Wireshark Lab: Getting Started With Network Understanding ✓ Solved

Wireshark Lab: Getting Started One's understanding of networ

Wireshark Lab: Getting Started One's understanding of network protocols and capture HTTP GET/OK from gaia.cs.umass.edu. In this lab you will use Wireshark on a computer connected to the Internet to capture packets while you load the URL http://gaia.cs.umass.edu/INTRO-wireshark-file1.html. Start packet capture on the active network interface, load the page in your web browser, stop capture after the page loads, and use the display filter 'http' to view HTTP messages. Locate the HTTP GET sent from your computer and the corresponding HTTP 200 OK reply from gaia.cs.umass.edu. Answer the following questions based on your capture:

1. List three different protocols that appear in the Protocol column in the unfiltered packet-listing window.

2. How long did it take from when the HTTP GET message was sent until the HTTP OK reply was received?

3. What is the Internet address of gaia.cs.umass.edu and what is the Internet address of your computer?

4. Print the two HTTP messages (GET and OK) referred to in question 2.

Paper For Above Instructions

Overview and Objective

The objective of this lab is to become familiar with Wireshark as a packet analyzer and to use it to capture and inspect the HTTP exchange that occurs when requesting the page at http://gaia.cs.umass.edu/INTRO-wireshark-file1.html. The required deliverables are: (1) list three protocols visible in the unfiltered capture, (2) measure the elapsed time between the HTTP GET and the corresponding HTTP 200 OK response, (3) report the IP addresses for the server (gaia.cs.umass.edu) and the local host, and (4) print the two HTTP messages (GET and OK). The approach below describes the steps to obtain these results and provides example outputs and interpretation that you can replicate with your own capture (Wireshark documentation and classic networking texts for procedural and conceptual background are referenced) (Kurose & Ross, 2020; Wireshark Foundation, 2024).

Method

1. Prepare the capture: Launch Wireshark and select the active network interface (Ethernet or Wi‑Fi). Start capture and ensure packets are being recorded on that interface (Wireshark displays live packet counts while capturing) (Wireshark Foundation, 2024).

2. Generate traffic: In your web browser enter the URL http://gaia.cs.umass.edu/INTRO-wireshark-file1.html and wait for the page to fully load.

3. Stop capture: After page load, stop the packet capture to preserve the trace for analysis.

4. Identify HTTP flow: Remove display filtering so you can inspect the unfiltered Protocol column for question (1). Then apply the display filter http to isolate HTTP messages and find the GET request and the corresponding 200 OK reply. If DNS lookup or TCP setup packets are relevant, use filters such as dns or tcp.port==80 to isolate those packets.

5. Time measurement: In the packet list, select the GET packet and note its timestamp. Select the 200 OK packet and note its timestamp. Subtract the GET timestamp from the OK timestamp to get the elapsed time. You can also right-click and select “Compute Time Delta” or change the Time Display Format to time-of-day and compute differences manually (Wireshark UI features) (Wireshark Foundation, 2024).

6. Addresses: For each selected packet, inspect the IP header fields in the packet-details pane. The server IP appears as the destination IP in the GET (or source IP in the OK), and the client IP appears as the source IP in the GET.

7. Printing: To produce printable output of the two HTTP messages, select the two packets and use File → Print, choosing “Selected Packet Only” and “Print as displayed” to capture the decoded HTTP headers and payload for submission.

Representative Results and Answers

Note: The exact numeric values (timestamps and client IP) depend on your local environment and network. Below are representative responses and the method to obtain the precise values from your capture.

1. Example protocols observed in an unfiltered capture

• ARP (Address Resolution Protocol) — often present on LANs for MAC/IP resolution (RFC 826) (Plummer, 1982).
• DNS (Domain Name System) — name resolution queries generated by the browser prior to opening an HTTP connection (RFC 1035) (Mockapetris, 1987).
• TCP (Transmission Control Protocol) — the transport protocol used for HTTP exchanges (RFC 793) (Postel, 1981).

Rationale: When you load a URL you typically observe name resolution (DNS), possible ARP requests if the server is on the same LAN or the default gateway is required, and TCP segments that carry the HTTP request and response. Wireshark’s Protocol column reports the highest-level protocol recognized for each packet, so you will see a mixture of ARP, DNS, TCP, HTTP, and possibly others such as ICMP or mDNS depending on background traffic and the operating system (Kurose & Ross, 2020; Wireshark Foundation, 2024).

2. Timing: GET → 200 OK

Procedure: With the http filter applied, identify the packet containing the HTTP GET request (look for the GET line in the Info column) and the packet that carries the corresponding HTTP/1.x 200 OK reply. Note the timestamps in the Time column (choose time-of-day or relative time as preferred). The elapsed time is simply Time(OK) − Time(GET).

Representative example: In a typical local-to-remote fetch the elapsed time between GET and OK can be very small (a few milliseconds to a few hundred milliseconds). For example, a sample trace might show GET at 12:00:00.123456 and OK at 12:00:00.189321, giving an elapsed time of 0.065865 seconds (65.865 ms). Your measured value depends on network latency and server response time (Kurose & Ross, 2020; RFC 7231).

3. IP addresses for server and client

Procedure: Select the GET packet and view the Internet Protocol (IP) header in the packet-details pane. The Source field is your client address; the Destination field is the server address (gaia.cs.umass.edu). Alternatively, in the OK packet the Source is the server IP and the Destination is your IP. To resolve the server name to an IP outside Wireshark, you can run nslookup gaia.cs.umass.edu or dig on your system — however, use the values recorded in the packet capture for the assignment answer (Kurose & Ross, 2020; Mockapetris, 1987).

Representative example: The server may resolve to an IPv4 address such as 128.119.245.12 in some historical traces; your capture will show the authoritative IP in the IP header fields — report that value precisely as it appears in your trace.

4. Printing the two HTTP messages

Procedure: In Wireshark select the GET packet and the OK packet (use Ctrl‑click or Shift‑click), then File → Print, check “Selected packet only” and “Print as displayed” to generate a readable printout of both HTTP headers and any body content. The printout will include the Ethernet/IP/TCP framing and the raw HTTP text (GET line and HTTP/1.x 200 OK response) which satisfies the assignment requirement.

Interpretation and Notes

Interpreting the observed protocols and timings helps connect theoretical protocol behavior to real-world performance. For example, DNS latency contributes to page load time if the domain name is not cached. TCP connection setup (SYN, SYN-ACK, ACK) precedes the HTTP GET, and retransmissions or packet loss would increase elapsed time between GET and OK (RFC 793). Wireshark’s decoding of layered frames (Ethernet → IPv4 → TCP → HTTP) illustrates the encapsulation model emphasized in network textbooks (Kurose & Ross, 2020).

Conclusion

By following the capture and analysis procedure above you can reliably answer the four assignment questions from your own packet capture. Record the three observed protocols from the unfiltered capture, compute the elapsed time between GET and OK using packet timestamps, extract the IP addresses from the IP header fields, and print the two HTTP packets using Wireshark’s print function.

References

• Kurose, J. F., & Ross, K. W. (2020). Computer Networks: A Top-Down Approach (8th ed.). Pearson. https://www.pearson.com (textbook used for lab concepts).
• Wireshark Foundation. (2024). Wireshark User’s Guide. https://www.wireshark.org/docs/wsug_html_chunked/ (Wireshark documentation and UI reference).
• Postel, J. (1981). Transmission Control Protocol. RFC 793. https://tools.ietf.org/html/rfc793 (TCP specification).
• Mockapetris, P. (1987). Domain Names - Implementation and Specification. RFC 1035. https://tools.ietf.org/html/rfc1035 (DNS specification).
• Plummer, D. C. (1982). Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware. RFC 826. https://tools.ietf.org/html/rfc826 (ARP specification).
• Fielding, R., et al. (1999). Hypertext Transfer Protocol -- HTTP/1.1. RFC 2616 (historic). https://tools.ietf.org/html/rfc2616 (HTTP/1.1; use RFC 723x series for current semantics).
• Reschke, J. (2014). HTTP/1.1 Semantics and Content. RFC 7231. https://tools.ietf.org/html/rfc7231 (current HTTP semantics).
• Paxson, V. (1999). Detecting Network Intrusions via Packet Anomalies. In Proc. of the 1999 USENIX Security Symposium. (Background on packet analysis methodology).
• Comer, D. E. (2018). Internetworking with TCP/IP, Volume 1 (6th ed.). Pearson. (Conceptual layering and protocol interaction).
• McCoy, D., et al. (2008). Shining Light in Dark Places: Understanding the Internet Peering Ecosystem. ACM IMC. (Practical measurements and traffic analysis context).