Assessment Details and Submission Guidelines Unit Code BN106 Unit Title Networking Fundamentals Assessment Type Assignment 2 (Individual) Assessment Title Network analysis with Wireshark Purpose of the assessment (with ULO Mapping) How to use Network Analyzer Analyse real packets of the network Explain the principles of networking protocols and standards Weight 15% of the total mark Total Marks 60 Marks Word limit Max 1500 Due Date 02-06-2017 (Week 11) Submission Guidelines All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page. The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style. Extension If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School's Administration Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit this application three working days prior to the due date of the assignment. Further information is available at: http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/specialconsiderationdeferment Academic Misconduct Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure. For further information, please refer to the Academic Integrity Section in your Unit Description.  Assignment Description This assignment introduces students to a free network analyzer. Network analyzers are very useful tools that help understand data communications and networks. They scan the data link attached to the computer and provide an intuitive, visual view of packets as they flow past the computer. We use Wireshark, a sniffer which may be downloaded for free off the Internet. Further details about Wireshark as well as downloads are available at www.wireshark.org. The goals of this assignment are two-fold. First, to know how to use a network analyzer. Second, seeing the actual packets will help linking the topics we covered in this class with the actual functioning of a real network. To achieve these goals, you will follow the network traffic that is generated when you perform the basic task of visiting a web site. Using an analyzer is rather straightforward and no more difficult than using a word processor or a spreadsheet. Follow the instructions given and submit your answers to the questions. Instructions Install Wireshark and follow the instruction to answer the questions included in this assignment. Disable all the three name resolution features in the Capture → Interfaces screen and run a capture. Then enable the name resolution and capture a few packets. You may notice that you are able to see packets generated by machines on your network, other than your own machine. This is what happens in broadcast networks. If you see a destination as ff:ff:ff:ff:ff:ff, that means it is a broadcast message to everyone. Now, go to the Start Menu on your computer → Accessories → Command Prompt. Type in ipconfig and press enter to get info on your computer’s IP address. Now go back to Wireshark and use the filter option by going to Analyze → Display Filters. Put in your IP address so that all packets not interacting with your IP address will be filtered. Now, if you go back to the main screen, you’ll see that only packets with a destination or source of your IP address are shown. Enable all name resolution and start a new capture. After starting the capture, use your browser to go to the CNN website at www.cnn.com. There may be 1,000 or more packets due to the video that is loading. Once the site loads on your browser, stop the capture. Near the top of your capture, you should see some entries for DNS. Click on the first DNS entry. This should be your computer’s request to figure out what IP address cnn.com has. Click on the details below to see if this is correct. Now, click on the DNS packet response, which gives your computer the response from the DNS, so your computer knows what the IP address is. Open the details below to see what IP address(es) you have received from the DNS. In the second pane, click on the “+” signs to expand the details. Now click on the first pack which has one of the IP addresses of cnn.com in the destination and has HTTP as the protocol. In the second pane, you will see five major headings. The first heading is just information from Wireshark. It says something similar to: “Frame 459 (509 bytes on wire, 509 bytes captured)”. Ignore this first line. It just tells you about where this packet was in the set of all packets that Wireshark captured. Find the HTTP protocol line FROM CNN. It may be the first, second, or third one from CNN since they may shift you to a different server to handle your request. Open up the Hypertext Transfer Protocol line in the second pane by clicking on it. Click on the line that says Data. Look at the highlighted text in the bottom window. Answer the following QUESTION 1: What are the differences in capture outcome when you disable all the tree name resolution features in the capture and then run a capture? (Look at the source and destination areas.) QUESTION 2: What is the IP address of your computer? QUESTION 3: What IP addresses are given to your computer in order to access cnn.com? Most major websites have multiple IP addresses in order to spread out the workload among multiple IP addresses and in case one IP address isn’t working. QUESTION 4: Look at the next four headings. Ethernet Protocol? Internet Protocol? Transmission Control Protocol? Hypertext Transfer protocol? Why are there four different things in this same message? QUESTION 5: How are these four protocols related? QUESTION 6: What does the information in this packet state about the browser you are using and the operating system you are using? Does it show that you are sending a cookie? Information about your computer is being sent to cnn.com’s server, since it will may send different packets depending on the browser you are using, operating system, programs you can run, etc. QUESTION 7: What do you think that text is in the last instruction provided (hint: you can go to your browser window and choose the menu “view” then “source” and compare it).  Marking criteria for Assignment 1: Example of marking criteria is shown in following table. Marks are allocated as follows: Note: The marking criteria varies for each assignment Section to be included in the report Description of the section Marks Introduction Outline of the report 8 Answers of the questions Provide answer with sufficient depth 7x6=42 Conclusion Write summary of the report 5 Reference style Follow IEEE reference style 5 Total 60 Example Marking Rubric for Assignment #: Total Marks 60 Note: The marking rubrics varies for each assignment Grade Mark HD 48-60 D 42-47 CR 36-41 P 30-35 Fail <30 Excellent Very Good Good Satisfactory Unsatisfactory Introduction /8 All topics are pertinent and covered in depth. Ability to think critically and source material is demonstrated Topics are relevant and soundly analysed. Generally relevant and analysed. Some relevance and briefly presented. This is not relevant to the assignment topic. Answer of the questions /42 Logic is clear and easy to follow with strong arguments Consistency logical and convincing Mostly consistent logical and convincing Adequate cohesion and conviction Argument is confused and disjointed Conclusion /5 Logic is clear and easy to follow with strong arguments Consistency logical and convincing Mostly consistent logical and convincing Adequate cohesion and conviction Argument is confused and disjointed Reference style /5 Clear styles with excellent source of references. Clear referencing style Generally good referencing style Sometimes clear referencing style Lacks consistency with many errors