Wireshark/IPv4 local

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze local IPv4 traffic.

Readings

 * Wikipedia: IPv4

Preparation
To prepare for this activity:
 * 1) Start Windows.
 * 2) Log in if necessary.
 * 3)  Install Wireshark.

Activity 1 - Capture Local IPv4 Traffic
To capture local IPv4 traffic:
 * 1)  Start a Wireshark capture.
 * 2) Use  ping  to ping the default gateway address.
 * 3)  Stop the Wireshark capture.

Activity 2 - Analyze Local IPv4 Outbound Traffic
To analyze local IPv4 outbound traffic:
 * 1) Observe the traffic captured in the top Wireshark packet list pane.  Look for traffic with ICMP listed as the protocol.  To view only ICMP traffic, type icmp (lower case) in the Filter box and press Enter.
 * 2) Select the first ICMP packet, labeled Echo (ping) request.
 * 3) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 4 / Internet Control Message Protocol frame.
 * 4) Expand Ethernet II to view Ethernet details.
 * 5) Observe the Destination field.  This should contain the MAC address of your default gateway.  You can use  arp -a to confirm.
 * 6) Observe the Source field.  This should contain your MAC address.  You can use  ipconfig /all or  getmac to confirm.
 * 7) Observe the Type field.  Notice that the type is 0x0800, indicating IP.
 * 8) Expand Internet Protocol Version 4 to view IP details.
 * 9) Observe the Source address.  Notice that the source address is your IP address.
 * 10) Observe the Destination address.  Notice that the destination address is the default gateway IP address.

Activity 3 - Analyze Local IPv4 Inbound Traffic
To analyze local IPv4 inbound traffic:
 * 1) In the top Wireshark packet list pane, select the second ICMP packet, labeled Echo (ping) reply.
 * 2) Observe the packet details in the middle Wireshark packet details pane.  Notice that it is an Ethernet II / Internet Protocol Version 4 / Internet Control Message Protocol frame.
 * 3) Expand Ethernet II to view Ethernet details.
 * 4) Observe the Destination field.  This should contain your MAC address.
 * 5) Observe the Source field.  This should contain the MAC address of your default gateway.
 * 6) Observe the Type field.  Notice that the type is 0x0800, indicating IP.
 * 7) Expand Internet Protocol Version 4 to view IP details.
 * 8) Observe the Source address.  Notice that the source address is the default gateway IP address.
 * 9) Observe the Destination address.  Notice that the destination address is your IP address.
 * 10) Close Wireshark to complete this activity.  Quit without Saving to discard the captured traffic.