All course related project "PACKET/Wireshark" work is to be done individually and individual reports (and logs if needed) are to be uploaded into the student portal for grading.

Note: While the actual Wireshark work is to be done individually; network and computer equipment use and configuration may be done collaboratively by students, in the same course section only.

Within the same CS470 section, students may share hardware and cabling to build their networks. Each student must state in their individual assignment report which hardware (real or virtual) elements they supplied, which they shared and the other students they shared with. Students may NOT share Wireshark assignments/work, data, data logs, or screen captures.

First: Create/build a network or get access to a network that has at least two local (host) machines (any OS, machines may be real or virtual) and one switch/router on it. The switch/router maybe real or virtual (for example a VirtualBox networking connection). You may use any combination of real/virtual networks and real/virtual equipment that you have access to the packets on. You may use any Operating Systems you desire. Your locally created network may be connected to the Internet, but a maximum of only ONE Internet up-link connection is allowed.

In addition to sniffing packets, another learning goal of this task assignment is for students to gain hands-on exposure to creating their own network rather than just attaching to the Internet.

10 Point VM BONUS: For having a local virtual machine as one or more of the hosts (with data sender, data receiver, or WireShark analyzer installed on it) in your project network.

A learning goal of the bonus is to encourage students to apply the course concepts in the virtual and cloud computing worlds (including virtual ports, connections, virtual cabling, switches, etc.) in addition to applying cource concepts to real world equipment.

Second: Install Wireshark (wireshark.org) or equivalent.

Third: Using WireShark (or equivalent), perform 3 tasks from items 0 through 10 below.

The learning goal of these assignment tasks is to help students move up from Operating System provided terminal tools (such as ping, traceroute and tracecert that confirm basic network connectivity) to more advanced, professional-level network analysis tools.

Perform 3 of the following: 
0) Note: This task assignment is different from Week 4's, in that you are additionally to use WireShark to determine the sender's IP address, and possibly some IPs in the path between the sender and the receiver. Using the computer language of your choice, create an email application that sends a simple text email every few seconds. You can think of your email application as a malicious "spammer." Then using WireShark, find and show that the email(s) was sent and discover the IP address of the spammer. Hint: Consider using WireShark to look for Simple Mail Transfer Protocol (SMTP) packets or port 25 or even searching for known text (your NPU student ID) in the email. Note: Some third party email systems may view your automated email as spam and filter it out. Hence, you might not be able to see both the transmit and the receive sides. Note: Some students have reported that if they have strong Google security measures enabled on their account that they run into difficulties email themselves in an automated way. The reported solution is to reduce their account's security settings temporarily.

1) Discover & sniff the contents of a standard website textbox in any non-encrypted web site. Note: If you have a private web server (perhaps by installing a Linux LAMP or WAMP server system) you may use it instead of a public web site.

2) Discover/sniff/hack cookies.

     Example: Show that a cookie was made.

     Note: You can manually delete it before going to the web page. If you wish and if you have your own web server, you may create your own cookie writer. Please take a screen capture before, during (Wireshark will log) and after cookie creation.

3) Create a specific site or IP address or Machine filter within WireShark and show that it is functioning.

4) Create a HTTP, TCP or UDP protocol or port filter and show that it is functioning (before and after).

5) Track a DHCP handshake and show its progress.

6) Track an Encryption/SSL handshake set-up. Note: You do not have read (break) the encrypted text, just show that you found it and/or captured a copy of it.

7) Use WireShark to show traffic in-between two machines. Note: If you are using virtual machines via VirtualBox then you probably will have to adjust VirtualBox's network interface settings for the specific virtual machine's configuration.

8) Configure FTP between two machines and then use WireShark to watch as a file is transferred or the FTP session is set up.

9) Use Wireshark to troubleshoot a network.

Please document the test trouble you created and show how you found it through traffic analysis. Example 1: You have a 3 machine Y topology network where you caused a link failure by pulling the plug. Example 2: You changed a firewall setting to block a specific type of traffic.

10) Custom. You may request permission from the instructor to investigate another capability/feature of Wireshark.

Fourth: Write a proper assignment results report. Your report must include:

(a) A proper introduction, including:

A logical description and diagram of the network configuration; a photograph of the locally created network hardware equipment arrangement is desirable,

Description of equipment, hosts, cabling and ports used,

Description of where WireShark was located,

Description of various IP addresses and their functions/applications.

(b) Individual sections for each task including: Task description, and written step-by-step text instructions and screen captures showing how you performed each of the tasks you selected.

(c) Screen capture(s) for each step (screen captures are to include the desktop date and time clock). Every close-up screen capture is to also have a zoom out screen capture that includes the background of the desktop (with several desktop icons showing) and clock showing. Screen captures must be readable. Screen captures are to be embedded in your write up report.

(d) Include a matching copy of your actual WireShark data log file(s) in your assignment report package. If you use a zip file, be sure that each internal file has your student ID in its file name