CCN Assignment 4 based on TCP and UDP Implemented in Wireshark PDF

Preview

Summary

CCN Assignment 4 based on TCP and UDP Implemented in Wireshark...

Description

DAT ACOMMUNI CATI ONANDCOMPUTERNETWORKS ASSI GNMENT#4

QURAT ULAI NSAJ I D( F A1 7 BCS0 7 5 )

SI RHUSSAI NKHALI D

DEPARTMENTOFCOMPUTERSCI ENCE COMSATSUNI VERSI TYI SLAMABAD, VEHARI CAMPUS. 2 0 2 0

Activity 1: Lets see how in real world tcp works? Open web browser go to the link http://gaia.cs.umass.edu/wireshark-labs/alice.txt Save the file. Go to the link. http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark-file1.html. Select the saved file with browse button. Start packet tracer. Now click on the upload file button. Now stop packet tracer. Type ip.addr == 128.119.245.12 in the filter it will enable you to select only those packets which are being sent to the gaia.cs.umass.edu server.

Figure 1 TCP Packets Captured

Part 1: What is the IP address and TCP port number used by the client computer (source) that is transferring the file to gaia.cs.umass.edu?

Answer:

The client IP address is 192.168.10.6, TCP port number is 59014

Part 2: What is the IP address of gaia.cs.umass.edu? On what port number is it sending and receiving TCP segments for this connection?

Answer: gaia.cs.umass.edu IP address is 128.119.245.12, port number is 80

Question no. 1: Answer the following questions for the TCP segments:

Part 1: What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu? What is it in the segment that identifies the segment as a SYN segment?

Answer:

The sequence number of the TCP SYN segment is 0 since it is used to imitate the TCP connection between the client computer and gaia.cs.umass.edu. According to the screenshot below, in the Flags section, the SYN flag is set to 1 which indicates that this segment is a SYN segment.

Part 2: What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN? What is the value of the Acknowledgement field in the SYNACK segment? How did gaia.cs.umass.edu determine that value? What is it in the segment that identifies the segment as a SYNACK segment?

Answer: The sequence number of the SYN_ACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN is 0. The value of the acknowledgement field in the SYN_ACK segment is determined by the server gaia.cs.umass.edu. The server adds 1 to the initial sequence number of the SYN segment from the client computer. For this case, the initial sequence number of the SYN segment from the client computer is 0, thus the value of the acknowledgement field in the SYN_ACK segment is 1. A segment will be identified as a SYN_ACK segment if both SYN flag and Acknowledgement flag in the segment are set to 1.

Part 3: What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command, you’ll need to dig into the packet content field at the bottom of the Wireshark window, looking for a segment with a “POST” within its DATA field. Answer: Sequence Number is 151650.

Part 4: Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. What are the sequence numbers of the first six segments in the TCP connection (including the segment containing the HTTP POST)? Answer: Packets

1

2

3

4

5

6

Seq No.

1

710

2162

3614

5066

(http post) 151650

Activity 2: Lets see how UDP work in real life. You just need to capture packets by browsing any site that you wish to browse. If start my WIRESHARK and go to the YOUTUBE so we can easily capture UDP packets. No specific site is necessary to capture UDP packets. Remember from DNS lab that DNS for their request and response messages uses UDP. Open your WIRESHARK start packet capturing and go to a site and stop packet tracer and use WIRESHARK filter by typing “UDP” and you will see UDP packets.

Question no. 2: Part 1: Select one UDP packet from your trace. From this packet, determine how many fields there are in the UDP header. (You shouldn’t look in the textbook! Answer these questions directly from what you observe in the packet trace.) Name these fields.

Answer: UDP header contains 4 fields: 1. source port; 2. destination port; 3. length; 4. checksum

Part 2: By consulting the displayed information in Wireshark’s packet content field for this packet, determine the length (in bytes) of each of the UDP header fields.

Answer: The UDP header has a fixed length of 8 bytes. Each of these 4 header fields is 2 bytes long.

Part 3: The value in the Length field is the length of what? (You can consult the text for this answer). Verify your claim with your captured UDP packet.

Answer: The value in the length field is the sum of the 8 header bytes, plus the 33 encapsulated data bytes.

Part 4: What is the maximum number of bytes that can be included in a UDP payload? (Hint: the answer to this question can be determined by your answer to 2. above)

Answer: The maximum number of bytes that can be included in a UDP payload is (2^16 – 1) bytes plus the header bytes. This gives 65535 bytes – 8 bytes = 65527 bytes.

Part 5: What is the largest possible source port number? (Hint: see the hint in 4.)

Answer: The largest possible source port number is (2^16 – 1) = 65535.

Part 6: What is the protocol number for UDP? Give your answer in both hexadecimal and decimal notation. To answer this question, you’ll need to look into the Protocol field of the IP datagram containing this UDP segment.

Answer: The IP protocol number for UDP is 0x11 hex, which is 17 in decimal value....