1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Interpreting data from a packet sniffer. HELP!

Discussion in 'Networking' started by GeekyKitty, Jan 28, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. GeekyKitty

    GeekyKitty Thread Starter

    Joined:
    Jan 28, 2011
    Messages:
    6
    Ok, so I'm an information technology student taking the Network+ course and I need to know how to interpret packet traces from WireShark 1.4.3 and I just can't seem to get the hang of it.

    I need to know how to find in the capture:

    1. Highest level protocol carried in the frame.
    2. What type of packet the protocol message is encapsulated in.
    3. The ethertype value (in hex) that identifies that protocol
    4. Is the frame broadcast or unicast?
    5. Where to find the source and destination port numbers
    6. Protocol # used in the IP packet associated with TCP
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    What is the point of us doing your homework for you

    No matter how you word the request, we aren't going to help
    You need to read all the documentation to understand it and you need to get your tutor to show you in first instance
    Almost everybody has problems at firts until it is shown to them
     
  3. GeekyKitty

    GeekyKitty Thread Starter

    Joined:
    Jan 28, 2011
    Messages:
    6
    Don't you think I'd have gone through all those options before posting here?

    I'm not looking for an easy way out. :mad:
     
  4. calvin-c

    calvin-c Banned

    Joined:
    May 17, 2006
    Messages:
    1,098
    I do little networking so I don't even know what is meant by 'highest' protocol, but Googling Wireshark Manual sent me here and, under two obvious headings-Analyze Menu & Statistics Menu, the screenshot showed the protocols. If highest is the one listed 1st, then it's Frame 11 in the screenshot.

    Which, I think, is a decent example of what you will find if you do your own homework. (If you also don't understand what's meant by 'highest protocol' then it's definitely time for a talk with your instructor.)
     
  5. GeekyKitty

    GeekyKitty Thread Starter

    Joined:
    Jan 28, 2011
    Messages:
    6
    Honestly, I appreciate your attempt to help, Calvin. Logic would dictate that the highest level protocol would be the protocol belonging to the first possible layer in the OSI model. I've narrowed it down to ARP and IP but as both of those are on layer 3 you can see where I may be a touch confused. I'm leaning towards ARP as IP is a subprotocol of TCP, but like I said I'm a little new at this so I posted here for advice. (This was supposed to be a group project, but most unfortunately I have no "group" as they all bailed on me and expect me to do all their work. HaHa.)

    Maybe I should have mentioned that I was merely looking for clarifications/second opinions and not someone to "do my homework for me". I know I'm new here and this is my first post, but I'm surprised that you would think so little of a person you don't even know. (n)
     
  6. Ent

    Ent Trusted Advisor

    Joined:
    Apr 11, 2009
    Messages:
    5,467
    First Name:
    Josiah
    Personally my networking is very poor, so I shall not even attempt to answer your original question. What I would like to do is to make a suggestion regarding how you posted. As anywhere respect is earned here and can be lost here. Most helpers default to kindness and understanding, as well as assuming that those asking the question are unfamiliar with the process needed to resolve the issue. People who show that they are bright enough and have enough initiative to do their own research are particularly well respected. People who show that they want to be a helpful partner in resolving the issue are especially well respected. By contrast people who come across as lazy or arrogant are, according to human nature, typically not welcomed and helped to the same bountiful extent. In particular students who are seen as lazy get the hard shoulder because most helpers are or have been students and know why that work needs doing.

    Now I'm going to believe that you're telling the truth, aren't too lazy to work for yourself, and don't want to present yourself in any negative light. But neither of your posts shows any hard evidence that you've done all the research and thought about your question. Therefore I suggest that you rephrase it in a way that:
    Explains where you've already looked to find out the answers.
    Explains something of what you do understand that is relevant to the problem.
    And focuses on a narrowly specific question that can be answered.

    Since you portray yourself as the brightest or best motivated of your colleagues, you may find that just rehearsing what you know in this way solves the problem for you. If it doesn't it will not only help your credibility ratings with the volunteers on this site, but also help them to provide you with the help your after.
     
  7. GeekyKitty

    GeekyKitty Thread Starter

    Joined:
    Jan 28, 2011
    Messages:
    6
    I appreciate your input. I have to say that when I posted I was a tad stressed out from a lack of sleep and I apologize if I came off as lazy or arrogant.

    I have looked on the wireshark website as well as several other sites such as wireshark training, wireshark tips and a few other websites made by random people (blogs, etc etc etc.) I've looked through my textbook (Network+ guide to networking 5th ed.) and only found about 3 helpful pages, asked my group (which have been unresponsive to my emails as it's the weekend and their all probably out with their social lives and whatnot, haha.), and as for my instructor... the course is only Mon-Thur and I've been out since Tuesday recovering from a biopsy (probably why I don't have a hang on this stuff, come to think.). I doubt he checks his school email over the weekends and I'm a bit too timid to creep his facebook page to ask.

    The following is what I'm looking at (sample capture):

    Frame 1 (42 bytes on wire, 42 bytes captured)
    Ethernet II, Src: AsustekC_b3:af:31 (00:18:f3:b3:af:31), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
    Address: Broadcast (ff:ff:ff:ff:ff:ff)
    .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    .... ...0 .... .... .... .... = LG bit: Locally administered address
    (this is NOT the factory default)
    Source: AsustekC_b3:af:31 (00:18:f3:b3:af:31)
    Address: AsustekC_b3:af:31 (00:18:f3:b3:af:31)
    .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: ARP
    Address Resolution Protocol (request)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    Sender MAC address: AsustekC_b3:af:31 (00:18:f3:b3:af:31)
    Sender IP address: 172.26.1.25 (172.26.1.25)
    Target MAC address: 00:00:00_00:00 (00:00:00:00:00:00)
    Target IP address: 172.26.1.33 (172.26.1.33)

    All I'm asking for is a clue as to what lines I would be able to find what I'm looking for in.

    By deductive logic I have a feeling that the highest level protocol is IP and that the EtherType is 0800 aka IPv4. By asking my dad (who's pretty good with computers) we deduced that it's probably a broadcast frame and that the type of packet encapsulating the packet is an ARP request.

    If anyone has a second opinion they'd be willing to offer I'd very much appreciate it.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Interpreting data packet
  1. Sviwe
    Replies:
    1
    Views:
    348
  2. Besteka
    Replies:
    1
    Views:
    265
  3. licondam
    Replies:
    3
    Views:
    261
  4. Matt2479
    Replies:
    13
    Views:
    362
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/977623

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice