Below are the instructions for the seminar. Please note that you need to complete both the seminars, the written examinations and peer review reports to pass the course.

Seminar 1

These are the instructions for the first seminar. Before the seminar you will work with Wireshark to analyse a number of files containing captured network traffic. At the seminar you will discuss your findings.

Analysing the capture files

The files you will work with can be found in this ZIP archive. Each file contains some communication to be analysed.

For each file, try to answer the following questions:

1. What protocols are used in the communication?
2. At what layer of the OSI (or TCP/IP) model do they operate?
3. What RFC(s) (if any) will help us learn more about this protocol?
4. What is the purpose of the protocol?
5. Who are the communicating parties at each layer (focus on addresses)?
6. How are they related to one another?

As for a more in-depth analysis of each file, use Wireshark functions to answer the following questions:

1. How many packets were exchanged?
2. How much data was sent?
3. What was the average packet size?
4. How much data did each communicating party send?
5. Can we see/reconstruct the communication to gain any knowledge about its content/data?

Hint: You will find useful functions in the menus under "Analyse" and "Statistics". For more information about Wireshark you can try the user guide or look around at the web site, wireshark.org, where you also can download Wireshark.

Presenting the findings at the seminar

At the seminar we will discuss your findings from the analysis above. Since there are eight files and maximum six members to each seminar group, some files will probably be left out - but you cannot tell which before hand so you should be able to answer the questions above for each of the eight files. Remember that a constructive contribution to the discussion is more important than "being right".

A few pointers:

• Make your voice heard - participation is mandatory and participation means contributing to the discussion.
• Listen to what the other participants say, think about it and then deliver your reaction.
• When one questions seems answered, try to find a "natural" way into the next questions.
• If you are a person who usually talks a lot, please be observant and try to figure out who is not talking - invite that person into the conversation (that is a positive contribution to the discussion on your part).
• If you are a person who usually is quiet and do not talk, see the first point above.