Experiment No.

02
Title: Introduction to Network Security Tools (I). Object: Familiarize with the basic network security tools i.e. Ethereal. Lab Tasks Includes

Start Ethereal to capture all traffic. Analyze the captured packets headers
Description: ETHEREAL

It is a free, open source, network sniffer that understands over 700 different protocols. It allows you to capture from a live network connection and analyze and display the contents and protocol information of the protocol data of the captured network data. Ethereal can run on Linux/Unix, Windows and Mac computers and is stable and well documented. It can capture from Ethernet networks but also from multiple other networks like a point-to-point network such as PPP. .

1. DNS QUERY PACKET

2. DNS RESPONSE PACKET:

3.

ETHERNET II FRAME FORMAT:

4. ETHERNET II FRAME FORMAT

Destination MAC Source MAC TYPE

00 73 07 0e 13 26 00 01 02 13 7c f7 08 00

5. INTERNET PROTOCOL

Version: Its a 4 bit value and set to 4 for IPv4. Header Length: Its a 4 bit value telling about the header length. Differentiated Services Field: Defines the way routers should queue packets while they are waiting to be forwarded. Total Length: Its a 16 bit field which defines total packet length including data and header. Identification: Its a 16 bit number which uniquely identifies the packet in combination with source address. Flags: These are 3 flags which are used to control whether routers are allowed to fragment a packet. Fragment Offset: A byte count from the start of the original sent packet set by any router which performs IP router fragmentation Time to Live: It specifies the number of hops which the packets may be routed over. Protocol:

It indicates the type of transport packet being carried. 1 for ICMP 6 for TCP 17 for TCP Header Checksum: A 1's complement checksum inserted by the sender and updated whenever the packet header is modified by a router . Used to detect processing errors introduced into the packet inside a router or bridge where the packet is not protected by a link layer cyclic redundancy check. Packets with an invalid checksum are discarded by all nodes in an IP network Source: It specifies the IP address of the sender. Destination: It specifies the IP address of the receiver. User Datagram: Source Port Destination Port Length Checksum Each of 2 bytes so a total of 8 bytes for the UDP header.

6. Domain Name System:

Flag in DNS query

Flags in DNS query Response

Lab Tasks:

1. Read about the following tools Ethereal, network protocol analyzer, www.ethereal.com 2. Start Ethereal to capture all traffic. Open www.google.com in a web browser. Stop Ethereal. List all packets seen and interpret them.