Wireshark Lab-Analyzing TCP and DNS Protocols
Wireshark Lab-Analyzing TCP and DNS Protocols
During this Lab you will see in details the DNS communication between your PC and Google server. Also
the three-way handshake connection establishment will be analyzed.
2. Required Resources
1. PC (Windows 7, 10 or Linux/Mac with a command prompt access, Internet access, and
Wireshark installed)
Frame 41 shows the DNS query from the PC to the DNS server, which is attempting to resolve the domain name www.google.com
to the IP address of the web server.
b. What is the IP address of the DNS server that the computer queried?
IP address 192.168.1.4
c. What is the IP address of the Google web server (response from DNS Server)?
IP address 172.217.168.78
Part 3: Analyze Three – Way Handshake. Examine the information within packets including IP
addresses, TCP port numbers
Use the Wireshark filter tool. Type tcp in the filter entry area within Wireshark and press Enter.
Select the frame where the Three – Way Handshake process starts(usually after DNS query
frame)
Give below a screenshot of the frames participating in the Three – Way Handshake process:
In the packet list pane (top section of the main window), select the frame. This highlights the line and
displays the decoded information from that packet in the two lower panes. Examine the TCP
information in the packet details pane (middle section of the main window).
Click the + icon to the left of the Transmission Control Protocol in the packet details pane to expand the
view of the TCP information.
64240
Give below a screenshot of frame details
To select the next frame in the three-way handshake, select Go on the Wireshark menu and select Next
Packet in Conversation. This is the Google web server reply to the initial request to start a session.
II. What are the relative sequence and acknowledgement numbers set to?
The relative sequence number is 0, and the relative acknowledgment number is 1.
II. What are the relative sequence and acknowledgement numbers set to?