HTTP

Open the "http-wireshark-trace.pcapng" file and select the first HTTP get message from the trace Hint:
To limit yourself to http packets, enter the string http in the filter field and then apply the filter

1. What is the IP address of the client computer (source) which generated the HTTP request?

Client Source ip : 145.254.160.237

2. What is the IP address of the server(destination) that will handle this request?

Detination ip :65.208.228.223

3. What languages (if any) does your browser indicate that it can accept to the server?

- Open hypertext transfer protocol

- Look at accepted languages
- Accept-Language: en-us,en;q=0.5\r\n
4. Identify the version of HTTP used by the client's browser and the version used by the web server.

- Open request packet and look at hypertext transfer protocol – http version is 1.1

-
- Open response packet and look at hypertext transfer protocol – http version is 1.1
-
- both the client and server are using HTTP version 1.1

- TCP

Open the " tcp-wireshark-trace " file and select the first TCP get message from the trace. Hint:
To answer this question, it’s probably easiest to select an HTTP message and explore the details
of the TCP packet used to carry this HTTP message, using the “details of the selected packet
header window”
1. What is the IP address and TCP port number used by the client computer (source)?

• Source IP: 192.168.86.68

• Source Port: 55639

2. What is the IP address of gaia.cs.umass.edu? On what port number is it sending and receiving
TCP segments for this connection?
- IP address of gaia.cs.umass.edu: 128.119.245.12

- Port number: 80 (sending and receiving TCP segments for this connection)

3.What is the sequence number of the TCP SYN segment that is used to initiate the TCP
connection between the client computer and gaia.cs.umass.edu?

Packet 1: 192.168.86.68 → 128.119.245.12 TCP [SYN] Seq=0

so Sequence Number: 0

4.What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client
computer in reply to the SYN? What is it in the segment that identifies the segment as a SYNACK
segment? What is the value of the Acknowledgement field in the SYNACK segment? How did
gaia.cs.umass.edu determine that value?

1. In the SYNACK segment (packet 2):

• The sequence number is 0

2. We can identify it's a SYNACK because:
a. It has both the SYN and ACK flags set ([SYN, ACK] in the Info column)
b. It's coming from the server (128.119.245.12) to the client (192.168.86.68)
c. It's in response to the initial SYN

3. In the SYNACK segment (packet 2):

o Acknowledgement field value: 1
 4. How it was determined:

• The server (gaia.cs.umass.edu) incremented the client's initial sequence number (0) by 1

• This is standard TCP connection establishment protocol

• Acknowledges the client's initial SYN segment by setting the acknowledgement number to the
next expected sequence number

UDP

Open the " udp-wireshark-trace" file and select the first DNS query packet from the trace. Hint:
To limit yourself to DNS packets, enter the string DNS in the filter field and then apply the filter.

1. What is the packet number of this segment in the trace file?

a. The first DNS query packet in the trace file is Packet 1
2. What is the source port number for the query? What is the destination port number for the
response?
a. Source port: 4372
b. Destination port : 53

3. By consulting the displayed information in Wireshark's packet content field for this packet,
determine the length in bytes of each of the UDP header fields.
 a. The UDP header consists of 4 fields, each of 2 bytes (8 bits):

Source Port 2

Destination Port 2

Length 2

Checksum 2

Total 8 bytes

4. What type of application-layer payload or protocol message is being carried in this UDP
segment?

A. The UDP segment carries a DNS query message, as indicated by the destination port 53,
which is commonly used for DNS requests. The 43-byte payload likely contains a DNS
request seeking the resolution of a domain name to an IP address.

5. Look at the details of this packet in Wireshark. How many fields are there in the UDP header?
What are the names of these fields?

4 fields. The names of these fields are:

1. Source Port: The port number of the sending application.

2. Destination Port: The port number of the receiving application.

3. Length: The length of the entire UDP packet, including the header and the payload.

4. Checksum: Used for error-checking the header and payload data.S