Wireshark
Wireshark
According to given below figure, the IP-address is “(192.,168.1.102)” and its Transmission Control
Protocol port is “1161”.
Question 1:
Follow the following steps for finding the TCP port number:
Open the already captured packet file in wireshark.
Filter the TCP packets.
Identify any TCP-segment sent by server in packet list. Check the destination IP address to
identify, which should match to the server.
Select the Transmission Control Protocol segment sent by server.
Note down the IP-address of server, along with source and destination port numbers.
According to given below figure, the IP-address of server is “(128.119.245,12)” and the
Transmission Control Protocol port is “80”.
Question 2:
To find the sequence of the Transmission Control Protocol follow these steps:
Open the captured file in Wireshark.
Filter the packets by transmission Control Protocol:
Locate the initial Transmission Control Protocol SYN segment in the packet list. The SYN flag
should be set in the "Flags" column, indicating that it is a SYN.
Note down the sequence number of the Transmission Control Protocol-SYN.
The sequence no.of the Transmission Control Protocol SYN-segment to imitate the Transmission
Control Protocol connection is “0”.
According to below screenshot, observe and go to the Flags section, observe the the “Syn-flag” it
is 1, which shows that this segment is a “SYN-segment.”
Question 3:
The “SYNACK”-segment transmitted by server to client machine in consequence to the SYN has a
sequence of 0. See picture below.
In the “SYNACK”-section, the acknowledgment has value - “1”.
Question 4:
Take the following actions to determine the TCP segment sequence number that contains the
HTTP POST command:
To view the collected packet file (tcp-ethereal-trace-1), open it using Wireshark.
Use TCP to filter the packets.
Search the packet at the bottom of Wireshark for HTTP POST command. Each packet's real
data payload is shown in this field.
Choose the packet that contains the HTTP POST command when you've found it.
Locate the "Sequence number" field, holding the TCP segment sequence number that carries
the HTTP POST instruction.
According to below figure, see the segment No.4 in the packet-list for “HTTP-POST” command.
The sequence-num in the figure we can see of this segmentt is 1.
Question 5:
From Segments 1‐6
As shown in the below figure, the segments from 1 to 6 are segment No., “4-5- 7- 8-10 and 11.”
Segment’s------> 1's sequence = 1.
Segment’s------>2's sequence = 566.
Segment’s------> 3's sequence = 2026.
Segment’s------> 4's sequence = 3486.
Segment’s------> 5's sequence = 4946.
Segment’s------> 6's sequence = 6406.
ACK-of segments from 1 to 6
As shown in below figure, The ACK of segments from 1 to 6 are segment No. “6, 9, 12., 14., 15.
and 16.“.
Question 6:
Question 7:
Question 8:
Question 9:
Typically, an ACK contains 1460 bytes of data that the recipient acknowledges.
This is because majority of data segments delivered by the sender are 1460 bytes in length, which
is the Maximum Segment Length (MTU) usually used on Ethernet networks.
Question 10:
We'll find the time elapsed between the first segment of the TCP protocol and the last one
acknowledgment (ACK) received. This will give us the total download time.
So, the throughput for the TCP connection is approximately 63378.728 bytes/second.
Question 11:
Time-Sequence-Graph(Stevens) graph at “t = 0, 1, 2, 3, 4 and 5”.
Using the graph given below, see the "Collection" of packets transmitted around “t = 0,. t = 1,. t
= 2,. t = 3, t = 4, and t = 5.”
The TCP's slow speed start seems to begin at 0 and last approximately 0.305 seconds. There is no
congestion avoidance, as seen by the graph's steady increase without packet loss.