1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
The comments summary:
Summary created by Wireshark (Git Rev Unknown from unknown)
File:
Name: /.../netsec-assignment2-S4498062/exercise3/outputnetsec-01-dec.cap
Length: 140897136 bytes
Format: Wireshark/tcpdump/... - pcap
Encapsulation: IEEE 802.11 Wireless LAN
Packet size limit: 65535 bytes
Time:
First packet: 2015-09-11 08:52:12
Last packet: 2015-09-11 09:16:57
Elapsed: 00:24:45
Capture:
Unknown interface:
Dropped packets: unknown
Capture filter: unknown
Link type: IEEE 802.11 Wireless LAN
Packet size limit 65535 bytes
Statistics:
Packets: 200052
Between first and last packet:1485.708 sec
Avg. packets/sec: 134.651
Avg packet size: 688.302 bytes
Bytes: 137696296
Avg bytes/sec: 92680.617
Avg Mbit/sec: 0.741
The IP conversations:
"Address A","Address B","Packets","Bytes","Packets A→B","Bytes A→B","Packets A←B","Bytes A←B","Rel Start","Duration","bps A→B","bps A←B"
"192.168.84.40","192.168.84.79","4743","550188","2791","323756","1952","226432","0.000000000","1485.2227","1743.88","1219.65"
"192.168.84.51","192.168.84.68","97598","57695108","61316","5156724","36282","52538384","-0.000003000","1485.7076","27767.10","282900.27"
"192.168.84.10","192.168.84.62","85260","78089584","51881","75285124","33379","2804460","-0.000004000","1485.6989","405385.64","15101.10"
"192.168.84.10","192.168.84.47","5570","646120","2788","323408","2782","322712","0.066556000","1485.1628","1742.07","1738.33"
"192.168.84.10","192.168.84.60","4682","543112","2721","315636","1961","227476","0.975936000","1484.1761","1701.34","1226.14"
"192.168.84.10","192.168.84.56","1832","150164","919","66168","913","83996","1.014845000","1482.2693","357.12","453.34"
Conversation .10 and .62:
These clients only use TCP. The data seems to be hexadecimal ascii
characters. I did not convert that to see what they're sending.
Conversation .51 and .68:
This is similar to the one above.
The protocol hierarchy looks more interesting now (percentages are given in %
packets):
- There's some ARP messages (0.18%)
- But mostly IP (99.82%)
- Of which most are TCP (92.32%)
- But also some ICMP (7.5%)
NOTE:
As it turns out, there was something wrong with the network when I sniffed. Another student had the same problem, but retrying later gave
him UDP packets with something like "Insert your student number here". I did not have the time to sniff again and look at the details again.
As a result, I didn't understand what was the point of exercise 4b (see note there as well).
As a proof, I can send you the cap file. Because of its size I will only do that on request (info@camilstaps.nl).
|
