Beruflich Dokumente
Kultur Dokumente
Scenario:
This is the second in series of Wireshark labs, where this one is designed to let you use Wireshark to
explore the behavior of TCP. After a transfer, you initiate and with the help of a pre-recorded Wireshark
file, you will analyze how the TCP protocol does reliability, congestion control and flow control, with a
brief look at connection setup and performance. You will turn in your trace as well as answers to some
questions based on the data you gathered
Details:
Follow the instructions in the lab carefully, with the one exception that you must save your capture file
(Via "File" --> "Save") as the very last step before exiting Wireshark.
Grading
You will be graded based on: 1) your ability to get Wireshark up and running, and 2) the accuracy of
your answers with respect to the Wireshark capture file you uploaded. There are 4 questions at the end
of the tutorial (the last question is really just requires an action on your part), and each question is
equally weighted.
Grading Guidelines
Wireshark Answers
30% 70%
Grading scores % Explanation
90-100: The Wireshark capture file is present, answers to the questions are
thorough and accurate
80-89: The Wireshark capture file is present, all questions are answered and
mostly accurate, but there are some minor errors
70-79: The Wireshark capture file is present, but an answer is missing or several
answers are incomplete or inaccurate
60-69 The Wireshark capture file is present, but one or more answers are
missing and/or most of the answers are incomplete or inaccurate
0-50: The Wireshark capture file is not present and the answers to the
questions are incorrect or severely lacking
LAB02 – TCP traffic
Scenario
In this lab, we will investigate the behavior of the celebrated TCP protocol in detail. We will do so by
analyzing a trace of the TCP segments sent and received in transferring a 150KB file (containing the text
of Lewis Carrol’s Alice’s Adventures in Wonderland) from a computer to a remote server. We will study
TCP’s use of sequence and acknowledgement numbers for providing reliable data transfer; we will see
TCP’s congestion control algorithm – slow start and congestion avoidance – in action; and we will look
at TCP’s receiver-advertised flow control mechanism. We will also briefly consider TCP connection setup
and we will investigate the performance (throughput and round-trip time) of the TCP connection
between your computer and the server.
Note: The traces in this zip file were collected by Wireshark running on the computers, while performing
the steps indicated in the Wireshark lab.
4. On your computer Start Wireshark and view the trace using the File > Open, and then selecting
the tcp-ethereal-trace-1 trace file
5. Configure time format to display time in seconds from beginning of a capture (details in lab01)
Note: What you should see is series of TCP and HTTP messages between client computer and remote
server. You should see the initial three-way handshake containing a SYN message. You should see
an HTTP POST message. You will also see “[TCP segment of a reassembled PDU]” in the Info
column of the Wireshark display to indicate that this TCP segment contained data that belonged
to an upper layer protocol message (in our case here, HTTP) - – this is Wireshark’s way of
indicating that there are multiple TCP segments being used to carry a single HTTP message
Note: Whenever possible, when answering a question you should paste a print screen (using Windows
Snipping Tool application) of Wireshark console with display of the packet(s) within the trace that
you used to answer the question
Q1: What is the IP address and TCP port number used by the client computer (source) that is
transferring the file to remote server?
HINT: To answer this question, it is probably easiest to select an HTTP message and explore the details
of the TCP packet used to carry this HTTP message, using the “details of the selected packet header
window”
Ip racunala je : 192.168.1.102
TCP 1161
Q2: What is the IP address of remote server? On what port number is it sending and receiving TCP
segments for this connection?
TCP : 80
3. Change the listing of captured packets so that it shows information about the TCP Segments
containing HTTP messages, rather than about the HTTP messages
In Wireshark main windows select Analyze > Enabled Protocols…
Scroll down and deselect HTTP
Click OK
Note: Now you should see only TCP segments that have been sent between computer and servers
during data exchange
Q3: What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection
between the client computer and remote server? What is it in the segment that identifies the
segment as a SYN segment?
Segment : 0
Sekvencijski broj od TCP SYN segment se koristi kao pocetak konekcije izmedu computer I remote
server.
Q4: What is the sequence number of the SYNACK segment sent by server to the client computer in
reply to the SYN? What is the value of the Acknowledgement field in the SYNACK segment? How did
server determine that value? What is it in the segment that identifies the segment as a SYNACK
segment?
Q5: What is the sequence number of the TCP segment containing the HTTP POST command? Note
that in order to find the POST command, you’ll need to dig into the packet content field at the bottom
of the Wireshark window, looking for a segment with a “POST” within its DATA field (start from
beginning)
Segment number : 1
Q6: Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection.
What are the sequence numbers (wireshark No. column) of the first six segments in the TCP
connection (including the segment containing the HTTP POST)?
Seg1:1
Seg2:566
Seg3:2026
Seg4:3486
Seg5:4946
Seg6:6406
At what time was each segment sent? When was the ACK for each segment received?
Seg1: 0.026477 Ack1: 0.053937
HINT: Wireshark has a nice feature that allows you to plot the RTT for each of the TCP segments sent.
Select a TCP segment in the “listing of captured packets” window then select: Statistics->TCP Stream
Graph- >Round Trip Time Graph.
Q7: What is the length of each of the first six TCP segments?
Q8: What is the minimum amount of available buffer space advertised at the received for the entire
trace? Does the lack of receiver buffer space ever throttle the sender?
Q9: Are there any retransmitted segments in the trace file? What did you check for (in the trace) in
order to answer this question?
HINT: Wireshark has a nice feature that allows you to plot the Sequence Number (Stevens) for each of
the TCP segments sent. Select a TCP segment in the “listing of captured packets” window then select:
Statistics->TCP Stream Graph- > Sequence Number (Stevens).
Q11: What is the throughput (bytes transferred per unit time) for the TCP connection? Explain how
you calculated this value.
Ovisi o uzetom period vremena. Podjelili smo ukupan broj bajtova s vremenom koje je prošlo.
Upon completing this lab , close Wireshark and other used programs. Upload this file to LMS.tvz.hr
for evaluation.