Homework 9 : Packet Capture and Analysis

In this assignment, we will learn how to capture packets in the network and analyze such packet traces.

Wireshark

Wireshark is a software that allows you to capture packets, save those packet traces, and analyze saved traces. Download wireshark from www.wireshark.org and learn how to use various analysis tools provided in the software. Most of the standard analysis tasks can be performed using these tools. Depending on the analysis task, sometimes the standard tools that come with Wireshark will not be adequate. In that case, you have to either store the trace and use a different software to analyze the trace or write a custom program to analyze the trace.

Question 1: Trace Analysis

Lets first learn how to analyze traces. Download this trace and answer these questions about the trace:

1. How many packets are in the trace?
2. How many HTTP packets are in the trace?
3. If your UH ID is odd: How many unique destination IP addresses are odd among all HTTP packets? If your UH ID is even: How many unique destination IP addresses are even among all HTTP packets?
4. Which hosts made DNS queries for which hosts? What is the IP address of the DNS server?
5. Plot CDF of DHCP ACK and NACK packet sizes on a single graph.

When you answer each question, please also include a succinct description of how you computed the answers. If you used a script/program, please include the source code in your submission.

Question 2: Analyze your own packet trace

Use Wireshark to capture about 10000 packets during the day. Don't forget to put your wireless interface in promiscuous/monitor mode. If you don't have a laptop that supports promiscuous/monitor mode, please stop by TA office hours to borrow a laptop to capure the packets. Answer the five questions listed above about your packet trace. Include your packet trace (use packettrace as file name) in your submission.

Submission