Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Wireshark and TCP Description In this assignment, you\'ll examine pre-captured p

ID: 3812610 • Letter: W

Question


Wireshark and TCP

Description

In this assignment, you'll examine pre-captured packets with Wireshark. The purpose of the assignment is to see real protocols in action.

Installing Wireshark

Wireshark is already installed on the Linux partitions on the lab computers. You'd need to have administrative privileges in order to capture packets, but this isn't necessary for this assignment.

If you'd prefer, you may work on this assignment at home. Wireshark and instructions for installing it on your operating system of choice may be found on the Wireshark website.

To answer the questions, download the following packet capture file and open it in Wireshark.

Questions

1In which packet can you find an HTTP GET?

2What web page was visited?

3What browser was used?

4What version of HTTP was used?

5Was persistent or non-persistent HTTP used? How can you tell?

6In the client's request, what other information about the browser and client OS were sent to the web server?

7In the HTTP server's response, what information was sent about the server, e.g., what server software was used?

8If we look at the content of the HTTP data, (click on one of the early segments in a TCP session on then go Tools, then Follow TCP Stream), why is it that we can't read the content of the files? (Hint: what does the server header Content-encoding: gzip mean?

9In which packets do you see a TCP three-way handshake?

10What is ACK number sent by the server during the second leg of the three-way handshake?

Analyze elep hony WR Tool 8,968a01 69.31.31.194 172.16.1.131 971 HTTP/1. 1 200 0K 0418 9.243328 172.16.1.131 30.127. 197.140 TCP 5034 Sco Nin 8192 e MSS 1400 NS-250 SACK 560 9.397854 172.16.1.131 38.127.197.146 url http://spungebub S62 9.299941 39.122.19 172.16. TEP ACK1 S 1979 563 9.399944 69.31.31.194 172. 80 0303 IAC 2979 Ack-8219 Win 64240 56 9400224 69,31,31,19 172.16.1.13 TCP 80 8a -9293 Nir-6 240 eq- Ark- 566 9.424000 172.16.1.131 30.127.1 TCP Ack 1 Nin C4240 567 9.624745 38.127.197.146 172 838 HTTP/1.1 200 0K 9.72447 10.139 C26 172. 19 1121 G 574, 13.39040 38.127.197.146 172.16.1.13 0 80 0325 IAC See-a163 Ack-3046 Wi 575 13 01a 16.1.131 69.31.31, 19M 2610 GET 3aax erent 577 10 30.127.197.140 172. TCP 4 (TCP scgrent led PO 578 13.45 168 38.127.197.146 172.16.1.13 148 HTTP/1. 172.16.1.13 39.12 TEP 212 246 Ack-7185 581 13.452040 69.31.31.194 172. 80 0303 IAC 34175 Ack-11849 Nin 64243 Len 0 582 13,47 16.1.131 69.31.31.19 728x908 -LifL Dst: Vril 6:63 (02:0c: 29:7c:16:60 et Prof l Ve 69.31.31.194, D 72.16. 131 Ack: 6759, er 1318 pertext It text/html 00 0c 29 7c 16 c0 00 50 b be 00 45 P V 00 00 80 ae 8 91 fa fe 9d 96 48 54 4 50 2f 31 2e 31 20 32 HTTP/1.1 2 728x90& -Liftiun 728x90 1&plu; TOP LEADERBOARD HTTT/1. TOP LEADERBOARD HTTP/1.

Explanation / Answer

1) by using http.response.code==200 or http.request.method="GET" we can get that packet name

2) 172.16.1.131 is destination ip address that the user visted or other wise if you click on that black mark in above image you wil get an detailed information about that destination ip address and in that you will observe the website name that yu visited by using this ip address

3) if you click on that particular record you will get an an info about that particular below the search results ,in that there is an user-agent option ,that is the browser name

4)same as from the results or from the info at the end of the request there is http/(version) i.e is the version.

5)http/1.0 is non persistant connection.if you add connection:keep-alive.it will becomes the persistant conncetion other wise it be non persistant.

http/1.1 is a persistant connection .if u add conncetion:close this will becomes the non-persistant conncetion

Conclusion:depending on the hhttp version we will know weather it is an persistant conncetion or non-persistant

6)In the below results of a particular record ,user-agent,conncetion status,host name,accept,X-client data,referrer,accept-encoding these are passsed when ever the client requests a webserver

8) because of the accept-encoding option(gzip,deflate) ,we cant read the content of the files

10)6759 is the acck number sent during the second leg of the three-way handshake

Related Questions

Wire C and wire D are made from different materials and have length L_c = L_d =
Question #1495660
Wire I has a current of 12 A pointing to the right. Wire II is placed 1.5 m belo
Question #2092663
Wire I has a current of 12 A pointing to the right. Wire II is placed 1.5 m belo
Question #2092771
Wire a function in Matlab function [density] = myCalculateDensity( X ) a. INPUTS
Question #3697358
Wire has been tightly coiled on top of a sphere in such a way that coils are rig
Question #1836494
Wire is wound on a square frame, 30 cm by 30 cm, to form a coil of7 turns. The f
Question #1673096
Wire is wound on a square frame, 30 cm by 30cm, to form a coil of 7 tums. The fr
Question #1561121
Wire is wound on a square frame, 30 cm by 30cm, to form a coil of 7 tums. The fr
Question #1609705
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Wires manufactured for use in a computer system are specified to hve resistances
Next
Wireshark is arguably the most popular network-sniffing application, but it is b

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.