The following information was obtained from a host computer using TCPDUMP: 00:05
ID: 656096 • Letter: T
Question
The following information was obtained from a host computer using TCPDUMP:
00:05:17.176507 74.125.228.54.1270 > 64.254.128.66.25: S 2688560409:2688560409(0) win 16384 <mss 146
0> (DF) (ttl 46, id 20964)
00:05:17.176700 64.254.128.66.25 > 74.125.228.54.1270: S 774583594:774583594(0) ack 2688560410 win 8760 <mss 1460> (DF) (ttl 64, id 35473)
00:05:17.302784 74.125.228.54.1270 > 64.254.128.66.25: . ack 1 win 17520 (DF) (ttl 46, id 21021) 00:05:17.906230
64.254.128.66.25 > 74.125.228.54.1270: P 1:93(92) ack 1win 8760 (DF) (ttl 64, id 35502)
00:05:18.021955 74.125.228.54.1270 > 64.254.128.66.25: P 1:29(28) ack 93 win 17520 (DF) (ttl 46, id 21354)
00:05:18.023785 64.254.128.66.25 > 74.125.228.54.1270: P 93:184(91) ack 29 win 8760 (DF) (ttl 64, id 35505)
00:05:18.140187 74.125.228.54.1270 > 64.254.128.66.25: P 29:67(38) ack 184 win 17520 (DF) (ttl 46, id 21464)
00:05:18.174986 64.254.128.66.25 > 74.125.228.54.1270: P 184:229(45) ack 67 win 8760 (DF) (ttl 64, id 35514)
00:05:18.289620 74.125.228.54.1270 > 64.254.128.66.25: P 67:99(32) ack 229 win 17520 (DF) (ttl 46, id 21594)
00:05:18.298831 64.254.128.66.25 > 74.125.228.54.1270: . ack 99 win 8760 (DF) (ttl 64, id 35523)
00:05:18.353209 64.254.128.66.25 > 74.125.228.54.1270: P 229:273(44) ack 99 win 8760 (DF) (ttl 64, id 35524)
00:05:18.469836 74.125.228.54.1270 > 64.254.128.66.25: P 99:105(6) ack 273 win 17520 (DF) (ttl 46, id 21661)
00:05:18.474644 64.254.128.66.25 > 74.125.228.54.1270: P 273:323(50) ack 105 win 8760 (DF) (ttl 64, id 35529)
00:05:18.607459 74.125.228.54.1270 > 64.254.128.66.25: P 105:1129(1024) ack 323 win 17520 (DF) (ttl 46, id 21704)
00:05:18.615449 74.125.228.54.1270 > 64.254.128.66.25: . 1129:258 9(1460) ack 323 win 17520 (DF) (ttl 46, id 21705)
00:05:18.695594 64.254.128.66.25 > 74.125.228.54.1270: . ack 2589 win 8760 (DF) (ttl 64, id 35538)
00:05:18.818813 74.125.228.54.1270 > 64.254.128.66.25: P 2589:3698(1109) ack 323 win 17520 (DF) (ttl 46,
id 21827)
00:05:18.834821 64.254.128.66.25 > 74.125.228.54.1270: P 323:367(44) ack 3698 win 8760 (DF) (ttl 64, id 35552)
00:05:18.979682 74.125.228.54.1270 > 64.254.128.66.25: P 3698:3704(6) ack 367 win 17520 (DF) (ttl 46, id 21900)
00:05:18.979877 74.125.228.54.1270 > 64.254.128.66.25: F 3704:3704(0) ack 367 win 17520 (DF) (ttl 46, id 21901)
00:05:18.979957 64.254.128.66.25 > 74.125.228.54.1270: . ack 3705 win 8754 (DF) (ttl 64, id 35571)
00:05:18.983169 64.254.128.66.25 > 74.125.228.54.1270: F 412:412(0) ack 3705 win 8760 (DF) (ttl 64, id 35574)
a. Describe what is occurring and how you know?
b. What type of data (application) is being communicated and how do you know?
c. Was the entire transaction completed?
d. Did this transaction use TCP, UDP or something else? How do you know?
Explanation / Answer
By default tcpdump produces one line of text per every packet it intercepts. Each line starts with a time stamp. It tells you very precise time when packet arrived.
Next comes protocol name. Unfortunately, tcpdump understands very limited number of protocols. It won
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.