Download Wireshark and install it on your computer. Search for online tutorials and other handy information, such as YouTube videos for using Wireshark.
Note that Wireshark can be used to sniff wireless traffic (see the wiki article WLAN Capture Setup).
Write the exact packet capture filter expressions to accomplish the following:
Note that when sniffing out TCP packets, you will be receiving
TCP packets, SSL packets, and HTTP packets.
This is because HTTP/SSL run on top of TCP and you
capture their packets by default because they are subclasses
of TCP packets.
So, capture them all and store in a local database.
Then use display filters to separate the subset of TCP packets that are also HTTP packets. (You can do this by filtering only packets on port 80).
Count how many TCP packets you received from / sent to Facebook or YouTube, and how many of each were also HTTP packets.
Determine if any TCP packets with SYN or PSH flags set were sent from your host or received from Facebook/Youtube.
Go flag-by-flag and count how many packets have
then how many have
and finally, how many have
Report all three counts in a table.
Of course, you may do more. For example, you could find out if any packets had both PSH and RST set, or other flags not listed here.
Draw a rough PowerPoint sketch with a timeline of your Youtube session (roughly 5 minutes, or whatever is the duration of your chosen video) and indicate approximately when during the session the packets with SYN or PSH flags occurred. Your timeline should start at the time when the first video packet is received and end when the last video packet is received. You don’t need to draw a precise timeline—just illustrate the relationships.
Analyze if during the course of a video session your client connected to multiple Youtube servers. Indicate approximately on the timeline where this occurred. Did packets with SYN or PSH flags occur at about the same time when your server changed? Provide some explanation as to why SYN/PSH packets were sent at all and if they were correlated with the server switching.
Analyze the Youtube packet sizes. Draw a histogram showing how many packets were received within a range of sizes. E.g., how many packets had length 0 - 100 bytes, 100 - 200 bytes, 200 - 300 bytes, etc.
The report should contain the following information:
Courier fontto write the filters.
You may include your Wireshark
*.pcap files as
an appendix to your report
When presenting a figure in your report, do not just say “see Figure 5”. Tell us where to look in Figure 5 and what should we see. If you don’t tell us where to look and what to see, we may not see interesting or important features that you wanted to highlight and as a result you will not receive credit for your analysis.
To receive credit, it is not enough just to attach
the raw Wireshark data to your report.
Instead, you must analyze and discuss the data,
and include diagrams and charts.
It is critical that your
report summarizes the captured data in diagrams, and the narrative
provides discussion and explanation of the
The items listed above form just a minimum requirement for the report and can be satisfied to a different degree. Only the students who have performed greatest number of experiments and provided most extensive analysis and discussion of their results shall receive the top score (100%). The reports that have satisfied all the required items, but only to a bare minimum, shall receive 60% out of 100% of the maximum score.
Each group should submit a single project report as a PDF document (no other formats will be accepted).
The cover page of the report should include:
⋅ the course title and number
⋅ the project title
⋅ the group members
⋅ the submission date
Optional: To help us assign the grades fairly, you may indicate the breakdown of contributions for each team member.
Submission deadline is given on the course syllabus page.
Back to Wireshark projects page
& Back to Computer Networks textbook page
Last Modified: Wed Nov 14 13:51:25 EDT 2012 Maintained by: Ivan Marsic