Exercise: Wireshark - observing Internet traffic

Last modified by superadmin on 2018-01-12 20:27

Exercise: Wireshark - observing Internet traffic

Wireshark allows to inspect and analyze IP datagrams that flow in your LAN segment. 

  1. Install Wireshark, see http://www.wireshark.org/
  2. Run Wireshark: start observing network traffic on your PCs main IP address. 
  3. Make any web request from your browser, e.g. http://www.madona.lv
  4. Notice that there is a DNS request followed by some TCP traffic. 
  5. Stop traffic observation. 
  6. Optionally configure an alternative proxy server: on your browser. 
  7. Again start capturing packets with Wireshark. 
  8. Clean temporary documents from your browser cache and make the same web request from your browser, e.g. http://www.madona.lv
  9. Observe that there is no DNS request. 

FTP traffic

  1. Start VMWare image and log in as "root" with the password "Student007". 
  2. Make sure that you have networking with NAT. 
  3. Notice that there is a user "student" with the same password "Student007". 
  4. Check that you can connect with ftp to the localhost on VMWare and check that the username "student" with password "Student007" really works: 
ifconfig        # assume that this returns IP address
ftp    # this allows you to list contents of /home/student/
  1. Open any FTP client on your main PC. Configure connection to VMWare's computer. 
  2. Start capturing IP packets. 
  3. Open the FTP connection and observe how username and password are transmitted.


  1. Are there any safer ways for file transfer than FTP?
  2. What service on VMWare are we connecting to? How to configure and restart this service? 
  3. Can we observe two FTP connections being made (the control and the data connection)? 
Created by Kalvis Apsītis on 2008-04-02 23:13
This wiki is licensed under a Creative Commons 2.0 license
XWiki Enterprise 6.4 - Documentation