Assignment states that being an open-source tool, Wire shark as packet analyzer is used in analyzing and troubleshooting

Home, - MN504 Group Assignment Network Analysis Using Wire Shark


This is an open source packet checker platform that captures and analyzes network traffic with both windows and Linux version. It’s a Graphical User Interface in window Operating system and also has a command line that base on the captured packet version, this utility version   gives a comprehensive analysis of the network protocol for every captured packet, colorizing the details of the packets basing on the network protocol, in addition to possessing the functionality for the filtering and monitoring the traffic filter to pick out the TCP streams (Mishra, 2006)


The objective of this project is to capture data from the two websites by the use of wireshark. This capturing is done on the home network connected through the Ethernet interface. For this lab analysis, wireshark is being used to capture and examine packets that will be generated among the given websites and the PC browsers through the use of HTTP and the web server.  After analyzing the packets and control the network error. The performance of the network is analyzed by the use of the data captured (Tarasov and Malakhov, 2015).  The application of wireshark also determines throughput, load distribution, window scaling and time sequence graph by using the captured packets.

Time of capture

The client actually communicates with several different Google servers in order to

Implement “safe browsing. “The main Google server that will serve up the main Google web page has IP address 

The time

After opening the wire shark the screen looks as shown below:

On the MIT network the absolute date and time of the day when the packet was captured for the News website was 2018 /148- 10:19:00. 388761. 

It then took 6.004689 seconds before the packets for  http:// iview.abc.net.au website were captured on.

On the website http://www.news.com.au. The TCP Was sent on frame No. 11 and received on frame no 12 after 0.388949 seconds.

For the http:// iview.abc.net.au website TCP was sent on frame 40 and received on frame 41 after a period of 0.55307 second. 

The client IP address and Sequence number are identified. When HTTP launches on the host web server, Transmission Control Protocol uses the three way handshake in establishing a dependable Transmission Control Protocol session amongst the two hosts. For instance while accessing the above websites through the internet it initiates a three way handshake after which a session between the host Pc and the web server is established. The host computer may have different simultaneous active Transmission Control protocol sessions with several web sites. The time of the packet capture was 10 minutes in which a total of 5123 packets were captured(Shepherd, 1999). 

Total Number of captured packets

The IP and MAC addresses will be used as the source address during the examining of the captured packets.

The IO address for the host PC is

The MAC address for the PC host is:

The IP address for the DNS server queried by the computer was 192.168.111 while the IP address for the Google web server was:

MIT Network iview

MIT news

IP address of client and server

What percentages of packets in your capture are TCP, and give an example of the higher level protocol which uses TCP? (ZHANG and CHEN, 2009)



The first frame provides every packet number to keep track. For the efficient analysis of the website, the following was noted

? Time is when the packet was received.

? The source comprises of the IP address where the packet originates from and the destination IP records where the packet is going.

? The protocol that the packet will be using s such as TCP, UDP and HTTP.

? Length determines the size of the packets in bytes. 

? Information gives more details i.e.   Whether packed is application data.

MIT network iview and news

Domain Name System query from the computer to the Domain Name System server is shown by frame 11.It tries to resolve the website domain to the web serve’s IP address. 

Round Trip Time

The IP address of the DNS server queried by the computer for the website (http:// iview.abc.net.au) is This makes it possible for the PC to convey the packet to the web server. The start of three way handshake among the Google web server and the PC is on frame 13. 

Mitivew and news

Sandeep network iview and news 

The sequence numbers of the first six segments in the TCP connection

The TCP source port number is 49323 and the destination number is 443, this means it is a Private/Dynamic source port and a Well-Known destination port. The fLag is set to sy (Pforte, 2016).Defending private information would be much easier if one knew that all of that information was in a central data repository in a single computer. He/she would know what to hide, what to give out, where everything is located, and protect it as such. But Dave Cullen from computingforever.com took a poll and found that for every household, they own three computers. These three computers are most likely connected together by a network. There are two kinds of network that these computers could be in: a LAN and/or WLAN. A LAN, or Local Area Network is another way of saying a wired connection in a small area while a WLAN, or Wireless Local Area Network where the connections are wireless. Or, they can be in a combination of both where one is hard wired to the router, while the other is having its signal transmitted wirelessly. There are less common types of networks such as WAN, or Wide Area Network, where it covers long distances (such as the Internet itself), the city-sized MAN (Metro Area Network), and the campus-sized CAN (Campus Area Network), both between the LAN and the WAN in size. No matter the type and/or size of the network, they all have the same basic components that make up the backbone of the network (CIS, 2008).There are five main components that make up a network: the computers and their interface cards, the cable, the modem, the firewall, and the router/switch. Computers connect to the internet either with a wire or wirelessly. Both methods, though, have to go through a network interface card to transmit data to and from the computer. They are one end where the data is kept and where most of the private information is kept. Sometimes, there are programs installed on the computers to ensure that the privacy of the data is not compromised. Computers connect to the router either by cable, or wirelessly. If they are connecting by cable, then the standard for networking is the cat5e cable, which is a twisted pair cable. Other types of cable are used for specific purposes such as the coaxial cable which is used for running longer distances and the fiber optic cable, which is normally meant for even longer distance (such as across oceans). The modem converts the digital data signal into analog (and vise-versa) so the data can travel along phone lines (and out to the internet). The firewall is the nice fence that separates the network from the components of the network. The piece that ties everything together is the hub/router/switch. These components control where and how the data is transmitted throughout the network. Each one operates differently from each other. Hubs are the simplest of the three.


Re-transmitted segments in the trace file

The TCP source port number was: 49523 meaning it is a random source port and the destination port number was 80 meaning it is an http destination port. For this analysis there are no flags sets but the relative frequency is set to 0.

COMPARISON 1:Comparison of the throughout and TCP retransmission of both Applications on the three networks

At the start, it appears that TCP is appropriatedue to its connection orientation. But the retransmission and response mechanisms in TCP bring in a lot of delay in the transmission of packets, thus the UDP is the idealmethod to transmitting a real-time voice stream through the network.  File Transfer - In general, file transfer needs dependabletransmission and hence TCP is preferred. Remote Login - TCP is preferable because it provides for the reliable transfer of the stream of keystrokes that forms the basis for a remote login application.  Multicast Communication - In multicast services, a source sends information to a subset of destinations attached to the network. It is easy to imagine multicast applications that require reliable transfer of a stream of information to a set of destinations, and multicast applications that require only best effort transfer of individual messages. Therefore neither TCP nor UDP is preferred. A more pertinent point is that providing reliable multicast stream transfer service is quite difficult to implement, and TCP is not designed for this.

The figure above depicts the connection initiation process among the web server and the client. After the establishment of the connection data frames begin to flow. The important frame details are shown in the graph flow i.e. through transmission time, frame size, sequence number of the frame and the TCP ports.

Throughput graph

The bottom of the graph shows a beginning time and an ending time.  The beginning time is relative to the start of the session and initially 0.  When packets start wrapping out it becomes the relative time offset of the first available packet.  The ending time is always the total time of the session.

Discontinuities are indicated by vertical dashed lines. A green view port indicates the time range corresponding to the visible slots in the timeline.  The view port can be moved by clicking elsewhere in the graph or by dragging.  Whenever it is moved, the timeline scrolls to match.  When the slot range in the timeline changes, the view port moves and resizes as necessary to match

COMPARSION 2:Comparison of the chosen too with wireshark in terms of ease of access and use, GUI, visualization of traffic and statistic generation.

 Analyzer are very similar in the fact they both capture and display live traffic across a network using a variety of different filters to allow an administrator to see exactly the traffic he or she wants to view without having to watch all the data simultaneously. 

Microsoft message analyzer live Trace Session configuration

However, the Message Analyzer has the ability to browse for logs of different types, and import them together, as well as the ability to automatically re-assemble and render payloads.  The most impressive unique feature I found in the Message Analyzer was the ability to import and analyze data from log and trace files in numerous viewer formats. As much as I hate to say it, I would think the Message Analyzer would be the choice for network capture and analysis in the workplace because these unique features would save a lot of time when trying to diagnose a network issue. Wireshark requires a lot of manual analysis that what is required by the Microsoft message.


In conclusion, being an open-source tool, wireshark as a packet analyzer is used in analyzing and troubleshooting networks and communication protocols.it enables the users   to monitor the interface of a network and put controllers which can back up the promiscuous mode. To be able to observe and monitor the visible traffics visible on the particular interface and not only traffic that is addressed to one of the interface with the address that has been configured to broadcast and address the network traffic. During capturing in the promiscuous mode with the packet analyzer, not all of the traffic that travels over the switch are automatically sent to the port where the capture taking place. This is why, capturing in the promiscuous mode was not sufficient for the live website in observing all the traffic on the network.Although wireshark is the foremost network analyzer tool in the world and it the standard used tool across most of the institutions, I believe Message Analyzer would be the choice for network capture [1]diagnose a network issue. Wireshark requires a lot of manual analysis that what is required by the Microsoft message.

Leave a comment


Related :-