# Wireless Communications Assignment 1
###### tags: `Wireless Communications`
## Homework 1
Please see the video [here](https://youtu.be/72b0bokyGjI).
### 1. Make a Wireshark and [KS wireshark](https://drive.google.com/drive/folders/1FiEmKeXc4M7qfkHbAzDjbaQ0Yn-SRcCO?usp=sharing) installation guide
#### Install Wireshark
The following tutorial shows a step-by-step guide for installing Wireshark 4.4.9 on a Windows x64 system.
1. Download installer from Wireshark website (https://www.wireshark.org/#download). In this tutorial we will be installing v4.4.9 (Windows x64).
2. Execute the installer ("double click" the executable) when the installer is finished downloading. For reference, in this tutorial the installer is downloaded in the `C:Users\woute\Downloads\app-installers` directory.
If prompted, enter "yes" on the question "Allow this app to make changes to your device?".
3. If succesfull, the following window should be opened. Press `Next`.
4. Please read the end use license agreement and press `Noted`.
5. Press 'Next'
6. For a minimal Wireshark installation, do not select any components and click `Next`. The list below shows the components available for installation. After making your selections, click `Next` to continue. Please note, in this tutorial none of the extra components are installed.
1. If Android devices are to be analyzed, please select `Androiddump`.
2. If a 'random packet generator' is required for your analyze, please select `Randpktdump`.
3. If remote capture is required, please select `Sshdump, Ciscodump, and Wifidump`.
4. If UDP packets are to be analyzed, please select `UDPdump`.
7. Select your preferred options regarding Shortcuts and file extension association (Allow Windows to recognize Wireshak files) and press `Next`.
8. Select directory where Wireshark shall be installed.
9. Wireshark requires Npcap to capture live network data. Ensure the `Install Npcap` option is selected and click `Next`. If your system already has Npcap or WinPcap installed with a different version than required (Wireshark 4.4.9 requires Npcap 1.80), please uninstall it first.
10. Wireshark requires USBPcap to capture USB traffic. Select `Install USBPcap` and click `Install`, or simply click `Install` if this functionality is not needed. Similar to Npcap, ensure that any incompatible or invalid version of USBPcap is uninstalled before proceeding. In this tutorial we will not be installing USBPcap.
11. Wireshark will start installing on your system.
12. The installer window for Npcap will be shown. Please read the License Agreement and press `I Agree`.
13. Enable Npcap options if required (for a simple install of Wireshark they all can be disabled) and press `Install`.
14. Wait for the Npcap installer to finish and press `Next`.
15. Press 'Finish'
16. Wait for the Wireshark installer to finish and press `Next`.
1. If USBPcap is enabled, its installer will be shown aswell. Please follow the steps as mentioned in the installer.
17. Press `Finish`
#### Install KS Wireshark
The following tutorial shows a step-by-step guide for installing KS Wireshark on a Windows system.
1. Execute the installer ("dubble click" the executable).
*Note: this installer is provided by the professor, therefore no internet link is shown.*
1. If prompted, enter "yes" on the question "Allow this app to make changes to your device?".
2. If succesfull, the following window should be opened. Press `Next`.
3. Please read the license agreement and press `I Agree`.
4. The installer shall request which components it should install. In this tutorial the default selected components are not changed. Select `Next` after enabling/disabling the different componenets.
5. Please select your preferred shortcuts and file extension association, afterwards press `Next`.
6. Select directory where KS Wireshark shall be installed.
7. If the Wireshark installation guide was followed before, please select `Next`. If not, KS Wireshark requires Npcap or WinPcap to capture live network data. The installer of KS Wireshark comes with a compatible WinPcap installer. If no version of Npcap is installed, or an older version of WinPcap (please uninstall this version), please select the option `Install WinPcap` and press `Next`.
8. KS Wireshark requires USBPcap to capture USB traffic. Select `Install USBPcap` and click `Install`, or simply click 'Install' if this functionality is not needed. Similar to Npcap, ensure that any incompatible or invalid version of USBPcap is uninstalled before proceeding. In this tutorial we will not be installing USBPcap.
9. Wait for the install to finish and press `Next`.
10. Press `Finish`.
### 2. Capture packets: access the NTUST homepage (https://www.ntust.edu.tw/home.php) and answer the following questions
The image below is used to answer question 2.1 to 2.3. This image shows a screenshot of the first packages sent between PC and NTUST homepage. The red marked lines show the three-way-handshake (more on this later) followed by the first data sent from NTUST homepage to PC.
#### 2.1 What is the IP address and port of the NTUST homepage (https://www.ntust.edu.tw/home.php)?
The IP address and port of the NTUST homepage can be determined by looking at the first **SYN** message, which is sent from PC to the NTUST homepage. In this context, the NTUST homepage is the *Destination*. Looking at the package information, we can see that the destination IP adress is 140.118.242.124 and the destination port is 443. These values are highlighted in pink in the screenshot below.
#### 2.2 What is the IP address and port of your PC when initially accessing the page?
In a similiar way as in question 2.1, we can determine the IP address and port of the PC. This time, however, we need to look at the *source*. Referring back to the same screenshot as in 2.1, but focusing on the green highlighted text, we find that the source IP address is 192.168.66.70 and the source port is 54542.
#### 2.3 What is the process of the TCP three-way handshake?
To establish a TCP connection between client and server (PC and NTUST homepage), a **three-way-handshake** is performed. This process is clearly visible in the red highlighted text in the screenshot referenced in the introduction to this question.
When I, as a user, attempt to access the NTUST homepage, my PC must first establish a TCP connection before the webpage data can be send. This is initated by the PC sending a **SYN** message to the server (NTUST webpage). Opun received it, the server replies with a **SYN, ACK** message. Finally, the client (PC) responds with an **ACK** message. At this point the TCP connection is established and data transfer can begin. This is shown in the remainder of the Wireshark screenshot, where the first few packets after the handshake show the initial transmission of webpage data.
### 3. Use the filter `dns` to find a DNS packet and answer the following questions
#### 3.1 What is the IP address and port of the DNS server?
The IP address and port of the DNS server can be easily found by repeating the process of question 2.1 and 2.2. In this case, we're accessing www.google.com/maps with the `dns` filter enabled. Looking at the first package, we see that the *Source* is the same as in question 2 (our PC), sending a DNS request to the DNS server at **168.95.1.1** on port **53**.
#### 3.2 What is the domain name in this query?
The domain name in this query is: `lh3.google.com`.
Looking at the response of the DNS server, this is resolved into `lh2.l.google.com` which finally is resolved into **142.250.66.78**. See highlighted green text in the screenshot below.
#### 3.3 Which protocol(s) does this DNS packet use? (List the protocols from Layer 2 — Link Layer — up to Layer 5 — Application Layer in the TCP/IP five-layer model.)
The following protocols are used in the DNS packet:
Layer 2 (Data): Ethernet
Layer 3 (Network): IPv4
Layer 4 (Transport): UDP
Layer 5 (Application): DNS
Please see screenshot below with the various protocols highlighted.
### 4. Access an HTTP page (e.g., http://www.gzxyzn.com/Article/bjrk2/1644.html) and answer the following questions
#### 4.1 Which HTTP page did you access?
The following HTTP page is used for this question: http://httpforever.com/
#### 4.2 What is the IP address and port of the server hosting this page?
The IP address and port are retrieved in the manner as discused earlier.
IP Address: 146.190.62.39
Port: 80
#### 4.3 What is the request method?
The used request method is `GET`.
#### 4.4 What is the response status code, and what does it mean?
The response status code is: `200`.
The status code 200 stands for `OK`, it is part of the 2xx group of status codes that indicate a request was successfully received, understood or accepted. (ref: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml)
### 5. Link of the PCAP
PCAP and video files can be found in my [Google Drive](https://drive.google.com/drive/folders/1svoJ1D4K5xDPjLXmX7zpYtHCQw4arV5H?usp=drive_link).
Sign in with Wallet
Connect another wallet