University of Jordan
Faculty of Engineering & Technology
Computer Engineering Department
Computer Networks Laboratory
907528
Lab1: Cabling & Packet Sniffing
1 Lab1: Cabling & Packet Sniffing
Physical media refers to the physical materials that are used to transmit information in data
communications. It is referred to as physical media because the media is generally a
physical object such as copper or glass.
Although it is possible to use several forms of wireless networking, such as radio frequency
and Infrared, the majority of installed LANs today communicate via some sort of cable. In
the following sections, we’ll look at two types of cables:
Twisted pair.
Fiber optic.
Twisted-Pair Cable
Twisted-pair cable consists of multiple, individually insulated wires that are twisted
together in pairs. Sometimes a metallic shield is placed around the twisted pairs. Hence, the
name shielded twisted-pair (STP).
Also you will see cable without outer shielding; it’s called unshielded twisted-pair (UTP).
UTP is commonly used in twisted-pair Ethernet (10Base-T, 100Base-TX, etc.), star-wired
networks.
Let’s take a look at why the wires in this cable type are twisted. When electromagnetic
signals are conducted on copper wires that are in close proximity (such as inside a cable),
some electromagnetic interference occurs. In this scenario, this interference is called
crosstalk. Twisting two wires together as a pair minimizes such interference and also
provides some protection against interference from outside sources.
2 Lab1: Cabling & Packet Sniffing
Connecting UTP You need to use an RJ (Registered Jack) connector. Most telephones connect withan RJ-11
connector. The connector used with UTP cable is called RJ-45. The RJ-11 has fourwires, or
two pairs, and the network connector RJ-45 has four pairs, or eight wires.
You use a crimper to attach an RJ connector to a cable. The only difference is that the die
that holds the connector is a different shape. Higher-quality crimping tools have
interchangeable dies for both types of cables.
3 Lab1: Cabling & Packet Sniffing
Types of Interfaces
In an Ethernet LAN, devices use one of two types of UTP interfaces - MDI or MDIX.
The MDI (media-dependent interface) uses the normal Ethernet pinouts. Pins 1 and 2 are
used for transmitting and pins 3 and 6 are used for receiving. Devices such as computers,
servers, or routers will have MDI connections.
The devices that provide LAN connectivity - usually hubs or switches - typically use MDIX
(media-dependent interface, crossover) connections. The MDIX connection swaps the
transmit pairs internally. This swapping allows the end devices to be connected to the hub
or switch using a straight-through cable.
Typically, when connecting different types of devices, use a straight-through cable. And
when connecting the same type of device, use a crossover cable.
UTP Cables Connections types:
Straight-through UTP Cables
A straight-through cable has connectors on each end that are terminated the same in
accordance with either the T568A or T568B standards.
Identifying the cable standard used allows you to determine if you have the right cable for
the job. More importantly, it is a common practice to use the same color codes throughout
the LAN for consistency in documentation.
Use straight-through cables for the following connections:
Switch to a router Ethernet port
Computer to switch
Computer to hub
Crossover UTP Cables
For two devices to communicate through a cable that is directly connected between the two,
the transmit terminal of one device needs to be connected to the receive terminal of the
other device.
The cable must be terminated so the transmit pin, Tx, taking the signal from device A at one
end, is wired to the receive pin, Rx, on device B. Similarly, device B's Tx pin must be
4 Lab1: Cabling & Packet Sniffing
connected to device A's Rx pin. If the Tx pin on a device is numbered 1, and the Rx pin is
numbered 2, the cable connects pin 1 at one end with pin 2 at the other end. These "crossed
over" pin connections give this type of cable its name, crossover.
To summarize, crossover cables directly connect the following devices on a LAN:
Switch to switch
Switch to hub
Hub to hub
Router to router Ethernet port connection
Computer to computer
Computer to a router Ethernet port
5 Lab1: Cabling & Packet Sniffing
Rollover UTP Cables
In a rolled cable, the colored wires at one end of the cable are in the reverse sequence of the
colored wires at the other end of the cable.
Console Cables (RJ-45 to DB-9 Female)
This cable is also known as Management Cable.
The connection to the console is made by plugging the DB-9 connector into an available
EIA/TIA 232 serial port on the computer. It is important to remember that if there is more
than one serial port, note which port number is being used for the console connection. Once
the serial connection to the computer is made, connect the RJ-45 end of the cable directly
into the console interface on the router.
6 Lab1: Cabling & Packet Sniffing
Fiber-Optic Cable
Fiber-optic cable transmits digital signals using light impulses rather than electricity; it is
immune to Electromagnetic Interference (EMI) and Radio Frequency Interference (RFI).
Light is carried on either a glass or a plastic core. Glass can carry the signal a greater
distance, but plastic costs less. Regardless of which core is used, the core is surrounded by a
glass or plastic cladding, which is more glass or plastic with a different index of refraction
that refracts the light back into the core. Around this is a layer of flexible plastic buffer.
This can be then wrapped in an armor coating and then sheathed in PVC or plenum.
7 Lab1: Cabling & Packet Sniffing
The cable itself comes in two different styles: single-mode fiber (SMF) and multimode fiber
(MMF).
Single mode fiber optic:
Glass core 8 – 10 micrometers diameter.
Laser light source produces single ray of light.
Distances up to 100km.
Photodiodes to convert light back to electrical signals.
Multimode fiber optic:
Glass core 50 – 60 micrometers diameter.
LED light source produces many rays of light at
different angles, travel at different speeds.
Distances up to 2km, limited by dispersion.
Photodiode receptors.
Cheaper than single mode.
Although fiber-optic cable may sound like the solution to many problems:
Is completely immune to EMI or RFI
Can transmit up to 40 kilometers (about 25 miles)
Here are the Problems of fiber-optic cable:
Is difficult to install
Requires a bigger investment in installation and materials.
Serial Cables In the lab experiments, you may be using Cisco routers with one of two types of physical
serial cables. Both cables use a large Winchester 15 Pin connector on the network end. This
end of the cable is used as a V.35 connection to a Physical layer device such as a
CSU/DSU.
The first cable type has a male DB-60 connector on the Cisco end and a male Winchester
connector on the network end. The second type is a more compact version of this cable and
has a Smart Serial connector on the Cisco device end. It is necessary to be able to identify
the two different types in order to connect successfully to the router.
8 Lab1: Cabling & Packet Sniffing
Data Communications Equipment and Data Terminal Equipment
The following terms describe the types of devices that maintain the link between a sending
and a receiving device:
Data Communications Equipment (DCE) - A device that supplies the clocking services to
another device. Typically, this device is at the WAN access provider end of the link.
Data Terminal Equipment (DTE) - A device that receives clocking services from another
device and adjusts accordingly. Typically, this device is at the WAN customer or user end
of the link.
If a serial connection is made directly to a service provider or to a device that provides
signal clocking such as a channel service unit/data service unit (CSU/DSU), the router is
considered to be data terminal equipment (DTE) and will use a DTE serial cable.
DCEs and DTEs are used in WAN connections. The communication via a WAN connection
is maintained by providing a clock rate that is acceptable to both the sending and the
receiving device. In most cases, the ISP provides the clocking service that synchronizes the
transmitted signal.
9 Lab1: Cabling & Packet Sniffing
When making WAN connections between two routers in a lab, connect two routers with a
serial cable to simulate a point-to-point WAN link. In this case, decide which router is
going to be the one in control of clocking. Routers are DTE devices by default, but they can
be configured to act as DCE devices.
The V35 compliant cables are available in DTE and DCE versions. To create a point-to-
point serial connection between two routers, join together a DTE and DCE cable. Each
cable comes with connectors that mate with its complementary type. These connectors are
configured so that you cannot join two DCE or two DTE cables together by mistake.
10 Lab1: Cabling & Packet Sniffing
How to prepare a UTP cable
Example: Instructions to prepare a Crossover cable
Things you'll need:
RJ-45 Crimp Tool
Cat-5e Cable
RJ-45 Jacks
Step 1
Prepare your workspace. Take the roll of UTP cable and cut the cable to length using the
cutting blade on the crimp tool.
Step 2
Splice the end by using the splicing blades to expose the unshielded twisted pairs.
Step 3
Take each twisted pair and make four wire strands, each going out from the center of the
wire.
Step 4
Now take the individual twisted wire pairs and untwist them down to individual wires in
the following order: Striped Orange, Orange, Striped Green, Blue, Striped Blue, Green,
Striped Brown, and Brown.
Step 5
Next, grasp the wires with your thumb and index finger of your non-dominant hand.
Take each wire and snug them securely side by side.
11 Lab1: Cabling & Packet Sniffing
Step 6
Using the cutting blade of the crimp tool, cut the ends off of the wires to make each wire
the same height.
Step 7
Still grasping the wires, insert the RJ-45 jack on the wires with the clip facing away
from you.
Step 8
Insert the jack into the crimper and press down tightly on the tool to seal the wires in
place.
Step 9
Once the first head is made, repeat steps two through eight. When untwisting the wires
down to sing strands, use the following order: Striped Green, Green, Striped Orange,
Blue, Striped Blue, Orange, Striped Brown, Brown.
Step 10
Plug in the cable to test connectivity.
12 Lab1: Cabling & Packet Sniffing
Cables Testing
In this lab, we are going to use MicroScanner2 UTP cable tester device to verify that cables
were prepared correctly else diagnosing cable's faults.
MicroScanner2 Features
13 Lab1: Cabling & Packet Sniffing
Auto Shutoff
The tester turns off after 10 minutes if no keys are pressed and nothing changes at the
tester’s connectors.
Changing the Length Units
14 Lab1: Cabling & Packet Sniffing
15 Lab1: Cabling & Packet Sniffing
16 Lab1: Cabling & Packet Sniffing
Diagnosing Wire map Faults
Open
• Wires connected to wrong pins at connector or punch down blocks
• Faulty connections
• Damaged connector
• Damaged cable
• Wrong pairs selected in setup
• Wrong application for cable
17 Lab1: Cabling & Packet Sniffing
Split Pair
Wires connected to wrong pins at connector or punch down block.
Reversed Pairs
Wires connected to wrong pins at connector or punch down block.
Crossed Pairs
• Wires connected to wrong pins at connector or punch down block.
• Mix of 568A and 568B wiring standards (12 and 36 crossed).
• Crossover cables used where not needed (12 and 36 crossed).
Short
• Damaged connector
• Damaged cable
• Conductive material stuck between pins at connector.
• Improper connector termination
• Wrong application for cable
18 Lab1: Cabling & Packet Sniffing
WIRESHARK Packet Sniffer
The purpose of this part is to introduce the packet sniffer WIRESHARK. WIRESHARK
will be used for the lab experiments. This part introduces the basic operation of a packet
sniffer, and a test run of WIRESHARK.
The basic tool for observing the messages exchanged between executing protocol entities is
called a packet sniffer. As the name suggests, a packet sniffer captures (“sniffs”) messages
being sent/received from/by your computer; it will also typically store and/or display the
contents of the various protocol fields in these captured messages. A packet sniffer itself is
passive. It observes messages being sent and received by applications and protocols running
on your computer, but never sends packets itself. Similarly, received packets are never
explicitly addressed to the packet sniffer. Instead, a packet sniffer receives a copy of
packets that are sent/received from/by application and protocols executing on your machine.
Figure 1 shows the structure of a packet sniffer. At the right of Figure 1 are the protocols (in
this case, Internet protocols) and applications (such as a web browser or ftp client) that
normally run on your computer. The packet sniffer, shown within the dashed rectangle in
Figure 1 is an addition to the usual software in your computer, and consists of two parts.
The packet capture library receives a copy of every link-layer frame that is sent from or
received by your computer. Recall from the discussion from section 1.5 in the text (Figure
1.202) that messages exchanged by higher layer protocols such as HTTP, FTP, TCP, UDP,
DNS, or IP all are eventually encapsulated in link-layer frames that are transmitted over
physical media such as an Ethernet cable. In Figure 1, the assumed physical media is an
Ethernet, and so all upper layer protocols are eventually encapsulated within an Ethernet
frame. Capturing all link-layer frames thus gives you all messages sent/received from/by all
protocols and applications executing in your computer.
19 Lab1: Cabling & Packet Sniffing
The second component of a packet sniffer is the packet analyzer, which displays the
contents of all fields within a protocol message. In order to do so, the packet analyzer must
“understand” the structure of all messages exchanged by protocols. For example, suppose
we are interested in displaying the various fields in messages exchanged by the HTTP
protocol in Figure 1. The packet analyzer understands the format of Ethernet frames, and so
can identify the IP datagram within an Ethernet frame. It also understands the IP datagram
format, so that it can extract the TCP segment within the IP datagram.
Finally, it understands the TCP segment structure, so it can extract the HTTP message
contained in the TCP segment. Finally, it understands the HTTP protocol and so, for
example, knows that the first bytes of an HTTP message will contain the string “GET,”
“POST,” or “HEAD
Running Wireshark
When you run the Wireshark program, the Wireshark graphical user interface shown in
Figure 2 will be displayed. Initially, no data will be displayed in the various windows.
The Wireshark interface has five major components:
The command menus are standard pull-down menus located at the top of the
window. Of interest to us now is the File and Capture menus. The File menu
allows you to save captured packet data or open a file containing previously
20 Lab1: Cabling & Packet Sniffing
captured packet data, and exit the Wireshark application. The Capture menu
allows you to begin packet capture.
The packet-listing window displays a one-line summary for each packet
captured, including the packet number (assigned by Wireshark; this is not a
packet number contained in any protocol’s header), the time at which the packet
was captured, the packet’s source and destination addresses, the protocol type,
and protocol-specific information contained in the packet. The packet listing can
be sorted according to any of these categories by clicking on a column name.
The protocol type field lists the highest level protocol that sent or received this
packet, i.e., the protocol that is the source or ultimate sink for this packet.
The packet-header details window provides details about the packet selected
(highlighted) in the packet listing window. (To select a packet in the packet
listing window, place the cursor over the packet’s one-line summary in the
packet listing window and click with the left mouse button.). These details
include information about the Ethernet frame (assuming the packet was
sent/received over an Ethernet interface) and IP datagram that contains this
packet. The amount of Ethernet and IP-layer detail displayed can be expanded or
minimized by clicking on the plus-or-minus boxes to the left of the Ethernet
frame or IP datagram line in the packet details window. If the packet has been
carried over TCP or UDP, TCP or UDP details will also be displayed, which can
similarly be expanded or minimized. Finally, details about the highest level
protocol that sent or received this packet are also provided.
The packet-contents window displays the entire contents of the captured frame,
in both ASCII and hexadecimal format.
Towards the top of the Wireshark graphical user interface, is the packet display
filter field, into which a protocol name or other information can be entered in
order to filter the information displayed in the packet-listing window (and hence
the packet-header and packet-contents windows). In the example below, we’ll
use the packet-display filter field to have Wireshark hide (not display) packets
except those that correspond to HTTP messages.
Taking Wireshark for a Test Run:
1. Start up your favorite web browser, which will display your selected homepage.
2. Start up the Wireshark software. You will initially see a window similar to that
shown in Figure 2, except that no packet data will be displayed in the packetlisting,
21 Lab1: Cabling & Packet Sniffing
packet-header, or packet-contents window, since Wireshark has not yet begun
capturing packets.
3. To begin packet capture, select the Capture pull down menu and select Options.
This will cause the “Wireshark: Capture Options” window to be displayed, as
shown in Figure 3.
4. You can use most of the default values in this window, but uncheck “Hide capture
info dialog” under Display Options. The networks interface (i.e., the physical
connections) that your computer has to the network will be shown in the Interface
pull down menu at the top of the Capture Options window. In case your computer
has more than one active network interface (e.g., if you have both a wireless and a
wired Ethernet connection), you will need to select an interface that is being used to
send and receive packets (mostly likely the wired interface). After selecting the
network interface (or using the default interface chosen by Wireshark), click Start.
Packet capture will now begin - all packets being sent/received from/by your
computer are now being captured by Wireshark!
22 Lab1: Cabling & Packet Sniffing
5. Once you begin packet capture, a packet capture summary window will appear, as
shown in Figure 4. This window summarizes the number of packets of various
types that are being captured, and (importantly!) contains the Stop button that will
allow you to stop packet capture. Don’t stop packet capture yet.
6. While Wireshark is running, enter the URL:
http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html
And have that page displayed in your browser. In order to display this page, your
browser will contact the HTTP server at gaia.cs.umass.edu and exchange HTTP
messages with the server in order to download this page. The Ethernet frames
containing these HTTP messages will be captured by Wireshark.
7. After your browser has displayed the INTRO-wireshark-file1.html page, stop
Wireshark packet capture by selecting stop in the Wireshark capture window.
This will cause the Wireshark capture window to disappear and the main Wireshark
window to display all packets captured since you began packet capture.
The main Wireshark window should now look similar to Figure 2. You now have
live packet data that contains all protocol messages exchanged between your
computer and other network entities! The HTTP message exchanges with the
gaia.cs.umass.edu web server should appear somewhere in the listing of packets
captured. But there will be many other types of packets displayed as well (see, e.g.,
the many different protocol types shown in the Protocol column in Figure 2).
8. Type in “http” (without the quotes, and in lower case – all protocol names are in
lower case in Wireshark) into the display filter specification window at the top of
the main Wireshark window. Then select Apply (to the right of where you entered
23 Lab1: Cabling & Packet Sniffing
“http”). This will cause only HTTP message to be displayed in the packet-listing
window.
9. Select the first http message shown in the packet-listing window. This should be the
HTTP GET message that was sent from your computer to the gaia.cs.umass.edu
HTTP server. When you select the HTTP GET message, the Ethernet frame, IP
datagram, TCP segment, and HTTP message header information will be displayed
in the packet-header window3. By clicking plus and- minus boxes to the left side of
the packet details window, minimize the amount of Frame, Ethernet, Internet
Protocol, and Transmission Control Protocol information displayed. Maximize the
amount information displayed about the HTTP protocol. Your Wireshark display
should now look roughly as shown in Figure 5. (Note, in particular, the minimized
amount of protocol information for all protocols except HTTP, and the maximized
amount of protocol information for HTTP in the packet-header window).
10. Exit Wireshark