I got Wireshark to work and started into Computer Networking, finishing Exercise 1.1. There was some difficulty at first because the interface selection was empty. After some googling I discovered that this was due to an idiosyncrasy with OSX where the user doesn't have access to /dev/bpf* and the solution was:

This worked but apparently only for a given session. I'll need a way to attach this to some sort of login script that runs as root.

My laptop can apparently receive packets through four different interfaces: fw0, en0, en1, lo0. Through trial and error I was able to discover that en1 is the correct one (it was the only one that saw any packets). The names of the interfaces talked about in the book are a lot more descriptive so I can only guess at what these mean (probably a Mac vs. Windows thing). Anyway I got a lot of packets and wasn't sure what to make of them all so I went back to the book.

I got the traces from the included CD and went through the first 30 second quietNetwork.cap file with the book. I went through the layers of protocols on a couple of packets looking at how the structured view corresponds to the raw bytes view.

I went through the questions at the end of the exercise and they all seemed fairly straight forward.

http://cs.marlboro.edu/ courses/ spring2011/jims_tutorials/ sam/ journal-20-1-11
last modified Thursday January 27 2011 11:10 pm EST