Question 1. Analysis of Protocols with Wireshark [14 marks]
Objective: Gain a good understanding of common Internet protocols as well as using packet capture software (Wireshark)
The file a01-assignment-1-question-1-capture.pcap on Moodle contains packets
captured in an exchange between several computers.
The capture was performed in an internet where all subnets used a /24 mask. The capture was performed on interface eth1 on a computer with the following details:
Use the file and the above information to answer the following sub-questions. Do not try to guess answers; use only the above information, the capture file and your knowledge of networking and security to find the answers.
(a)Several applications were used on several different computers. Complete the table to summarise the applications in use in the network. The columns are:
Application name or protocol, e.g. Web, SSH, ?, where ? means cannot determine from the capture.
Transport protocol. TCP, UDP, ICMP or other.
Client Port(s). Use a range, e.g. 1-10, if the client changes ports for each connection.
Server Port, Client IP, Server IP.
Time of use. The time when the application is in use. Round to the nearest second. Use a range, e.g. 0-4 seconds.
The first row includes example values of selected columns. Complete (or edit) and add further rows as necessary. [4 marks]