Wireshark & Packet Tracer Report

ASSESSMENT 2— Fundamentals of Networks & Security (Level 4)

Student Name: Ivaylo Valeriev Tsvetkov

Student ID: 100785312

Date: 26/11/2025

Part A: 50%

Task 1: Network Topology Design (10 Marks)

This image shows a classic Cisco Packet Tracer network topology. It represents a Wide Area Network

(WAN) connecng three disnct Local Area Networks (LANs). The topology is divided into three

idencal sites connected linearly: There are 6 PCs which represent the network hosts, three Cisco

2960-24TT switches which act as the central connecon point of each LAN, and three Cisco 1941

routers, which route the trac between dierent networks.

Figure 1 Network Topology Design

Task 2: IP Addressing and Subneng Plan (10 Marks)

These gures show a Network Addressing and Subneng Plan. It’s a blueprint for how small network

is organized into three separate subnets and how they connect to each other. The network is split into

three local district Local Area Networks (LANs). Each has two PCs and one Router interface acng as

the Default Gateway. The routers have two jobs: talking to the local PCs (via Fast Ethernet) and talking

to other routers (via Serial connecons).

Figure 2 IP Addressing Table

Figure 3 IP Addressing Table Router

Task 3: Router Conguraon (10 Marks)

Router interface conguraon establishes the gateway that allows your LAN to communicate with the

rest of the network. You assign the router a logical identy on the network (e.g., 192.168.10.1). This IP

address must be entered as the Default Gateway on PC0 and PC1 so they know where to send trac

desned for other networks.

Router security sengs protect the router’s management plane, ensuring that only authorized

administrators can change the network conguraon.

Figure 4 Router 0 Conguration

Figure 5 Router 1 Conguration

Figure 6 Router 2 Conguration

Task 4: Roung Protocols (10 Marks)

In the 3-router setup, each router needs to be told which “Directly connected" networks it should

share with its neighbours. Roung Informaon Protocol (RIP) is a dynamic roung protocol used in

local area networks to help routers exchange roung informaon. Once all three routers (router0,

router1, and router2) are congured, they exchange informaon.

Figure 7 PC0 Conguration

Figure 8 PC1 Conguration

Figure 9 PC3 Conguration

Figure 10 PC3 Conguration

Figure 11 PC4 Conguration

Figure 12 PC6 Conguration

Task 5: VLAN Conguraon and Inter-VLAN Roung (10 Marks)

This image shows a standard Cisco Packet Tracer network topology representing two interconnected

Local Area Networks (LANs) joined by a Wide Area Network (WAN) link. Think of it as two separate

office branches (Branch A and Branch B) that need to communicate with one another. The topology is

built using three primary layers of hardware: End Devices (PCs 1-4) these represent users, Access

Layer (Switches SW1 & SW2) these acts as central hubs and allow multiple PCs to connect to a single

router, and Core Layer (Routers R1 & R2) they decide how to send data from one local network to the

other.

Figure 13 VLAN Conguration

Part B: 50%

Task 1: Packet Capture & Protocol Analysis (10 Marks)

DNS lter is a display lter that isolates DNS packets from all other network trac (HTTP, TCT, SSL, etc).

Its purpose is to analyse DNS trac specically without the noise of other protocols. DNS ltering helps

you to see what devices are trying to look up, whether they succeed, and how long it takes, which is

crical for troubleshoong issues.

Figure 14 DNS Filter

TCP lters are essenal for isolang and troubleshoong connecon-oriented trac like web browsing

(HTTP/HTTPS), email (SMTP,IMAP), and le transfers (FTP). TCP ltering isolates TCP trac for analysing

reliable, connecon-oriented communicaon between devices.

Figure 15 TCP Filter

HTTP refers to how web trac appears when captured and analysed using Wireshark network protocol

analyser tool. Modern web mostly uses HTTPS – you will need decrypon setup to see HTTP content in

those cases. HTTP ltering isolates HTP trac to analyse web communicaons, website loading and web

applicaon behaviour.

Figure 16 HTTP Filter

Task 2: Detecng Malicious Trac (10 Marks)

SYN ood is detecng malicious trac (problemac trac). It is a massive wave of TCP SYN Packets from

fake/spoofed IP addresses, overwhelming a target server’s connecon capacity. A SYN ood is an aack

where an aacker sends numerous SYN packets but never competes TCP handshake.

Figure 17 SYN ood

APR Spoong is fake idencaon (address resoluon protocol). This is when you see device on a

network lying about its MAC address to intercept trac meant for another device. APR Spoong is an

aack, where an aacker sends fake APR messages to link their MAC addresses with a legimate IP

address, intercepng trac.

Figure 18 APR Spoong

Task 3: Encrypon Demonstraon (10 Marks)

HTTP trac in Wireshark is the raw, unedited conversaon between your browser and websites

captured directly from your network connecon. HTTP trac is everything send between your browser

and websites before encrypon became started.

Figure 19 HTTP Traic

HTTPS trac in Wireshark is encrypted web trac that looks like a random data unless you have the

decrypon key. HTTPS is an encrypted tunnel – you see the entry/exit points and tunnel construcon,

but not what’s traveling inside unless you have the keys.

Figure 20 HTTPS Traic

Task 4: Trac Filtering (10 Marks)

An IP lter in Wireshark is a search command that shows only packets involving specic IP addresses,

hiding all other network trac. IP ltering allows you to isolate trac to/from specic IP addresses and

ranges.

Figure 21 IP lter

A port lter in Wireshark is a search command that shows only packets involving specic network ports

(like HTTP port 80, HTTPS port 443, etc.) hiding all other trac. Port ltering isolates trac by port

numbers to analyse specic applicaons/services.

Figure 22 Port lter

Port ltering in Wireshark is using display lters to isolate trac based on TCP/UDP port numbers,

allowing you to focus on specic applicaons or services. Port ltering lets you focus on trac to/from

specic network ports, which is crucial troubleshoong applicaon specic issues.

Figure 23 Port Filtering

Task 5: Performance Monitoring (10 Marks)

The RTT (Round-Trip Time) graph is Wireshark is a visual chart showing how long it takes for data packets

to travel to desnaon and back to your computer. The RTT graph is one of the most powerful analysis

tool for understanding network performance.

Figure 24 Round-Trip Time graph

Packet loss and retransmission in Wireshark is when you see duplicate packets being sent, because the

original packets got lost or arrived damaged in transit. Some of the network packets are failing to reach

their desnaon.

Figure 25 Packet loss and retransmission

The I/O graph in Wireshark is real-me or historical visualizaon of network trac throughput, showing

data ow rates over me. It is a “network trac speedometer” that shows how much data is owing

through your network interface over me.

Figure 26 I/O graph

A Flow graph in Wireshark is a visual diagram showing the conversaon ow between network devices,

mapping out the sequence and direcon of packets in a connecon. A “conversaon map” that shows

who talked to whom, in what order, and what they said (at the packet level).

Figure 27 Flow Chart