0% found this document useful (0 votes)
10 views15 pages

Wireshark

The document outlines a series of assignments related to TCP networking, detailing steps to analyze TCP packets using Wireshark. It includes instructions for identifying TCP port numbers, sequence numbers, and analyzing HTTP POST commands, as well as calculating throughput and download times. Additionally, it discusses the behavior of ACK segments and provides insights into TCP's slow start mechanism.

Uploaded by

Tooba Liaquat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
10 views15 pages

Wireshark

The document outlines a series of assignments related to TCP networking, detailing steps to analyze TCP packets using Wireshark. It includes instructions for identifying TCP port numbers, sequence numbers, and analyzing HTTP POST commands, as well as calculating throughput and download times. Additionally, it discusses the behavior of ACK segments and provides insights into TCP's slow start mechanism.

Uploaded by

Tooba Liaquat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 15

ASSIGNMENT

IT Networking and Communication


ICT504

Student Name Huraira Bin Tahir


Student ID 59566
Tutorial 1: TCP
Starting Question:
Follow the following steps for finding the TCP port number:
 Open the already captured packet file in wireshark.
 Filter the TCP packets.
 In the packet list Identify an HTTP message. Find an HTTP POST message as it shows the data
transfer from the client to the server.
 Note down the desired values.

According to given below figure, the IP-address is “(192.,168.1.102)” and its Transmission Control
Protocol port is “1161”.

Question 1:
Follow the following steps for finding the TCP port number:
 Open the already captured packet file in wireshark.
 Filter the TCP packets.
 Identify any TCP-segment sent by server in packet list. Check the destination IP address to
identify, which should match to the server.
 Select the Transmission Control Protocol segment sent by server.
 Note down the IP-address of server, along with source and destination port numbers.

According to given below figure, the IP-address of server is “(128.119.245,12)” and the
Transmission Control Protocol port is “80”.

Question 2:

To find the sequence of the Transmission Control Protocol follow these steps:
 Open the captured file in Wireshark.
 Filter the packets by transmission Control Protocol:
 Locate the initial Transmission Control Protocol SYN segment in the packet list. The SYN flag
should be set in the "Flags" column, indicating that it is a SYN.
 Note down the sequence number of the Transmission Control Protocol-SYN.

The sequence no.of the Transmission Control Protocol SYN-segment to imitate the Transmission
Control Protocol connection is “0”.
According to below screenshot, observe and go to the Flags section, observe the the “Syn-flag” it
is 1, which shows that this segment is a “SYN-segment.”

Question 3:
The “SYNACK”-segment transmitted by server to client machine in consequence to the SYN has a
sequence of 0. See picture below.
In the “SYNACK”-section, the acknowledgment has value - “1”.
Question 4:
Take the following actions to determine the TCP segment sequence number that contains the
HTTP POST command:
 To view the collected packet file (tcp-ethereal-trace-1), open it using Wireshark.
Use TCP to filter the packets.
 Search the packet at the bottom of Wireshark for HTTP POST command. Each packet's real
data payload is shown in this field.
 Choose the packet that contains the HTTP POST command when you've found it.
 Locate the "Sequence number" field, holding the TCP segment sequence number that carries
the HTTP POST instruction.

According to below figure, see the segment No.4 in the packet-list for “HTTP-POST” command.
The sequence-num in the figure we can see of this segmentt is 1.
Question 5:
From Segments 1‐6
As shown in the below figure, the segments from 1 to 6 are segment No., “4-5- 7- 8-10 and 11.”
 Segment’s------> 1's sequence = 1.
 Segment’s------>2's sequence = 566.
 Segment’s------> 3's sequence = 2026.
 Segment’s------> 4's sequence = 3486.
 Segment’s------> 5's sequence = 4946.
 Segment’s------> 6's sequence = 6406.
ACK-of segments from 1 to 6

As shown in below figure, The ACK of segments from 1 to 6 are segment No. “6, 9, 12., 14., 15.
and 16.“.
Question 6:
Question 7:

Question 8:
Question 9:
Typically, an ACK contains 1460 bytes of data that the recipient acknowledges.
This is because majority of data segments delivered by the sender are 1460 bytes in length, which
is the Maximum Segment Length (MTU) usually used on Ethernet networks.

There are several exceptions.


Lines 4, 7, 10, 13, 23, 35, 47, and 58 show the client acknowledging data segments of fewer than
1460 bytes. These are probably the last portions of data being sent.
No, there are no instances in which the receiver acknowledges every other received segment.
In all ACKs (lines 3, 6, 9, 12, 14, 15, etc.), the receiver recognizes all data segments received thus
far. There is no pattern for acknowledging just alternative portions.

Question 10:
We'll find the time elapsed between the first segment of the TCP protocol and the last one
acknowledgment (ACK) received. This will give us the total download time.

Here's the calculation:


Total bytes transferred = Sum of lengths of all TCP segments
Total download time = Last ACK time - First TCP segment Time
Throughput = Total-bytes-transferred / Total download time

Let's perform the calculations:


Total bytes transferred:
Sum of lengths = 619 + 1514 * 119 + 946 * 5 = 191959 bytes

Total download time:


Time of last ACK = 3.025618 seconds (from the last entry)
Time of first TCP segment = 0.000000 seconds (from the first entry)
Total download time = 3.025618 - 0.000000 = 3.025618 seconds

Throughput: Throughput = 191959 bytes / 3.025618 seconds ≈ 63378.728 bytes/second

So, the throughput for the TCP connection is approximately 63378.728 bytes/second.
Question 11:
Time-Sequence-Graph(Stevens) graph at “t = 0, 1, 2, 3, 4 and 5”.
Using the graph given below, see the "Collection" of packets transmitted around “t = 0,. t = 1,. t
= 2,. t = 3, t = 4, and t = 5.”
The TCP's slow speed start seems to begin at 0 and last approximately 0.305 seconds. There is no
congestion avoidance, as seen by the graph's steady increase without packet loss.

You might also like