Network Protocols Assignment

Questions: 1. Describe what the term promiscuous mode means in relation to capturing network traffic with Wireshark and similar network traffic analysers. The Capture Options dialog allows the Name Resolution of Network Layer names. Describe what this means and describe how it could be used for capturing network traffic. 2. Describe the difference between a network switch and a network hub. Then explain how switched networks limit the network traffic that is visible to Wireshark in comparison to networks that used hubs. (Note switches are the technology used in todays computer networks) 3. In TCP/IP networking IP addresses are used to identify specific computers (or hosts) on the network, clients use ports numbers to specify a particular instance of a client program (for example a specific tab on a web browser) and servers normally use well known port numbers on which to listen for client requests. For instance ftp at the server uses ports 20 and 21. From the web or any other source determine the well-known port numbers of the following server programs: ftp data ftp control http NTP ssh 4. Also find the well know port numbers for 6 other network protocols and describe the function that each protocol performs. Answers: Promiscuous mode The promiscuous mode is the mode which is used to capture the network traffic that is flows through the Ethernet traffic and not the unicast traffic. With the promiscuous mode being activated, the multicast filter is switched off. All the packets that are received are delivered to the host. In case of capturing the traffic in an Ethernet traffic, instead of the Unicast traffic on which Wireshark, multicast and broadcast traffic is maintained, the filter is switched off. So it can be said that the promiscuous mode is necessary to switched on in order to capture the network traffic (Chappell, 2010). Name Resolution of Network Layer The name resolution attempts to convert few of the numerical address values into a format that can be read and understood by the humans. The name resolution acts as an interpreter that converts the numerical address value into a form that is readable by the humans. There are two wqays by which this can be done. They are done by calling system or network services or resolve from Wireshark specific configuration. The capture files are used to understand the information that will stay available after the captured packets are saved to a capture file (Merino, 2013). This is helpful in knowing a bit of the capture file content. Difference between a network switch and a network hub In case of a network, a device which filters and sends ahead the packets that are between the LAN segments. The switches are operational between the data link layer and the network layer of the OSI model. As a result, it supports the packet protocol. LANs which utilize switches to join segments are referred to as switched LANs or in some cases called as the Ethernet networks or the Ethernet LANs. But a connection point for devices in a certain network in a network is called as the Hub. The Hubs are commonly implemented to connect the segments of a LAN. A Hub contains multiple ports (Orebaugh, Ramirez and Burke, 2007). In case of a hub when a certain packet arrives a port, it is copied to the other ports and shared through the network. Nowadays, an Ethernet network utilizes switches which connect the Ethernet nodes together. This helps to increase the network performance by a great deal, but it becomes difficult at the time of capturing data using Wireshark. An Ethernet switch does the same job as that of an Ethernet adapter but the function is done inside the switch. The inference can be drawn from the from the traffic seen on the port that unicast address or addresses are utilised by the connector added to the port (Sanders, 2011). Port numbers of given server programs Sl. no servers port numbers 1 ftp data 20 2 ftp control 21 3 HTTP 80 4 NTP 119 5 SSH 2 Different other well-known port numbers are- BGP- the short Border Gateway Protocol has port number of 179. It is an exterior gateway routing protocol, which enable groups of routers to share routing information in case of efficient loop free routes, needs to be established. BGP is mostly used within and between internet service providers. LDAP- the lightweight directory access protocol bears the port number of 389. This port sets the protocols for the accessing of the information directories (Seagren and Noonan, 2006). DHCP client- the DHCP client is a protocol for the assignment of a dynamic IP address to the devices of a network. It has the port number of 546. With the help of dynamic addressing, it is possible to have different IP addresses at the same time. SNMP- the simple network management protocol is a set of protocols for the managing of complex networks. It bears the port number of 161. SQL server- the DBMS which responds to queries from the client machines are formatted in the SQL language. It bears the port number of 156 POP3- the Post Office Protocol is utilised to retrieve e-mail from the email servers in order to keep track of the messages. References Banerjee, U., Vashishtha, A. and Saxena, M. (2010). Evaluation of the Capabilities of WireShark as a tool for Intrusion Detection.International Journal of Computer Applications, 6(7), pp.1-5. Chappell, L. (2010).Wireshark network analysis. San Jose, CA: Protocol Analysis Institute, Chappell University. Hnatyshin, V. and Lobo, A. (2008). Undergraduate data communications and networking projects using opnet and wireshark software.SIGCSE Bull., 40(1), p.241. Kumar, A. and Yadav, J. (2016). Comparison: Wireshark on different parameters.International Journal Of Engineering And Computer Science.