Wireshark HTTP and DNS Labs Addendum

Tom Kelliher, CS 325

Feb. 15, 2008

Reminder: When printing packet data, choose the ``Selected packet only'' radio button. The default is to print ``All packets,'' which is usually overkill and wastes paper.

Capturing Live Data

  1. For these and succeeding Wireshark labs, you can either use Cygwin/kingfisher in HS 149 or boot CentOS in the X Lab and login as cs325.

    If you use CentOS in HS 123, remember to boot back to Windows XP after you've finished.

  2. To capture live network data, you must run Wireshark as root. Follow these steps:
    1. Open a command-line shell: Applications $\rightarrow$ Accessories $\rightarrow$ Terminal.

    2. Enter the command: 
         wiresharkSudo &

    3. Wireshark will run, popping up its main window. A small pop-up warning dialog box will also pop up. Find it and dismiss it.

  3. To start a packet capture session, do the following:
    1. Open Capture $\rightarrow$ Interfaces. Click the Options button to the right of the eth0 device.

    2. Heed the following if you're using Wireshark under Cygwin/kingfisher. (You can ignore this if you're using CentOS in the X Lab.) The Capture Options will show a Capture Filter similar to: 
         not ip host bluebird.goucher.edu
      Replace that Capture Filter with: 
         not tcp portrange 6000-6016

    3. Click the Start button to start the capture.

      Click the Stop button on the main Wireshark window to stop the capture.

HTTP Lab Addendum

Turn in your responses to the questions asked in the lab.

  1. Section 2: If you don't get the expected response from the URL given in this section, try http://phoenix.goucher.edu/.

  2. Section 4: One of the image links within the URL given in this section is broken. Instead try http://phoenix.goucher.edu/~kelliher/s2008/cs325/images.html.

  3. Section 5: Another option is to try
    http://phoenix.goucher.edu/~kelliher/s2008/cs325/files.

    If you look carefully, you notice that Wireshark does the base64 decoding for you.

DNS Lab Addendum

Turn in your responses to the questions asked in the lab.

  1. nslookup is available from the Linux command line shell. It's also available from the command line shell in Windows XP. (But why would you want to use XP when you can use Linux?)

  2. Section 2: Under Linux run 
    /sbin/ifconfig eth0
    from the shell.

  3. Section 3: Neither kingfisher nor CentOS on the X Lab workstations uses a local DNS cache, so there's nothing to clear.

    You can determine the IP addresses of the DNS servers in use on a Linux system by typing 

    cat /etc/resolv.conf
    from the shell.


Thomas P. Kelliher 2008-02-16
Tom Kelliher