ethereal/wireshark log analyze help

proview · 05-09-2008, 09:56 AM

Hello, i would like to ask you guys / girls to help me a little. I got a Ethereal/WireShark log and i need to analyze it, but i can`t to do all...(today i see first time a log like this, dunno where i can start, or what mean very much thing in the log, the courses is more theoretical so don`t have much partice and the prof just added this homework, we don`t got any notice) Pls if somebody can help, or know a good site where i can learn what mean that things in the log file, or how to earn the data from that logfile pls tell me.... Thx again
here is some question....

* What DLL/MAC layer addresses can be seen in the trace?
* What IP addresses can be seen in the trace?
* How do the DLL/MAC and IP addresses map to each other?
* What is the Ethernet packet type and what does it mean?
* Can you tell from the trace file which Ethernet card is used to capture the traffic data, a normal 10/100M Ethernet card or an 802.11b wireless card?
* Can you deduce anything about the network topology on which this trace was taken, i.e. on which machine is the trace being taken? How many hosts are on the local network? What is the default gateway? What is the network mask? Which hosts are on the local network? Which ones are remote?
* How "far" away are the remote hosts?
* What different IP packet types can be seen what does each mean?
* Does IP fragmentation occur?
* Why would some packets have the "Don't fragment" bit set?
* Why the difference in the TTL values? If there was suddenly a change in the reported TTL, what would that be an indicator of?
* Are there any protocols that appear to be operating differently than as described in class?
* This packet trace is full of surprises, especially for someone who has never looked at a packet trace in detail before. List a few observations that were surprising to you including details of the observation and why it was particularly noteworthy.

There is the log file
http://www.filecrunch.com/fileDown [...] eId=145967

proview · 05-09-2008, 11:43 AM

i screwed up the link, sorry. here is the now link

http://www.filecrunch.com/fileDownlo...&fileId=145967

johnwill · 05-09-2008, 12:26 PM

WOW! You're asking way too much for most folks to spend on a single issue here. It would take a long time to explain all of the in's and out's of the IP protocol! I suggest you do some basic research and ask targeted questions, don't take the shotgun approach.

proview · 05-10-2008, 05:50 AM

I made some basic search...
now i don`t know the answers for this questions..
my problem is i can`t read this form a logfile.. don`t see it, don`t know where i search it, or how i search....did to write out the IP, sort by IP but can`t figure out the answers for that questions.. pls somebody help me

* Can you deduce anything about the network topology on which this trace was taken, i.e. on which machine is the trace being taken? How many hosts are on the local network? What is the default gateway? What is the network mask? Which hosts are on the local network? Which ones are remote?
* How "far" away are the remote hosts?
* What different IP packet types can be seen what does each mean?
* This packet trace is full of surprises, especially for someone who has never looked at a packet trace in detail before. List a few observations that were surprising to you including details of the observation and why it was particularly noteworthy.

test_for_now · 05-16-2008, 01:39 PM

Howdy all. I'm the instructor this course.

First, thanks for recognizing that answering all of the questions doesn't really help the student.

Second, the assignment was posted a couple of weeks ago and is due June 4th so the student has plenty of time.

Third, if you are the student and are ready this, Brett (that's the TA for everyone else) was due to go over the homework in discussion Friday at 12pm.

Fourth, I have no problem asking general questions on a list like this (after all, when you got out into the real world, how else are you going to learn?), but try and answer questions on your own first.

And finally, if anyone else is reading this and is now curious about the context, here's the course web page:

http://www.cs.ucsb.edu/~almeroth/classes/S08.176A/

-Kevin

proview · 05-18-2008, 02:28 PM

Hello. First of all. i`m not your student mr. Kevin ..... (i`m from europe, but you can see we got your homework what u made.... so that was the reason why i don`t knew how to start analyze the log file...maybe you teach it in your course...) but now i know much better from this topic and mostly i had answers to the questions..(excepts in my last post) dunno, but maybe the logfile is different from yours...(i got a few result with the same questions, but with different log files...)

05-09-2008, 09:56 AM	#1 (permalink)
proview Registered User Join Date: May 2008 Posts: 4 OS: xp, ubuntu 7.10	ethereal/wireshark log analyze help Hello, i would like to ask you guys / girls to help me a little. I got a Ethereal/WireShark log and i need to analyze it, but i can`t to do all...(today i see first time a log like this, dunno where i can start, or what mean very much thing in the log, the courses is more theoretical so don`t have much partice and the prof just added this homework, we don`t got any notice) Pls if somebody can help, or know a good site where i can learn what mean that things in the log file, or how to earn the data from that logfile pls tell me.... Thx again here is some question.... * What DLL/MAC layer addresses can be seen in the trace? * What IP addresses can be seen in the trace? * How do the DLL/MAC and IP addresses map to each other? * What is the Ethernet packet type and what does it mean? * Can you tell from the trace file which Ethernet card is used to capture the traffic data, a normal 10/100M Ethernet card or an 802.11b wireless card? * Can you deduce anything about the network topology on which this trace was taken, i.e. on which machine is the trace being taken? How many hosts are on the local network? What is the default gateway? What is the network mask? Which hosts are on the local network? Which ones are remote? * How "far" away are the remote hosts? * What different IP packet types can be seen what does each mean? * Does IP fragmentation occur? * Why would some packets have the "Don't fragment" bit set? * Why the difference in the TTL values? If there was suddenly a change in the reported TTL, what would that be an indicator of? * Are there any protocols that appear to be operating differently than as described in class? * This packet trace is full of surprises, especially for someone who has never looked at a packet trace in detail before. List a few observations that were surprising to you including details of the observation and why it was particularly noteworthy. There is the log file http://www.filecrunch.com/fileDown [...] eId=145967

05-09-2008, 11:43 AM	#2 (permalink)
proview Registered User Join Date: May 2008 Posts: 4 OS: xp, ubuntu 7.10	Re: ethereal/wireshark log analyze help i screwed up the link, sorry. here is the now link http://www.filecrunch.com/fileDownlo...&fileId=145967 Last edited by proview : 05-09-2008 at 11:51 AM.

05-09-2008, 12:26 PM	#3 (permalink)
johnwill Manager, Networking Forums Join Date: Sep 2002 Location: S.E. Pennsylvania, US Posts: 28,752 OS: XP-Pro, Vista, Linux Blog Entries: 1	Re: ethereal/wireshark log analyze help WOW! You're asking way too much for most folks to spend on a single issue here. It would take a long time to explain all of the in's and out's of the IP protocol! I suggest you do some basic research and ask targeted questions, don't take the shotgun approach. __________________ If TSF has helped you, Tell us about it! or Donate to help keep the site up! Microsoft MVP - Windows Desktop Experience

05-10-2008, 05:50 AM	#4 (permalink)
proview Registered User Join Date: May 2008 Posts: 4 OS: xp, ubuntu 7.10	Re: ethereal/wireshark log analyze help I made some basic search... now i don`t know the answers for this questions.. my problem is i can`t read this form a logfile.. don`t see it, don`t know where i search it, or how i search....did to write out the IP, sort by IP but can`t figure out the answers for that questions.. pls somebody help me * Can you deduce anything about the network topology on which this trace was taken, i.e. on which machine is the trace being taken? How many hosts are on the local network? What is the default gateway? What is the network mask? Which hosts are on the local network? Which ones are remote? * How "far" away are the remote hosts? * What different IP packet types can be seen what does each mean? * This packet trace is full of surprises, especially for someone who has never looked at a packet trace in detail before. List a few observations that were surprising to you including details of the observation and why it was particularly noteworthy.

05-16-2008, 01:39 PM	#5 (permalink)
test_for_now Registered User Join Date: May 2008 Posts: 1 OS: xp	Re: ethereal/wireshark log analyze help Howdy all. I'm the instructor this course. First, thanks for recognizing that answering all of the questions doesn't really help the student. Second, the assignment was posted a couple of weeks ago and is due June 4th so the student has plenty of time. Third, if you are the student and are ready this, Brett (that's the TA for everyone else) was due to go over the homework in discussion Friday at 12pm. Fourth, I have no problem asking general questions on a list like this (after all, when you got out into the real world, how else are you going to learn?), but try and answer questions on your own first. And finally, if anyone else is reading this and is now curious about the context, here's the course web page: http://www.cs.ucsb.edu/~almeroth/classes/S08.176A/ -Kevin

05-18-2008, 02:28 PM	#6 (permalink)
proview Registered User Join Date: May 2008 Posts: 4 OS: xp, ubuntu 7.10	Re: ethereal/wireshark log analyze help Hello. First of all. i`m not your student mr. Kevin ..... (i`m from europe, but you can see we got your homework what u made.... so that was the reason why i don`t knew how to start analyze the log file...maybe you teach it in your course...) but now i know much better from this topic and mostly i had answers to the questions..(excepts in my last post) dunno, but maybe the logfile is different from yours...(i got a few result with the same questions, but with different log files...)