Lab 4: Network Packet Capture and Analysis using Wireshark 4.1 ...
Lab 4: Network Packet Capture and Analysis using Wireshark 4.1 ...
Lab 4: Network Packet Capture and Analysis using Wireshark 4.1 ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Wireshark</strong> <strong>Analysis</strong> - Statistics<br />
4.2.10 <strong>Wireshark</strong> provides a Statistics menu, which provides tools to help narrow the focus of a<br />
network forensic investigation, including overall statistics, conversations, <strong>and</strong> information on<br />
systems involved in the conversations.<br />
Start the capture, <strong>and</strong> generate some Web traffic by going to www.schneier.com, then stop<br />
the capture, <strong>and</strong> select the Statistics->Protocol Hierarchy menu option. A window similar to<br />
that shown in Figure 8 should be shown, displaying statictics about the pcap. Note that all<br />
the packets are L2 Ethernet (Local Area <strong>Network</strong>) packets, but at the network layer most of<br />
the packets are TCP, but some are UDP<br />
Figure 8 - Protocol Statistics<br />
<br />
What percentage of packets in your capture are TCP, <strong>and</strong> give an example of the higher level<br />
protocol which uses TCP<br />
<br />
What percentage of packets in your capture are UDP, <strong>and</strong> give an example of the higher level<br />
protocol which uses UDP (use Figure 9)<br />
<strong>Network</strong> Security <strong>Packet</strong> <strong>Capture</strong> & <strong>Analysis</strong> –Rich Macfarlane 9