THE UNIVERSITY OF DANANG – UNIVERSITY OF SCIENCE AND

TECHNOLOGY
FACULTY OF ADVANCED SCIENCE AND TECHNOLOGY
***

LABORATORY OF COMPUTER – COMMUNICATION

NETWORKING

INSTRUCTOR: TRẦN VĂN LÍC

NAME STUDENT: NGUYỄN THANH BÌNH
STUDENT ID: 12320003
CLASS: 20ECE

Danang, 11th April 2023

 WIRESHARK LAB: GETTING STARTED

Answer What to hand in.

1. List 3 different protocols that appear in the protocol column in the unfiltered
packet-listing window in step 7 above.
There are multiple protocols that appear in the protocol column in the unfiltered
packet-listing window such as QUIC, ICMPv6, TCP, …

2. How long did it take from when the HTTP GET message was sent until the
HTTP OK reply was received? (By default, the value of the Time column in the
packet listing window is the amount of time, in seconds, since Wireshark
tracing began. To display the Time field in time-of-day format, select the
Wireshark View pull down menu, then select Time Display Format, then select
Time-of-day.)
+ HTTP GET message sent at 10:32:07.396849
+ HTTP OK 0.337703 seconds when the HTTP GET message was sent until the
HTTP OK reply was received.
3. What is the Internet address of gaia.cs.umass.edu (also known as
wwwnet.cs.umass.edu)? What is the Internet address of your computer?
+ Internet address of the gaia.cs.umass.edu is 128.119.245.12
+ Internet address of my computer is 192.168.100.226

4. Print the two HTTP messages (GET and OK) referred to in question 2 above.
To do so, select Print from the Wireshark File command menu, and select the
“Selected Packet Only” and “Print as displayed” radial buttons, and then click
OK.
+ Two HTTP messages (GET and OK) had been exported as plain text.
 WIRESHARK LAB: HTTP

I. The Basic HTTP GET/response interaction.

1. Is your browser running HTTP version 1.0, 1.1, or 2? What version of HTTP
is the server running?

Both web browser and server running HTTP/1.1

2. What languages (if any) does your browser indicate that it can accept to the
server?

Languages accepted to the server by my browser are Vietnamese and English

3. What is the IP address of your computer? What is the IP address of the
gaia.cs.umass.edu server?

The IP address of my computer is 192.168.1.55

The IP address of gaia.cs.umass.edu server is 128.119.245.12

4. What is the status code returned from the server to your browser?
The status code returned from the server to my browser is 200 OK

5. When was the HTML file that you are retrieving last modified at the server?

The HTML file was last modified at the server on Monday, April 10, 2023,
05:59:01 GMT

6. How many bytes of content are being returned to your browser?

Have 128 bytes of content returned to my browser.

7. By inspecting the raw data in the packet content window, do you see any
headers within the data that are not displayed in the packet-listing window? If
so, name one.
No. The raw data appears to match up exactly with what is shown in the packet-
listing window.

II. The HTTP CONDITIONAL GET/response interaction.

8. Inspect the contents of the first HTTP GET request from your browser to the
server. Do you see an “IF-MODIFIED-SINCE” line in the HTTP GET?

I don’t see an “IF-MODIFIED-SINCE” line.

9. Inspect the contents of the server response. Did the server explicitly return
the contents of the file? How can you tell?
10. Now inspect the contents of the second HTTP GET request from your
browser to the server. Do you see an “IF-MODIFIED-SINCE:” line in the
HTTP GET6? If so, what information follows the “IF-MODIFIED-SINCE:”
header?

If-Modified-Since: Tue, 11 Apr 2023 05:59:01 GMT

11. What is the HTTP status code and phrase returned from the server in
response to this second HTTP GET? Did the server explicitly return the
contents of the file? Explain.
The HTTP status code and phrase returned from the server in response is 304
Not Modified.
III. Retrieving Long Documents
12. How many HTTP GET request messages did your browser send? Which
packet number in the trace contains the GET message for the Bill or Rights?
Browser send one HTTP GET request messages.

13. Which packet number in the trace contains the status code and phrase
associated with the response to the HTTP GET request? Packet number 151
14. What is the status code and phrase associated with the response to the HTTP
GET request?
The status code and phrase associated with the response to the HTTP GET
request is 200 OK.
15. How many data-containing TCP segments were needed to carry the single
HTTP response and the text of the Bill of Rights?

Have 4 TCP segments.

IV. HTML Documents with Embedded Objects
16. How many HTTP GET request messages did your browser send? To which
Internet addresses were these GET requests sent?

Browser send three request messages to two addresses is: 128.119.245.12,

178.79.137.164
17. Can you tell whether your browser downloaded the two images serially, or
whether they were downloaded from the two web sites in parallel? Explain

The images were downloaded serially because look at the time the get request
time for both of the image is different and the second image get requests were
sent after the first image were received so we can say that the requests and
response are done serially.
V. 5 HTTP Authentication
18. What is the server’s response (status code and phrase) in response to the
initial HTTP GET message from your browser?
HTTP/1.1 401 Authorization Required

19. When your browser sends the HTTP GET message for the second time,
what new field is included in the HTTP GET message?
Authorization
 WIRESHARK LAB: TCP
I. A first look at the captured trace.
1. What is the IP address and TCP port number used by the client computer
(source) that is transferring the alice.txt file to gaia.cs.umass.edu? To answer
this question, it’s probably easiest to select an HTTP message and explore the
details of the TCP packet used to carry this HTTP message, using the “details of
the selected packet header window” (refer to Figure 2 in the “Getting Started
with Wireshark” Lab if you’re uncertain about the Wireshark windows).

Client computer IP address: 128.119.245.12 TCP Port Number: 80

2. What is the IP address of gaia.cs.umass.edu? On what port number is it
sending and receiving TCP segments for this connection?
The IP address of gaia.cs.umass.edu: 128.119.245.12
Source port: 80
Destination port: 57360
3. What is the IP address and TCP port number used by your client computer
(source) to transfer the file to gaia.cs.umass.edu?
IP address: 192.168.1.55
TCP port number: 57360
II. TCP Basics
1. What is the sequence number of the TCP SYN segment that is used to initiate
the TCP connection between the client computer and gaia.cs.umass.edu? What
is it in the segment that identifies the segment as a SYN segment?
The sequence number of the TCP SYN segment is 1 since it is used to imitate
the TCP connection between the client computer and gaia.cs.umass.edu.

2. What is the sequence number of the SYNACK segment sent by

gaia.cs.umass.edu to the client computer in reply to the SYN? What is the value
of the Acknowledgement field in the SYNACK segment? How did
gaia.cs.umass.edu determine that value? What is it in the segment that identifies
the segment as a SYNACK segment?
The sequence number of the SYN_ACK segment sent by gaia.cs.umass.edu to
the client computer in reply to the SYN is 0. The value of the acknowledgment
field in the SYN_ACK segment is determined by the server gaia.cs.umass.edu.
The server adds 1 to the initial sequence number of the SYN segment from the
client computer. For this case, the initial sequence number of the SYN segment
from the client computer is 0, thus the value of the acknowledgment field in the
SYN_ACK segment is 1.

3. What is the sequence number of the TCP segment containing the HTTP
POST command? Note that to find the POST command, you’ll need to dig into
the packet content field at the bottom of the Wireshark window, looking for a
segment with a “POST” within its DATA field.
The sequence number of the TCP segment containing the HTTP Post command
is 1.
4. Consider the TCP segment containing the HTTP POST as the first segment in
the TCP connection. What are the sequence numbers of the first six segments in
the TCP connection (including the segment containing the HTTP POST)? At
what time was each segment sent? When was the ACK for each segment
received? Given the difference between when each TCP segment was sent, and
when its acknowledgement was received, what is the RTT value for each of the
six segments? What is the EstimatedRTT value (see Section 3.5.3, page 242 in
text) after the receipt of each ACK? Assume that the value of the EstimatedRTT
is equal to the measured RTT for the first segment, and then is computed using
the EstimatedRTT equation on page 242 for all subsequent segments.
The sequence number for segment 1 is 1.
5. What is the length of each of the first six TCP segments?
Length of the first TCP segment (containing the HTTP POST): 565 bytes
Length of each of the other five TCP segments: 1460 bytes

6. What is the minimum amount of available buffer space advertised at the

received for the entire trace? Does the lack of receiver buffer space ever throttle
the sender?
The minimum amount of buffer space (receiver window) advertised at
gaia.cs.umass.edu for the entire trace is 1460 bytes, which is shown in the first
acknowledgement from the server. This receiver window grows steadily until a
maximum receiver buffer size of 17520 bytes. The sender is never throttled due
to lacking receiver buffer space by inspecting this trace.
7. Are there any retransmitted segments in the trace file? What did you check
for (in the trace) in order to answer this question?
There are no retransmitted segments in the trace file. We can verify this by
checking the sequence numbers of the TCP segments in the trace file.

8. How much data does the receiver typically acknowledge in an ACK? Can
you identify cases where the receiver is ACKing every other received segment
(see Table 3.2 on page 250 in the text).
➔ 1460 Bytes

Can you identify cases where the receiver is ACKing every other received
segment (see Table 3.2 on page 250 in the text): No
9. What is the throughput (bytes transferred per unit time) for the TCP
connection? Explain how you calculated this value.
Here, First TCP segment is 1 bytes
And the last segment is 164091 bytes
So, Total data = 164091 – 1 = 164090 bytes
Transmission time for first segment = 0.026477 seconds
Transmission time for last segment = 5.455830 seconds
Difference = 5.455830 seconds - 0.026477 seconds = 5.429353seconds
Now the throughput is = 164090 / 5.429353= 30222.7539819 bytes/sec
 WIRESHARK LAB: UDP

1. Select one UDP packet from your trace. From this packet, determine how
many fields there are in the UDP header. (You shouldn’t look in the textbook!
Answer these questions directly from what you observe in the packet trace.)
Name these fields.
4 field

2. By consulting the displayed information in Wireshark’s packet content field

for this packet, determine the length (in bytes) of each of the UDP header fields.
The length of each of the UDP header fields is 2 bytes.
3. The value in the Length field is the length of what? (You can consult the text
for this answer). Verify your claim with your captured UDP packet.
8 bytes UDP packet header

4. What is the maximum number of bytes that can be included in a UDP

payload? (Hint: the answer to this question can be determined by your answer to
2. above)
Here, the largest possible source port number is (2^16-1) =65535
And the header bytes are 8 bytes. So, the maximum number of bytes that can be
included in UDP payload is = 65535-8=65527 bytes.

5. What is the largest possible source port number? (Hint: see the hint in 4.)
The largest possible source port number is (2^16-1)=65535

6. What is the protocol number for UDP? Give your answer in both
hexadecimal and decimal notation. To answer this question, you’ll need to look
into the Protocol field of the IP datagram containing this UDP segment (see
Figure 4.13 in the text, and the discussion of IP header fields).
Protocol number in decimal is 17.
Protocol number in hexadecimal is 11.
7. Examine a pair of UDP packets in which your host sends the first UDP
packet and the second UDP packet is a reply to this first UDP packet. (Hint: for
a second packet to be sent in response to a first packet, the sender of the first
packet should be the destination of the second packet). Describe the relationship
between the port numbers in the two packets.
The source port number from the source IP sends the request packet to the
destination IP’s destination port number. During the sending of a response, the
source IP that sent the request packet becomes the destination and it’s source
port becomes the destination port. The response sender’s IP and port number
turns to the source.
 WIRESHARK LAB: Ethernet and ARP

I. Capturing and analyzing Ethernet frames.

1. What is the 48-bit Ethernet address of your computer?
My 48-bit Ethernet address is 6e:17:8b:3a:ad:78

2. What is the 48-bit destination address in the Ethernet frame? Is this the
Ethernet address of gaia.cs.umass.edu? (Hint: the answer is no). What device
has this as its Ethernet address? [Note: this is an important question, and one
that students sometimes get wrong. Re-read pages 468-469 in the text and make
sure you understand the answer here.]
The 48-bit destination address in the Ethernet frame is ea:94:3b:d7:a4:1c.
This is not the Ethernet address of gaia.cs.umass.edu. It is the mac address for
my router or internet gateway address.
3. Give the hexadecimal value for the two-byte Frame type field. What upper
layer protocol does this correspond to?
Type: IPv4 (0x0800)
4. How many bytes from the very start of the Ethernet frame does the ASCII
“G” in “GET” appear in the Ethernet frame?
After 432 bits or 54 bytes the G in get appears.
5. What is the value of the Ethernet source address? Is this the address of your
computer, or of gaia.cs.umass.edu (Hint: the answer is no). What device has this
as its Ethernet address?
The Source address is ea:94:3b:d7:a4:1c. This address is the address of my
router/internet gateway address.

6. What is the destination address in the Ethernet frame? Is this the Ethernet
address of your computer?
The Destination address is 6e:17:8b:3a:ad:78. This is the Ethernet address of my
computer.
7. Give the hexadecimal value for the two-byte Frame type field. What upper
layer protocol does this correspond to?
The two-byte frame type field is 0x0800. The protocol corresponds to TCP.
9. How many Ethernet frames (each containing an IP datagram, each containing
a TCP segment) carry data that is part of the complete HTTP “OK 200 ...” reply
message?

II. The Address Resolution Protocol

10. Write down the contents of your computer’s ARP cache. What is the
meaning of each column value?
Internet Address: IP address
Physical Address: the MAC address
Type: The protocol type
12. What is the hexadecimal value of the source address in the Ethernet frame
containing the ARP request message sent out by your computer?
The hex value for the source address is c2:f7:7f:3a:61:5b.

13. What is the hexadecimal value of the destination addresses in the Ethernet
frame containing the ARP request message sent out by your computer? And
what device (if any) corresponds to that address (e.g,, client, server, router,
switch or otherwise...)?
The hex value for the destination address is d2:66:8c:7f:72:ca.
14. What is the hexadecimal value for the two-byte Ethernet Frame type field.
What upper layer protocol does this correspond to?
The hexadecimal value is Type: ARP (0x0806)

15. How many bytes from the very beginning of the Ethernet frame does the
ARP opcode field begin?
It is 20 bytes from the beginning.

16. What is the value of the opcode field within the ARP-payload part of the
Ethernet frame in which an ARP response is made?
The value of the opcode field within the ARP-payload of the request is request
(1).
17. Does the ARP request message contain the IP address of the sender? If the
answer is yes, what is that value?
Yes, the value of IP address of the sender is 192.168.126.100.

18. What is the IP address of the device whose corresponding Ethernet address
is being requested in the ARP request message sent by your computer?
The IP address is 192.168.126.111

19. What is the value of the opcode field within the ARP reply message
received by your computer?
The value of the opcode field within the ARP reply message received is reply
(2).
20. Finally (!), let’s look at the answer to the ARP request message! What is the
Ethernet address corresponding to the IP address that was specified in the ARP
request message sent by your computer (see question 18)?
The Ethernet address corresponding to the IP address is c2:f7:7f:3a:61:5b
21. We’ve looked at the ARP request message sent by your computer running
Wireshark, and the ARP reply message sent in response. But there are other
devices in this network that are also sending ARP request messages that you can
find in the trace. Why are there no ARP replies in your trace that are sent in
response to these other ARP request messages?
There is no reply in this trace because we are not at the machine that sent the
request. The ARP request is broadcast, but the ARP reply is sent back directly
to the sender’s Ethernet address.