Monday, June 30, 2014

Visiting the Rose Hulman Institute of Technology website

Rose Hulman Institute of Technology is a private college located in Terre Haute, Indiana.   This college specializes in teaching Engineering, Mathematics and Science majors, and is considered to be one of the best educational institutions in the United States.

 Set up the following hardware before using Wireshark to do a packet trace and analysis when I visit the Rose Hulman Institute of Technology website:


The above setup helps in being able to visit a website on one computer and capture all the packets on the other computer.  The advantage in using a hub instead of a switch is every PC on the hub is able to see all packets traversing across the hub, unlike a switch where the traffic flows on dedicated ports.  (I could have achieved this on a switch by doing Port scanning or Port mapping).

Preliminary steps taken:
  • Cleared the DNS cache on the Browsing PC, that's running RedHat Linux:
redhat: / >
redhat: / >
redhat: / > service nscd restart
Stopping nscd:                                            [  OK  ]
Starting nscd:                                            [  OK  ]
redhat: / >
redhat: / >
redhat: / > /etc/init.d/dnsmasq restart

Starting dnsmasq:                                          [  OK  ]
redhat: / >
redhat: / >
redhat: / >
redhat: / >
redhat: / > ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:0F:20:FF:1D:8C
          inet addr:192.168.1.249  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2602:306:b80d:1c40:20f:20ff:feff:1d8c/64 Scope:Global
          inet6 addr: fe80::20f:20ff:feff:1d8c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4498 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2900 errors:0 dropped:0 overruns:0 carrier:0
          collisions:704 txqueuelen:1000
          RX bytes:2307159 (2.2 MiB)  TX bytes:380384 (371.4 KiB)
          Interrupt:20

redhat: / >
redhat: / >
redhat: / >
redhat: / > dig www.rose-hulman.edu

; <<>> DiG 9.6.1-P1-RedHat-9.6.1-11.P1.fc12 <<>> www.rose-hulman.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11619
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.rose-hulman.edu.        IN    A

;; ANSWER SECTION:
www.rose-hulman.edu.    14031    IN    CNAME    umbracoprod.rose-hulman.edu.
umbracoprod.rose-hulman.edu. 4341 IN    A    137.112.18.43

;; Query time: 12 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Thu Jan  3 16:02:51 1980
;; MSG SIZE  rcvd: 79

redhat: / >
redhat: / >
  • Confirmed the IP address of the Rose Hulman Institute of Technology website using the # host www.rose-hulman.edu   command:           137.112.18.43
  • Started the Wireshark packet sniffer tool on the Sniffer PC, and specified the Filter: ip.addr == 137.112.18.43
  • Typed in www.rose-hulman.edu for the URL on the Browsing PC


Analysis:

Home page of Rose Hulman Institute of Technology:


Wireshark screenshots:

Three-way TCP handshake:

































Screen 1
-----------


Screen 2
-----------


Screen 3
-----------




































Screen 4
-----------




































Screen 5
-----------























Screen 6
-----------



































Screen 7
-----------


Screen 8
-----------



































Screen 9
-----------






































Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)