Lab 7: network protocol analyzer

Ethereal network protocol analyzer

Pre-assignment: Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

Ethereal is available for Windows and Linux (http://www.ethereal.com/download.html).

 Before installing Ethereal for Windows, you must first install WinCap (from http://winpcap.polito.it/) to allow for the capture of network packets.

Assignment:

·         After installing Ethereal,

o        double-click on the Ethereal icon

o        Pull down the Capture menu and select Start.

o        Allow Ethereal to run for about 60 seconds before pressing the Stop button.

o        Have one of the other computers open and run different TCP/IP programs like ping, nslookup, etc.

o        Inspect the results.

o        Pull down the tool menus and select Protocol Hierarchy Statistics to see a summary of the packets received.

Post-assignment:

1)      Submit answers to the following questions based on the reports you generated.

· How many packets were captured?

· How many packets were dropped [look in the summary]?

· Describe the different types of protocols captured and the different levels of communications (use the different tabs in Conversations).

· Were there any unexpected "conversations"?

· Which device(s) did your computer "talk" to the most?

· Which are the most frequent type of packets captured?

· Was the traffic constant [look at the IO Graph]?

· Describe several uses of Ethereal?