Setting Up Wireshark and Initial Capture
CPTR 494 final Project
Part 1: Setting Up Wireshark and Initial Capture
1. Install Wireshark (if not already installed):
Download and install Wireshark from https://www.wireshark.org/.
Ensure that the user has appropriate privileges to capture network traffic
(admin/root access may be required).
2. Start Wireshark:
Open Wireshark.
Select the network interface that you will capture from (e.g., Ethernet, Wi-Fi).
Click on the Start Capturing Packets button (the blue shark fin icon).
3. Generate Traffic:
Open a browser and visit a few websites.
Perform a file download or stream a video to generate more traffic.
4. Stop the Capture:
After a few minutes, click the Stop Capturing Packets button (the red square).
Part 2: Analyzing Network Traffic
1. Examine Protocols:
In the Wireshark window, notice the Protocol column.
Identify common protocols like HTTP, HTTPS, TCP, UDP, DNS, etc.
Use the filter bar to focus on specific protocols:
Example: http to view only HTTP packets.
Example: dns to view only DNS queries.
2. Follow TCP Streams:
https://www.wireshark.org/
Select any packet from the TCP protocol.
Right-click and choose Follow → TCP Stream.
This feature will show you the complete conversation between two hosts in a
session.
Identify any readable content (especially in unencrypted protocols like HTTP).
Part 3: Identifying Security Concerns
1. Unencrypted Data:
Use the HTTP filter (http) to locate HTTP traffic.
Select a packet and inspect its details in the packet content section.
You should be able to see the request and response sent over HTTP. Look for
plain-text data like usernames, passwords, or sensitive information.
2. DNS Queries:
Use the DNS filter (dns) to view DNS query and response traffic.
Analyze what domain names are being requested and to which IP addresses they
are resolved.
3. SSL/TLS Traffic:
Use the HTTPS filter (ssl) to find encrypted HTTPS traffic.
Notice the difference from HTTP traffic — you cannot see the actual content of
encrypted communication, but you can still analyze the structure of the
handshake.
4. Man-in-the-Middle Vulnerabilities (Discussion):
Discuss how unencrypted traffic (like HTTP) can be intercepted by attackers.
Explain how HTTPS prevents eavesdropping but also highlight the risk of
SSL/TLS attacks (e.g., SSL stripping).
Part 4: Practical Task – Password Capture (Simulated)
Note: This section should be conducted in a controlled environment to avoid capturing sensitive
real-world data.
1. Simulated Login Capture:
Open a website or local service that uses plain HTTP for login (set up in a local
environment, e.g., a demo website using HTTP).
Enter dummy credentials (e.g., username: admin, password: password123).
2. Capture and Analyze the Traffic:
In Wireshark, use the filter http to locate the HTTP POST request.
Look into the packet details and identify the credentials sent in plain text.
Discuss the implications of sending credentials over unencrypted channels.
Part 5: Exporting and Reporting
1. Export Packet Capture:
Go to File → Export Specified Packets to save the capture file for further
analysis or report writing.
2. Lab Report:
Based on your capture, write a brief report discussing:
The types of protocols captured.
Any security concerns you observed (e.g., unencrypted credentials).
The importance of encryption in network security.
Lab Wrap-Up and Discussion
1. Reflection:
Discuss the importance of using tools like Wireshark to monitor network traffic.
How could an attacker exploit insecure network communications?
Resource: https://www.youtube.com/watch?v=a_4MjV_-7Sw
Cisco Packet Tracer
To create a beginner lab in Cisco Packet Tracer that focuses on IPv6 and ICMP, you can
configure devices to use IPv6, and then analyze how ICMP works for network diagnostics. The
video link is a tutorial on Cisco Packet Tracer, explaining the software’s functions, features, and
how to use it for networking simulations. It covers setting up basic network devices, configuring
routers and switches, creating topologies, and using the simulation mode to visualize packet
flows. This video is ideal for beginners looking to understand networking and practice network
configurations in a virtual environment.
You can watch it here: https://www.youtube.com/watch?v=qZB_biPOBwA
Part 1: Network Topology Design
Cisco Packet Tracer installed.
Basic understanding of networking concepts like IP addressing, routers, and pings.
Familiarity with the Cisco Packet Tracer environment.
Step 1: Create the Network
Use two PCs (PC0 and PC1) and two Routers (Router0 and Router1).
Interconnect the devices with Ethernet cables.
PC0 should connect to Router0.
PC1 should connect to Router1.
Router0 and Router1 should be connected to each other via a Serial Connection
(if using older router models) or via Ethernet for newer models
(GigabitEthernet).
Step 2: Configure Network Settings
Assign IP addresses to the routers and PCs using IPv6.
Part 2: Configuring IPv6 on Routers and PCs
Step 1: Configure Router0 and Router1
1. Configure Router0:
Click Router0 > CLI.
Enter the following commands:
Router> enable
Router# configure terminal
Router(config)# interface gigabitethernet0/0
Router(config-if)# ipv6 address 2001:0db8:1::1/64
Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# interface serial0/0/0 (for serial interface)
Router(config-if)# ipv6 address 2001:0db8:2::1/64
Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# ipv6 unicast-routing
Router(config)# exit
Router# copy running-config startup-config
1. Configure Router1:
Click Router1 > CLI.
Enter the following commands:
Router> enable
Router# configure terminal
Router(config)# interface gigabitethernet0/0
Router(config-if)# ipv6 address 2001:0db8:3::1/64
Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# interface serial0/0/0 (for serial interface)
Router(config-if)# ipv6 address 2001:0db8:2::2/64
Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# ipv6 unicast-routing
Router(config)# exit
Router# copy running-config startup-config
Step 2: Configure PCs
1. Configure PC0:
Click PC0 > Desktop > IP Configuration.
Set the IPv6 address to 2001:0db8:1::2/64 and the default gateway to
2001:0db8:1::1.
2. Configure PC1:
Click PC1 > Desktop > IP Configuration.
Set the IPv6 address to 2001:0db8:3::2/64 and the default gateway to 2001:0db8:3::1.
Part 3: Testing Connectivity with ICMP (Ping)
Step 1: Ping between PCs
Go to PC0 > Desktop > Command Prompt and use the following command to ping
PC1:
ping 2001:0db8:3::2
Go to PC1 and ping PC0:
ping 2001:0db8:1::2
Expected Result: The ping should succeed if the routing and interfaces are correctly configured.
Task:
Test the ping to verify connectivity between the devices.
Troubleshoot any issues that might occur (e.g., no connection due to incorrect IP
addresses or interfaces not being enabled).
Part 4: Viewing and Analyzing ICMPv6 Traffic
Step 1: Capture ICMPv6 Traffic
Cisco Packet Tracer allows you to capture and view packets.
Click on the Simulation tab at the bottom.
Choose ICMP from the filters on the right side.
Start a new ping from PC0 to PC1 or vice versa.
Watch the simulation and observe the ICMP packets.
Step 2: Analyze the Packet
Click on one of the captured ICMP packets to open it.
Review the packet contents, specifically the ICMP message types (128 for Echo Request,
129 for Echo Reply).
Task:
Identify the fields in the ICMPv6 packet (Type, Code, Checksum).
Explain the function of an ICMP Echo Request and Reply.
Part 5: Traceroute and ICMP Error Messages (Optional)
Step 1: Traceroute
On PC0, run the tracert command to trace the path to PC1:
tracert 2001:0db8:3::2
Observe how ICMP Time Exceeded messages are generated at each hop.
Task:
Explain how traceroute uses ICMP messages to map the route between devices.
View and analyze the Time Exceeded ICMP messages in the simulation mode.
Lab Steps: Vulnerability scanning
Part 1: Setup Nessus
1. Install Nessus: https://www.youtube.com/watch?v=hRQRg7SB1Aw
• Download and install Nessus from the Tenable website.
2. Configure Nessus:
• Start Nessus and log into the web interface.
• Navigate to Settings > Scans and click New Scan.
Part 2: Run a Scan
1. In Nessus, set up a Basic Network Scan.
• Target: ( localhost or specific individual IPs).
• Leave default settings, or choose specific scan types (e.g., vulnerability scan).
2. Start the Scan and monitor progress.
Part 3: Analyze Results
1. Review Vulnerabilities:
• Once the scan completes, review the report.
• Categorize findings (Critical, High, Medium, Low).
2. Document Vulnerabilities:
• For each vulnerability, take note of:
• CVE (Common Vulnerabilities and Exposures) ID.
• Description.
• Solution or recommended actions.
CPTR 494 final Project
Part 1: Setting Up Wireshark and Initial Capture
Part 2: Analyzing Network Traffic
Part 3: Identifying Security Concerns
Part 4: Practical Task – Password Capture (Simulated)
Part 5: Exporting and Reporting
Lab Wrap-Up and Discussion
Cisco Packet Tracer
Part 2: Configuring IPv6 on Routers and PCs
Part 3: Testing Connectivity with ICMP (Ping)
Part 4: Viewing and Analyzing ICMPv6 Traffic
Part 5: Traceroute and ICMP Error Messages (Optional)
Lab Steps: Vulnerability scanning
Part 1: Setup Nessus
Part 2: Run a Scan
Part 3: Analyze Results
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
