18L-0943 lab - highly helpful PDF

Preview

Summary

highly helpful...

Description

18L-0943 Afnan Ehtisham Lab 8 Lab Statement 1: Analyzing TCP Packets using Wireshark (10) Question 1: What is the IP address and TCP port number used by the client computer (source) that is transferring the file to gaia.cs.umass.edu? Source:

IP Address: 192.168.1.102 Source Port: 1161

Question 2: What is the IP address of gaia.cs.umass.edu? On what port number is it sending and receiving TCP segments for this connection? Source:

IP Address of gaia.cs.umass.edu: 128.119.245.12 Sending port number: 1161 Receiving Port number: 80

Question 3: What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu? What is in the segment that identifies the segment as a SYN segment? Sequence number: 0

(relative sequence number)

Sequence number (raw): 232129012 According to above figure, in the Flags section, the Syn flag is set to 1 which indicates that this segment is a SYN segment.

Question 4: What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN? What is the value of the Acknowledgement field in the SYNACK segment? What is it in the segment that identifies the segment as a SYNACK segment? Sequence number: 0

(relative sequence number)

Sequence number (raw): 883061785 The value of the acknowledgement field in the SYNACK segment is 1. The value of the ACKnowledgement field in the SYNACK segment is determined by the server gaia.cs.umass.edu. The server adds 1 to the initial sequence number of SYN segment form the client computer. For this case, the initial sequence number of SYN segment from the client computer is 0, thus the value of the ACKnowledgement field in the SYNACK segment is 1. A segment will be identified as a SYNACK segment if both SYN flag and Acknowledgement in the segment are set to 1

*Question 5: In packet 9, Ack = 2026 and Seq = 1. Explain these values? Ack =2026 determines that It has successfully read 2026 bytes of data

As for seq=1 It is the Ack number of the last connection which was Ack =1 in frame =5 In frame 5 if we add seq num and Len of the bytes we get 2026 which is the Ack number.

*Question 6: In packet 16, Ack = 7866 and Seq = 1. Explain these values? Ack =7866 determines that It has successfully read 7866bytes of data As for seq=1, It is the Ack number of the last connection which was Ack =1 in frame =11 In frame 11 if we add seq num and Len of the bytes we get 7866 which is the Ack number

Question 7: Why Wireshark uses relative sequence and ack?

Using relative sequence numbers is a usability enhancement, making the numbers easier to read and compare. In order to compare a dissection with data from a less advanced analyzer that can not handle relative sequence numbers it might be required to temporarily disable this feature in Wireshark. The ACK indicates that a host is acknowledging having received some data, and the PSH, ACK indicates the host is acknowledging receipt of some previous data and also transmitting some more data.

Lab Statement 2: Analyzing UDP Packets using Wireshark (5) Question 1: Select the first DNS packet in the trace. Determine, how many fields there are in the UDP header.

4 fields. Source Port: 3740 Destination Port: 53 Length: 52 Checksum: 0xc493 [unverified]

Question 2: From the packet content field (click on any header and observe the display in the Packet Bytes Window), determine the length (in bytes) of each of the UDP header fields. From the above Screen Shot. Source and destination ports takes 2 bytes each Length is also of 2 bytes

Checksum =2 bytes Total header length=2+2+2+2=8 bytes

Question 3: The value in the Length field is the length of what? Verify your claim using the selected packet. Using the above photo. The length of the header is 8 bytes and the data payload is 44 bytes which sums up to be 52

Question 4: What is the port number to query the DNS Server?

Port number is 53...