Provide steps on how to Capture and Analyze ICMP Data in Wireshark
In this part, you will ping between two hosts in the Mininet and capture ICMP requests and replies in
Wireshark. You will also look inside the captured PDUs for specific information. This analysis should
help to clarify how packet headers are used to transport data to the destination.
Step 1. Examine the captured data on the same LAN.
In this step, you will examine the data that was generated by the ping requests of your team
member’s PC. Wireshark data is displayed in three sections: 1) The top section displays
the list of PDU frames captured with a summary of the IP packet information listed, 2) the
middle section lists PDU information for the frame selected in the top part of the screen and
separates a captured PDU frame by its protocol layers, and 3) the bottom section displays
the raw data of each layer. The raw data is displayed in both hexadecimal and decimal form.
a. On Node: H1, enter wireshark-gtk & to start Wireshark (The pop-up warning is not
important for this lab.) Click OK to continue.
```
[root@secOps]# wireshark-gtk &
[1] 1552
[root@secOps ~]#
```
b. In the Wireshark window, under the Capture heading, select the H1-eth0 interface.
Click Start to capture the data traffic.
c. On Node: H1, press the Enter key, if necessary, to get a prompt. Then type ping -c 5
10.0.0.12 to ping H2 five times. The command option -c specifies the count or number
of pings. The 5 specifies that five pings should be sent. The pings will all be successful.
```
[root@secOps analyst]# ping -c 5 10.0.0.12
```
d. Navigate to the Wireshark window, click Stop to stop the packet capture.
e. A filter can be applied to display only the interested traffic.
Type icmp in the Filter field and click Apply.
f. If necessary, click the first ICMP request PDU frames in the top section of Wireshark.
Notice that the Source column has H1’s IP address, and the Destination column has
H2’s IP address.
g. With this PDU frame still selected in the top section, navigate to the middle section.
Click the arrow to the left of the Ethernet II row to view the Destination and Source
MAC addresses.
Does the Source MAC address match H1’s interface? ______ Yes
Does the Destination MAC address in Wireshark match H2’s MAC address? _____ Yes
You might also like to view...
To specify which DTD is used by the XHTML document, you add a DOCTYPE declaration directly after the XML prolog.
Answer the following statement true (T) or false (F)
Suppose you declare Student student1. To write student1 to a binary file, use _____.
a. binaryio.write(&student1, sizeof(Student));
b. binaryio.write(student1);
c. binaryio.write(&student1);
d. binaryio.write(reinterpret_cast
Twitter currently has more than 500 million users who generate more than ________ million tweets each day
Fill in the blank(s) with correct word
A wavy ________ line indicates a possible contextual spelling error when checking spelling within Word
Fill in the blank(s) with correct word