------------------------------
tshark Exercises
------------------------------

The goal of this exercise is to introduce the idea of 
network traffic analysis and protocol decoding.  You should
be able to specifiy protocols and ports for traffic to observe.

------------------------------

1. Install nmap 

	% sudo pkg_add -r tshark

(If this doesn't work, try:)

	% sudo -s
	# cd /usr/ports/net/tshark
	# make install clean

2. NOTE: Remain as root in order to get access to the interface.

3. Open another window on your workstation where you can issue
   commands that will cause your machine to generate traffic.

4. Use the -D option to list the interfaces:

	# tshark -D

5. Use tshark to sniff DNS traffic:

	# tshark port 53

   In another window, issue an "nslookup" or "dig" command
   to resolve a DNS hostname.

   Did you see the traffic?
   What are the source hosts?  Source ports?
   What are the destination hosts? Destination ports?

*PRESS CTRL-C to kill the session*

6. Use tshark to sniff MAIL traffic:

   This time, let's decode the traffic.

	# tshark -V port 25

   In another window, send a mail message from your machine.
   Did you see the traffic?

7. Use tshark to sniff HTTP traffic.

	# tshark -V port ???
	(What port should you use here?)
  
   Run a browser on your laptop.
   Visit the web-server on your workstation.

   Did you see the traffic?

---