Lab 1

Part 1 - Wireshark

Seeing the PDUs in Your Messages We talked about how messages are transferred using layers and the different Protocol Data Units (PDUs) used a each layer. The objective of this Activity is for you to see the different PDUs in the messages that you send. To do this, we’ll use Wireshark, which is one of the world’s foremost network protocol analyzers, and is the de facto standard that most professional and education institutions use today. It is used for network troubleshooting, network analysis, software and communications protocol development, and general education about how networks work.

Wireshark enables you to see all messages sent by your computer, as well as some or all of the messages sent by other computers on your LAN, depending on how your LAN is designed. Most modern LANs are designed to prevent you from eavesdropping on other com puter’s messages, but some older ones still permit this.

Normally, your computer will ignore the messages that are not addressed for your computer, but Wireshark enables you to eavesdrop and read messages sent to and from other computers.

Wireshark is free. Before you start this activity, download and install it from

  1. Start Wireshark.
  2. Click on Capture and then Interfaces. Click the Start button next to the active interface (the one that is receiving and sending packets). Your network data will be captured from this moment on.
  3. Open your browser and go to a Web page that you have not visited recently (a good one is
  4. Once the Web page has loaded, go back to Wireshark and stop the packet capture by clicking on Capture and then Stop (the hot key for this is Ctrl + E).
  5. You will see results similar to those in Figure A. There are three windows below the tool bar:
    1. The top window is the Packet List. Each line represents a single message or packet that was captured by Wireshark. Different types of packets will have different colors. For example, HTTP packets are colored green. Depending on how busy your network is, you may see a small number of packets in this window or a very large number of packets.
    2. The middle window is the Packet Detail. This will show the details for any packet you click on in the top window.
    3. The bottom window shows the actual contents of the packet in hexadecimal format, so it is usually hard to read. This window is typically used by network programmers to debug errors.
  6. Let’s take a look at the packets that were used to request the Web page and send it to your computer. The application layer protocol used on the Web is HTTP, so we’ll want to find the HTTP packets. In the Filter toolbar, type http and hit enter.
  7. This will highlight all the packets that contain HTTP packets and will display the first one in Packet Detail window. Look at the Packet Detail window in Figure 1.9 to see the PDUs in the mes- sage we’ve highlighted. You’ll see that it contains an Ethernet II Frame, an IP packet, a TCP segment, and an HTTP packet. You can see inside any or all of these PDUs by clicking on the +box in front of them. In Figure 1.9, you’ll see that we’ve clicked the +box in front of the HTTP packet to show you what’s inside it.


  1. List the PDU at layers 2, 3, and 4 that were used to transmit your HTTP GET packet.
    1. Locate your HTTP Get packet in the Packet List and click on it.
    2. Look in the Packet Detail window to get the PDU information.
  2. How many different HTTP GET packets were sent by your browser? Not all the HTTP packets are GET packets, so you’ll have to look through them to answer this question.
  3. List at least 5 other protocols that Wireshark displayed in the Packet List window. You will need to clear the filter by clicking on the ”Clear” icon that is on the right of the Filter toolbar.
Figure A:


Part 2 - Looking Inside Your HTTP Packets

Figures B and C show you inside one HTTP request and one HTTP response that we captured. The objective of this Activity is for you to see inside HTTP packets that you create.

  1. Use your browser to connect to You will see the screen in Figure B.
  2. In box labeled URL, type any URL you like and click Submit. You will then see something like the screen in Figure C. In the middle of the screen, under the label “Sending Request:” you will see the exact HTTP packet that your browser generated.
  3. If you scroll this screen down, you’ll see the exact HTTP response packet that the server sent back to you. In Figure D, you’ll see the response from the MVNU server. You’ll notice that at the time we did this, MVNU was using the Microsoft-IIS/6.0 server.
  4. Try this on several sites around the Web to see what Web server they use. For example, Microsoft uses the Microsoft IIS Web server, while Cisco uses Apache. Some companies set their Web servers not to release this information.


Do a print screen from two separate Web sites that shows your HTTP requests and the servers’ HTTP responses.

Figure B: Rex Swain's HTTP Viewer:

Figure C: MVNU.EDU View:
Figure D - MVNU Web Page Content:
Topic attachments
I Attachment Action Size Date Who Comment
Pngpng Screen_Shot_2014-08-31_at_10.38.03_PM.png manage 240.0 K 2014-09-01 - 02:40 JimSkon Figure A
Pngpng Screen_Shot_2014-08-31_at_11.23.36_PM.png manage 102.7 K 2014-09-01 - 03:25 JimSkon Rex Swain's HTTP Viewer
Pngpng Screen_Shot_2014-08-31_at_11.30.52_PM.png manage 141.2 K 2014-09-01 - 03:35 JimSkon Figure C: MVNU.EDU View
Pngpng Screen_Shot_2014-08-31_at_11.35.47_PM.png manage 173.0 K 2014-09-01 - 03:36 JimSkon Figure D - MVNU Web Page Content
Topic revision: r1 - 2014-09-01 - JimSkon
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback