Wireshark Packet Analysis Assignment
RP
- Capture and ARP packet (use the arp_resolution.pcap file if you cannot do it directly). Inspect the packet and see if you can fill in all the fields in the table
- Work through the ARP Request and Response sections on pages 88/89.
IP
- Capture an IP packet (use a pre-captured one from lots of web.pcap if you need to)
- Fill in the information in Figures
Use ip_frag_source. cap to work through the fragmentation section. Reflect of the differences between fragmentation at the IP level and at the Ethernet level. (300 words)
TCP
- Capture a TCP packet
- Inspect the ports associated with the packet, indicating what application is associated with that port
UDP
- Capture a UDP packet (you might have to get one from udp_dnsrequest.cap)
- Fill in the information in Tables (Reflect on why this information is so much less than for TCP)
- Inspect the ports associated with the packet, indicating what application is associated with that port
- Have a look at ICPM packets and reflect on their usefulness. In particular, consider the PING utility.