:!: IMPORTANT!!! :!:

The Thunderbird on the virtual machines is so old that the OpenPGP addon, enigmail does not work anymore. The solution to this is to upgrade the Thunderbird on the virtual machines:

Check the version with:

apt-cache policy thunderbird

If the major version shown for Thunderbird is not 17:

Installed: 17.0.5+build1-0ubuntu0.10.04.1

Update Thunderbird:

sudo apt-get update thunderbird

Laboratory work 1: Network monitoring (14p)

In this laboratory work you will monitor network traffic by using wireshark (http://www.wireshark.org/) program.

Your task is to monitor

  1. Http and Https connections
  2. Email traffic

You may conduct your work at the Laboratory room 6218. The machines at the class contain two VMWARE Ubuntu images that you can find on folders /opt/VMWARE/Server Ubuntu/ and /opt/VMWARE/Wireshark Ubuntu/). Server Ubuntu contains web and email servers while wireshark ubuntu contains the wireshark application.

Http ja https (7p)

Start the Server Ubuntu virtual machine that has Apache pre installed. Check the IP address of the server and start the Wireshark Ubuntu virtual machine.

The server has a password-protected section at server.ip.address/private that accepts credentials test/test.

Try both HTTP and HTTPS connections to the server from the Wireshark Ubuntu, capture the traffic of both attempts (1p/protocol). Figure out the username and password from both packet captures (1p/protocol).

Analyze the captured data even further – what can you note from the packets, especially from the HTTPS connection captures? (3p)

Email (7p)

The Server Ubuntu virtual machine has also a SMTP server installed and Wireshark Ubuntu has user account set in Thunderbird. You'll have to change the IP address of the email server from the settings.

Send a email from the Wireshark Ubuntu to


Use your student number as message subject, the content is your full name and capture the traffic with wireshark (1p). Analyze the captured data – what can be noted from it? (2p)

After this, create GPG keys (gpg manual) for both sender and receiver (1p) and send the same message as before and again, capture (1p) and analyze (2p) the data. What can you tell about the captured packets now?

Last modified: 2014/03/19 19:48