CSE 421 ID: 20301482

Transport Layer Protocols (TCP) Examination Lab

Objectives:
Capture traffic and observe the PDUS for TCP when a HTTP request is made.
.

Task 1: Observe TCP traffic exchange between a client and server.

Step 1 – Run the simulation and capture the traffic.

• Enter Simulation mode.

• Check that your Event List Filters shows only HTTP and TCP.
• Click on the PC1. Open the Web Browser from the Desktop.
• Enter www.bracu.ac.bd into the browser. Clicking on Go will initiate a web server
request. Minimize the Web Client configuration window.
• A TCP packet appears in the Event List, as we will only focus on TCP the DNS and
ARP packets are not shown.
• Click the Auto Capture / Play button to run the simulation and capture events.
• Sit tight and observe the packets flowing through the network.

• When the above message appears Click “View Previous Events".

• Click on PC1. The web browser displays a web page appears.

Step 2 – Examine the following captured traffic.

Our objective in this lab is only to observe TCP traffic.

Last Device At Device Type

1. PC1 Switch 0 TCP
2. Local Web Server Switch 1 TCP
3. PC1 Switch 0 HTTP
4. Local Web Server Switch 1 HTTP
5. PC1 (after HTTP response) Switch 0 TCP
6. Local Web Server Switch 1 TCP
7. PC1 Switch 0 TCP

• As before find the following packets given in the table above in the Event List, and click
on the colored square in the Info column.

• When you click on the Info square for a packet in the event list the PDU
Information window opens. If you click on these layers, the algorithm used by the
device (in this case, the PC) is displayed. View what is going on at each layer.
For packet 1::

Click onto “Inbound PDU details” tab. Scroll down and observe the TCP header.

A. What is this TCP segment created by PC1 for? How do you know what is it for?

Ans: This TCP segment was created by PC1 for synchronization which is the first step of
three way hand shake. For this the Sequence and Acknowledgement number is 0. Also in
synchronization we know the FLAG is- 0b00000010. So from the FLAG number we can
tell that it is for synchronization.
As the destination port is set to 80 so we can say it was for local web server.

B. What control flags are visible?

Ans: 0b00000010 control flags are visible

C. What are the sequence and acknowledgement numbers?

Ans: The sequence and acknowledgement numbers are Zero (0).

For packet 2:

Click onto “Inbound PDU details” tab. Scroll down and observe the TCP header.

A. Why is this TCP segment created by the Local Web Server?

Ans: This TCP segment was created by Local Web Server as an acknowledgment. This is
the second step of three way hand shake. This acknowledges that the connection can be
established.

B. What control flags are visible?

Ans: :0b00010010 control flags are visible.

C. Why is the acknowledgement number “ 1”?

Ans: The acknowledgement number “1” because it’s the second phase of 3-way
handshaking and the server acknowledges PC1. The server wants the client to send next
data which has sequence number 1.

For packet 3:

This HTTP PDU is actually the third packet of the “Three Way Handshake” process, along
with the HTTP request.

A. Explain why control flags ACK(Acknowledgement) and PSH (Push) are visible in the
TCP header?

Ans: As ACK flag is used for acknowledgement the flag has to be visible to be sure that

server has received the previous parts and PSH is visible as the data is out immediately
rather than waiting.

For packet 5:

After PC1 receives the HTTP response from the Local Web Server, it again sends a TCP
packet to the Local Web server why?

Ans: It again sends a TCP packet to the Local Web server to terminate the TCP connection.

Click onto “Inbound PDU details” tab. Scroll down and observe the TCP header.

A. What control flags are visible?

Ans: 0b00010001 control flags are visible

B. Why the sequence number is 104 and acknowledge number 254? Note this packet is
created after PC1 receives the HTTP response from the server.

Ans: The sequence number is used to establish a connection, while the acknowledgement
number informs us about the package that needs to be synchronized with the rest of the data.
We can see that packet length is 151 and the sequence number was 103. So now the
acknowledgement number will be (151+103) = 254.

For packet 6:

Click onto “Inbound PDU details” tab. Scroll down and observe the TCP header.

What is this packet sent from the webserver to PC1 for?

Ans: This packet was sent from the WEB server to PC1 to make sure if it really wants to
terminate the connection with web server.

What control flags are visible?

Ans: 0b00010001 control flags are visible

Why the sequence number is 254?

Ans: The sequence number is 254 because the client has sent the data till sequence number
253 already.