TCP Headers Exercise 1

Ethereal

 

  1. An effective tool for viewing TCP headers is a software program called Ethereal Network Analyzer.  You can download Ethereal on many platforms from http://www.ethereal.com/.  You can open the .etr files in this exercise in Ethereal get a better understanding of the transmission protocols that take place on a FTP transfer.  In addition, you can easily see the username and password as they pass over the network if you open the files in ethereal.
  2. To see the FTP protocols in Ethereal, right click on this link to the ethereal_ftp_capture.etr file.  Save the file on your computer.  Then open ethereal and go to File > Open...  Locate the files where you saved them on your computer and double click on which file you wish to open.  You should see the following as shown in Figure 9.1

 

Figure 9.1 [larger version]

 

  1. I have highlighted some important information in the image above.  The first two highlighted lines show where we captured the username and password during an FTP sign on.  The next 4 highlighted lines show the transmission setup and FTP data transfer on port 20. 
  2. You can capture data using ethereal.  To do this, open your FTP client (ws_ftp if use the client described in the FTP Exercise).  Don’t connect to the server when you open it at first. 
  3. On the ethereal screen, go to File > Close to make sure that you don’t have any other files open in Ethereal.  Next, click on Capture > Start.  The screen in Figure 9.2 will appear:

 

Figure 9.2

 

  1. Click the OK button to begin the capture.  Switch back over to your FTP client and connect to the server.  After you have successfully connected, you can either transfer data or simply disconnect.
  2. When you are done with your FTP client, make sure you disconnect.  Then switch back over to the ethereal program and stop the capture.  You should have similar results.
  3. To save the output, simply click on File > Save.  Save the file on your hard and name the file whatever you want to.  I named my files ending in .etr just for easy organization.

 

 

On Your Own Exercise 1

 

Do an ethereal capture of the HTTP process.  Save the output from ethereal as tcp_exercise_1.etr.