Lab 1: Wireshark

  1. Start Wireshark to capture network packets.
    Please be reminded that you must escalate Wireshark to have Administrator privilege so that it can capture packets on your NIC (network interface card).
  2. In this lab, you may capture any packets which are transported over IPv4 and IPv6. A simple capture filter "icmp or icmp6" might be sufficient.
    1. Your Wireshark may also show other ICMP broadcast packets or ICMP6 multicast packets.
    2. If you find this annoying, you may add an extra filter:
      • (icmp or icmp6) and ether host YOUR_MAC_ADDR
    3. YOUR_MAC_ADDR can be obtained by
      • ipconfig/all | find "Physical" , if you are running Windows.
      • ip a | grep ether , if you are running Ubuntu.
      • ifconfig | grep ether , if you are running FreeBSD.
  3. Try to generate some packets by typing "ping www.ncnu.edu.tw" or "ping -4 www.ncnu.edu.tw". (This is a dual-stack host, so by default packets are delivered via IPv6.)
  4. Click an ICMP packet to inspect its IPv4 header. Try to find the field of Source Address and find out the corresponding 4 bytes.
    [wireshark-icmp.png]
  5. Click an ICMP6 packet to inspect its IPv6 header. Try to find the field of Source Address and find out the corresponding 16 bytes.
    [wireshark-icmp6.png]
  6. If you are curious about the meaning of other fields in IPv4, you may check RFC 791 Section 3.1.
  7. If you are curious about the meaning of other fields in IPv6, you may check RFC 8200 Section 3. (You may be surprised that the header format of IPv6 is significantly simplified.)