In this lab you will observe the traffic on your computer using Wireshark. Answer the questions below as you progress through the procedure. Your computer should be connected to the Internet.
1. Open Wireshark and start a capture on the network card you are using. Go to Google.com in your web browser. Is this an HTTP or HTTPS connection? ____________________________________
2. Observe the traffic you see when going to google.com. What TCP port is being used by google for this connection? ___________________
3. When you determine the port number, put in the following filter in Wireshark: tcp.port==<port number>. This will only see the HTTPS connection in Wireshark and filter everything else out.
4. What protocol is the connection using when you go to google? ______________________
5. Look for the words “Application Data” under the Info column. Double-click this packet to open up the details for this packet.
6. There will be a layer that says Transport Layer Security. Open up the line by clicking the arrow next to the line. Are you able to read the data that is being carried within this packet? ________ Why? _________________________________________
7. Restart your Wireshark trace. Go to www.stealmylogin.com.
8. You should now see packets being displayed on the Wireshark window. Stop the trace
9. Open the first HTTP packet that represents the GET message under the info column by double clicking on it. How many lines are displayed at the top of the page? ____________
10. Expand all of the header lines to display the packet details by clicking on the arrows next to them. From the trace, answer the following questions:
What is the destination port number? __________
Do you see www.stealmylogin.com anywhere? __________ If so which layer is it? _______________
Explain the differences you saw between the two websites you observed in Wireshark. What were the differences you noticed when you did the trace? You should write about 250 words or more to get full credit for this lab.
End of Procedure