Spring 2012 CS 1020 01 Microcomputer Systems 03/20/2012 Wireshark packet analysis TCP/IP ethernet assignment Due date: Thursday, March 29th 0. If you want to download and install the Wireshark packet sniffing software, the URL is: http://www.wireshark.org/download.html 1. Download the files telnet.cap, ssh.cap, http.cap and https.cap from http://www.cs.uni.edu/~jacobson/023/eth/ or, you can just open them up from the web site and wireshark will be launched. Wireshark is in the Wright Hall 112 and 339 labs and in the ITTC 4th floor CS lab. 2. Start up wireshark. 3. Open up the telnet.cap capture file. Q1: What was the user id and password that was used for the telnet session? Q2: How big was the entire conversation and what port numbers and IP numbers were involved in the telnet conversation? 4. Using the Statistics menu, Conversation List, IPv4 conversations, answer the following questions: Q3: How many packets were involved in the entire conversation? How many went from A to B? How many went from B to A? How many bytes were involved in the entire conversation? How many bytes went from A to B? How many bytes went from B to A? 5. Do the Analyze menu, Follow TCP Stream command and answer the following questions. Q4: How many bytes were involved in the entire conversation? How many bytes went from the client to the server? C2S How many bytes went from the server to the client? S2C Are the above numbers C2S and S2C in the same ballpark or is one much larger than the other? Explain. Q5: Why are these numbers so different from the numbers you found in answering question Q3 above (for the bytes)? 6. Open up the ssh.cap file. Q6: Follow the TCP Stream and determine how many bytes the connection communicated. Q7: In packets 7 and 8 the server uses the SSHv1 protocol to send its public key to the client and then the client sends the server back a session key. a. What is the actual code to specify that a public key is in the packet? b. What is the actual SSH protocol code that is used to specify that a packet contains a session key? Q8: Open up the http.cap capture file using wireshark. What was the title of the web page that was delivered to the client by the server? Q9: Open up the https.cap capture file. How many cipher specs are given in the Client Hello packet? Q10: Using www.google.com and perhaps the Wikipedia, look up MD5. Who developed MD5? What year? What did it replace? Q11: What is SHA-1? Q12: Which was used in the https.cap packet for the protocol?