[MUSIC] We've been talking about capturing

packets on the network interface. I've mentioned it before and

now we're gonna just try a little bit, let you see how to do it. Actually that will
be one of the
assignments too, you can give it a try. So we'll start out by starting
the WireShark application, which is gonna be our packet capture tool. So WireShark,
I have the icon down here on the bottom. It's this shark fin one. So I'll start
that. So network packet protocol analyzer. So if we look at WireShark, let's pull
it
up a little bit, first thing it does is, right on the front screen,
it gives me a list of devices. Interface list here. Let's click on interface
list to see the interfaces. Now right here's listing four interfaces. Four
different rows in this
little window that's popped up. Now each one of these interfaces is
a network interface they can capture on Bluetooth, wi-fi,
wired ethernet and so on. It's a little bit hard to tell
which one's the right one, but I already know that it's the bottom
one, mostly because the number of packets. Notice that it's already catching
a few packets on that interface and the other ones are basically dead. So I will
click that interface. Just like that. Now, notice the start button. When I select
start,
it will start capturing. So I'll hit start, and
WireShark should start capturing packets. Now notice that WireShark
is blank at the moment. That's because there are no packets,
right now, at this moment. On this interface. There go a few,
okay it's noticing a little bit of noise. But what I'll do is, hm I'm curious what
those are but I'll look at those later. So right now. I see that they are, one's a
ARP. So what I'll do now is I'll force
some packets under the interface. What I'll do is I'll start my web browser. So
that my web browser
can talk to a web server. And then this will record the packets
that are transferred back and forth. So let's start my browser. Mozilla Firefox.
Okay, now as it's starting, let's just
move it outta the way for a second. Yeah, see in the background here, we've
got WireShark capturing lots of packets. So I'm gonna tell it to stop,
we've captured enough. Click on capture. Stop right here. Okay now it's stopped. So
we've already gotten over 3,600 packets
just in that short amount of time. Now, notice that what's showing here in
the main window, it shows one row for every packet that it captured. And it's just
a one row summary,
it's not the whole message. We can select each one and
look at it in more detail. We'll do that in a second. So first let me sort these
according to protocol. There's this column here, protocol, and
you can see a lot of these messages RTCP, which is an internet protocol. Also,
you've got HTTP. Which is web traffic. So, let's click on protocol and
sort according to protocol. Now, DNS domain name service,
ARP address resolution protocol and so on. So, lot's of different
protocols being used. We're going to go straight
to the HTTP messages. So let me just scroll down to HTTP. So if you remember,
HTTP is basically world wide web. So let's take a look at
the first HTTP message, that's this one right here,
so I select it. So I've highlighted that line. And the window below, it gives me
more
information about that particular packet. Actually if we look all the way
to the bottom window down here, you'll see basically Hex. What's called a Hex dump.
Hex digits 001907D4 and so on. So it's digits and letters A through F. This is the
representation of the message
in hexadecimal, so just the bare zeros and ones represented in hexadecimal. It's
showing me that, which I'm not too
interested in looking at right now, but sometimes you want to
look at the bare hex. Now, above that, over in this window, it
basically has taken this hexadecimal and broken it down into fields
according to the protocol. So, if we look here, notice here in light
blue, it says Hypertext Transfer Protocol. So I'll click the plus sign next to
that,
and what it does is, it says look, I'll scroll down
a little bit so we can see. What it does is it realizes that
this is an HTTP protocol packet, and so, given that it's in that protocol,
it knows the format of the message. So, it knows this first piece of
information should be the get, then the next one should
be the next header. Next should be the next. So it organizes it in that way so
I can read it. So the first one we see here is the get. GetHTTP141. That's just the
get
requesting the webpage. Get slash, so it's just selecting whatever webpage is
available
there at the top level directory. And its giving you the protocol number, this is
how any kind of a get message
starts is with a generic line like that. So it's requesting a website. And that's
what happens when you
start up a web browser it goes to its default website and
that's what its doing. And then you can look at
the line below it host/..org, and that's because my
default website is /..org. So the first thing it did was it went
to /..org, requested the web page. And line after line,
if we scroll down a little bit, we can see more headers,
user agent, accept. So you can see I'm using Mozilla,
you can see what version and so on. You can see all the information
inside the packet. So, that is Packet Capture for you. And you can store it and
do all kinds of nice things. To look at lots of details about each
packet if you're interested in that, thank you. [MUSIC]
First, find the IP address of your computer. You will need this during the packet
analysis process. How you do this will depend on your operating system. Do a web
search to figure out how to do this using the graphic user interface, or you can
use 'ifconfig' (linux/mac) or 'ipconfig' (windows).

Download and install Wireshark on a computer. Start Wireshark and start a packet
capture. Open a browser on your computer and go to any webpage. Stop the Wireshark
packet capture and examine it to find the first TCP packet which is recorded and
whose source is your computer. Find the port number, P, used on your computer. Use
the Wireshark filter to show only the messages to/from this port (tcp.port == P).
Select the message and make sure that the Packet Details Pane is visible and
showing the following information: 1) the Internet Protocol header with the Src and
Dst IP addresses, and 2) the Transmission Control Protocol header with the Src Port
number and Dst Port numbers. Print the screen image and submit it for grading.
Also, submit one page which states your machine's IP address at the time of
capture, and the port number that you found being used for the TCP connection on
your computer.