Home‎ > ‎CIS 75‎ > ‎

Lab 2: Extracting Data with Wireshark

This lab continues the theme of making the invisible visible using Wireshark. This time you will capture packets on your own network.  

Introduction

Wireshark can do much more than just grab packets. It includes powerful tools that extract useful information from captures streams. In this lab you will extract information from an HTTP stream. The lab requires you to have Wireshark installed on your computer. If you're working in the lab Wireshark is installed already. In the previous lab you found a password using Wireshark. Passwords are not the only thing of value that you may find by monitoring the network.  

Capture and Extract

In this step you will capture packets that you'll examine in the next step.
  1. Start Wireshark and begin a live capture on the network device that connects you to the internet. You can determine what device to use by looking at Wireshark's home screen (shown below)
     
    Notice the home screen shows what interfaces are receiving traffic. You should pick the interface that appears active. 
  2. With a capture running visit  this link to take you to Cabrillo's website. NOTE: Your browser cache may cause the browser to avoid reloading the images on Cabrillo's website if you've been there recently. If that happens you will not see image files when you export HTTP objects. Try the following:
    On Chrome: Hold the SHIFT key and click the reload button.
    On Firefox: CTRL + SHIFT + R 
    On IE: CTRL + SHIFT + R
  3. Stop the live capture. 
  4. Use Wireshark's display filters to show you only HTTP traffic by entering "http" into the filter box as shown in the picture below 
  5. If you look in the lower right side of the window you should see a message stating that you have around 100 packets displayed. If you see fewer retry the capture and be sure that you refresh the website in a way that avoids the browser cache.
  6. Extract the files from your capture. Using the menu:
  7. Look at the objects in your folder you should
    File -> Export Objects -> HTTP
    That brings up the export dialog. Select "Save All" and save the objects into a folder.
  8. Search the folder to answer the questions below.

Questions

  1. What files contain HTML? 
  2. What files contain Javascript code? 
  3. What is the filename of the picture with a cat in it? 

Try Wikipedia

Repeat the experiment by starting a packet capture on your computer then following this link: 


The link takes you to a random article on Wikipedia. Answer the questions below.

Questions

  1. What packets appear when you filter on "http"? 
  2. What objects are available when you use the "Export Objects" function?
  3. Can you explain the difference? 

Turn In

  1. The objects you extracted from Cabrillo's webpage in a ZIP file. 
  2. Answers to the questions from "Capture and Extract"
  3. Answers to the questions from "Try Wikipedia"
Submit your homework on Canvas.

Grading

  • 10 points for Cabrillo resources.
  • 10 points for your answers.
Comments