connected via a hub/switch.
  2. Configure the workstations with IP addresses 192.168.10.2 and 192.168.10.3, subnet mask 255.255.255.0 and default gateway 192.168.10.1.
  3. Make sure that the workstations are connected using ping.
  4. Start the Wireshark tool (Start -> Programs -> Network Tools -> Wireshark).
  5. Select the Capture pull-down menu and choose Start. You will be prompted to enter some options for the packet capture. You can use the default settings for everything except the device interface. Here you will have a choice of the active NIC's on your workstation. You may need to use trial and error to identify the correct interface.
  6. When packet capture has started, try pinging each of the workstations again. Stop packet capture and examine the main Wireshark window to see what packets have been captured.
  7. List all of the different protocol types that have been captured.
  8. What protocol is used by ping?
  9. Start the Solar Winds TFTP server on one of the workstations (Start -> Programs -> Network Tools -> TFTP server).
  10. Now start capturing packets using Wireshark on the same workstation.
  11. Use the other workstation to download a file from the TFTP server. You'll need a Windows command window to do this. Try a command such as tftp -i 192.168.10.2 GET fred.txt fred.txt which will transfer a file called 'fred.txt' from the TFTP server running on 192.168.10.2 and create a copy called 'fred.txt' in your current directory.
  12. Stop packet capture.
  13. Examine the main Wireshark window.
  14. What transport protocol is used by the TFTP protocol?
  15. Use a web browser to visit the RFC site ( http://www.rfc-editor.org). Download the RFC for the transport protocol identified above.
  16. For one of the packets sent by the server to the client, write down all fields of the transport layer header.
  17. For one of the packets sent by the client to the server, write down all fields of the transport layer header.
  18. What is the port number used by the TFTP server?
  19. Suggest two further items of useful information that can be obtained from the packet analysis.