Scribd
Upload
109 views9 pages

Wireshark Lab-Analyzing TCP and DNS Protocols

Frame 41 shows the DNS query from the PC with IP 192.168.1.4 to the DNS server with IP 192.168.1.21 to resolve www.google.com to the IP address 172.217.168.78 of the Google web server. The three-way handshake is examined, showing the initial TCP request from the client with source port 60203, response from the server on port 80, and final acknowledgment from the client to complete the connection establishment.

Uploaded by

ervis ciku
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
109 views9 pages

Wireshark Lab-Analyzing TCP and DNS Protocols

Frame 41 shows the DNS query from the PC with IP 192.168.1.4 to the DNS server with IP 192.168.1.21 to resolve www.google.com to the IP address 172.217.168.78 of the Google web server. The three-way handshake is examined, showing the initial TCP request from the client with source port 60203, response from the server on port 80, and final acknowledgment from the client to complete the connection establishment.

Uploaded by

ervis ciku
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Student name and surname: Ervis Ciku

Wireshark Lab – Analyzing TCP and DNS protocols


1. Background / Scenario
In this lab, you will use Wireshark to capture and examine packets generated between the PC browser
using the HyperText Transfer Protocol (HTTP) and a web server, such as www.google.com

During this Lab you will see in details the DNS communication between your PC and Google server. Also
the three-way handshake connection establishment will be analyzed.

2. Required Resources
1. PC (Windows 7, 10 or Linux/Mac with a command prompt access, Internet access, and
Wireshark installed)

Part 1: Retrieve the PC interface addresses.


For this lab, you need to retrieve your PC’s IP address, DNS Servers  and PCs network interface card
(NIC) physical address, also called the MAC address.
a. Open a command prompt window, type ipconfig /all, and press Enter. (give below a screenshot
of the command prompt window)
b. Write down the IP and MAC addresses associated with the selected Ethernet adapter. That is the
source address to look for when examining captured packets.
The PC host IP address: 192.168.1.4
DNS Servers: 79.106.121.21
The PC host MAC address: D4-3D-7E-93-40-A5

Part 2: Capture the data using Wireshark analyzer.


 Open Wireshark, click the Start button to start the data capture.
 Open your browser (clear cache before starting the capture of packets)
 Navigate to www.google.com. 
 Minimize the browser and return to Wireshark. Stop the data capture.
The capture window is now active. Locate the Source, Destination, and Protocol columns.
Locate appropriate packets for the web session
The PC must have the IP address of the web server before it can send the first packet. Using DNS query
process (Name Resolution Request) the host can find the corresponding server IP address for the
address typed (in our ex. Google.com)
Filter the packets captured using dns keyword, to view the DNS query between your PC and DNS Server.
(give below a screenshot after applying filter)
a. Which frame shows the DNS query from the PC to the DNS server  which is attempting to
resolve the domain name www.google.com to the IP address of the web server ?

Frame 41 shows the DNS query from the PC to the DNS server, which is attempting to resolve the domain name www.google.com
to the IP address of the web server.

             
b. What is the IP address of the DNS server that the computer queried?
IP address 192.168.1.4
c. What is the IP address of the Google web server (response from DNS Server)?
IP address 172.217.168.78
Part 3: Analyze Three – Way Handshake. Examine the information within packets including IP
addresses, TCP port numbers
 Use the Wireshark filter tool. Type tcp in the filter entry area within Wireshark and press Enter.
Select the frame where the Three – Way Handshake process starts(usually after DNS query
frame)
 Give below a screenshot of the frames participating in the Three – Way Handshake process:
In the packet list pane (top section of the main window), select the frame. This highlights the line and
displays the decoded information from that packet in the two lower panes. Examine the TCP
information in the packet details pane (middle section of the main window).
Click the + icon to the left of the Transmission Control Protocol in the packet details pane to expand the
view of the TCP information.

I. What is the TCP source port number?


Source Port nr 60203 
II. How would you classify the source port?
Random
III. What is the TCP destination port number?
80
IV. How would you classify the destination port?
Well-known (HTTP or Web protocol)
V. What is the relative sequence number set to?
0
VI. What is the value of window size ?

64240
Give below a screenshot of frame details

To select the next frame in the three-way handshake, select Go on the Wireshark menu and select Next
Packet in Conversation. This is the Google web server reply to the initial request to start a session.

I. What are the values of the source and destination ports?


Source Port is now 80, and Destination Port is now 60203

II. What are the relative sequence and acknowledgement numbers set to?
The relative sequence number is 0, and the relative acknowledgment number is 1.

Give below  a screenshot of frame details


Finally, examine the third packet of the three-way handshake in the example.

I. What are the values of the source and destination ports? _


Source Port is now 60203 , and Destination Port is now 80

II. What are the relative sequence and acknowledgement numbers set to?

              The relative sequence number is 1, and the relative acknowledgment number is 1.

Give below a screenshot of frame details

You might also like