(DIGITAL ASSIGNMENT-5)

WIRESHARK TASK 2 – TCP

CSE3501 (INFORMATION SECURITY ANALYSIS AND AUDIT)

OCTOBER 28, 2022

RAJARSHI SAHA
20BCT0163
 RAJARSHI SAHA
(DIGITAL ASSIGNMENT-5)

1. Capturing a bulk TCP transfer from your computer

to a remote server
TASKS:

OUTPUT SCREENSHOT:

1
 RAJARSHI SAHA
(DIGITAL ASSIGNMENT-5)

2. A first look at the captured trace

TASKS:

OUTPUT SCREENSHOT:

2
 RAJARSHI SAHA
(DIGITAL ASSIGNMENT-5)

ANSWER:
1. The client computer (source)’s IP address is 10.30.155.67 and the TPC port
number is 50028.

3
 RAJARSHI SAHA
(DIGITAL ASSIGNMENT-5)

2. The IP address of gaia.cs.umass.edu is 128.119.245.12 and the TCP port number is 80.

ANSWER:
3. My client computer’s IP address is 10.30.155.67 and the TCP port is 50028.

4
 RAJARSHI SAHA
(DIGITAL ASSIGNMENT-5)

3. TCP Basics

5
 RAJARSHI SAHA
(DIGITAL ASSIGNMENT-5)

6
 RAJARSHI SAHA
(DIGITAL ASSIGNMENT-5)

ANSWER:
4. The sequence number of the TCP SYN segment is 0 since it is used to imitate the
TCP connection between the client computer and gaia.cs.umass.edu.
tcp.seq = 0
tcp.seq_raw = 715120233
In the Flags section, the Syn flag is set to 1 which indicates that this segment is a
SYN segment.

5. According to the above figure, the sequence number of the SYNACK segment
sent by gaia.cs.umass.edu to the client computer in reply to the SYN is 0. The
value of the acknowledgement field in the SYNACK segment is 1. The value of the
ACK field in the SYNACK segment is determined by the server gaia.cs.umass.edu.
The server adds 1 to the initial sequence number of SYN segment form the client
computer. For this case, the initial sequence number of SYN segment from the
client computer is 0, thus the value of the ACK field in the SYNACK segment is 1.
A segment will be identified as a SYNACK segment if both SYN flag and
Acknowledgement in the segment are set to 1.

7
 RAJARSHI SAHA
(DIGITAL ASSIGNMENT-5)

6. The packet No.897 contains the HTTP POST command, the sequence number of
this segment is 1.

8
 RAJARSHI SAHA
(DIGITAL ASSIGNMENT-5)

7. The segments 1‐6 are No. 897-902.

The ACK of segments 1‐6 are No.911 and 914-918.

9
 RAJARSHI SAHA
(DIGITAL ASSIGNMENT-5)

RTT GRAPH

8. The length of segment 1 is 714 + 66(ACK) = 780 and that of the other segments is
1448 + 66(ACK) = 1514

10
 RAJARSHI SAHA
(DIGITAL ASSIGNMENT-5)

9. The minimum amount of available buffer space advertised at the received for the
entire trace is indicated in the first ACK from the server, its value is 28960 bytes

10. There is no retransmitted segments in the trace file since in the time sequence
graph (stevens) all sequence numbers are monotonically increasing.

11
 RAJARSHI SAHA
(DIGITAL ASSIGNMENT-5)

11. The difference between the acknowledged sequence numbers of two consecutive
ACKs indicates the data received by the server between these two ACKs.
The receiver is ACKing every other segment. For example, segment of No. 915
acknowledged data with 2896 bytes. (1448 x 2)

12. The alice.txt on the hard drive is 152,138 bytes, and the download time is
1.578736000 (First TCP segment) ‐ 0.271257000 (last ACK) = 1.307479 second.
Therefore, the throughput for the TCP connection is computed as
152,138/1.307479=116359.803867 bytes/second.

12
 RAJARSHI SAHA
(DIGITAL ASSIGNMENT-5)

4. TCP congestion control in action

TASKS:

ANSWER:
13. The slow start of the TCP seems to begin at about 0.27 seconds and then ends at
about 0.35 seconds. Congestion avoidance takes over at about 0.7 seconds
because it cut down the amount being sent.

13