IPG-2016-103 ISS LAB ANSWER DOCUMENT

1. by inspecting the raw data in the packet content window do you see any header within the data that are not
displayed in the packet listing window? if so, name one?
Ans. All the Headers can be seen in the Packet window as well as within the data. The header details can also be
seen on double clicking the packet.

2. how many http get request msgs did your browser send? which packet number in the trace contains the get
message? Which packet number in the trace contains the status code and phrase associated with the response to
the http get request?
Ans. On connecting to www.ox.ac.uk (oxford website) Chrome sent 51 HTTP GET Requests
Of which Packet 136 is the first GET REQ and packet 144 has status code 302 FOUND as a response to the GET REQ.
3. how many data containing tcp segments were needed to carry the single http response and the text of the
website?
Ans. On connecting to www.ox.ac.uk (oxford website)
14 Segments
17867 Bytes

4. what is the sequence number of the TCP segment containing the http post command?
Ans.
Sequence number: 68.
5. examine a UDP packet and highlight it? how many fields are there in the UDP header? Name these fields, lengths
and values?
Ans. 4 Fields, Namely:
1. Source port: 65290 length: 2 bytes
2. Destination Port: 53 length: 2 bytes
3. Length: 34 length: 2 bytes
4. Checksum: 0x313d length: 2 bytes
Inactive fields (2):
1. Checksum status: unverified
2. Stream Index: 0

6. Examine a pair of UDP packets in which the first packet is sent by your host and the second packet is a reply to the
first packet? describe the relationship between the port numbers in the 2 packets?
Ans. 119 and 125 are UDP sent and reply packets.
The source and Destination port numbers are switched. (65290 and 53)
7. What is specified by the value of the ACK field in any received ACK segment? how much data (bytes) does the
receiver typically ACK in 1 ACK?
Ans. The Ack Value gives the next sequence number of the packet to be received, in this case its 239.
Packet 8 is the ACK to Packet 1.
Size of Acknowledgment: 74 Bytes.

8. Are there cases where the receiver is Acknowledging accumulatively? Please check the whole trace and describe
the behaviour of TCP when acknowledging received data?
Ans. Yes, cases where source and destination are the same.
After each set of accumulative acknowledgements, a collective packet containing the Application data is seen on
the traffic, hence ensuring successful receipt of all the data.
9. consider the TCP segment containing the HTTP post as the first segment in the TCP connection? At what time was
the 3rd segment sent and when was the ACK for the segment received?
Ans. POST was sent at 6.2241sec and the 3rd segment after post was sent at 6.6517sec.
Accumulative ACK were received at 6.651733sec and 6.651734sec. A second confirmation was sent from Dest at
6.651784sec.

10. If you try password sniffing for any secure website, no HTTP post request is captured even the GET req is also not
captured, why?
Ans. Those websites use HTTPS, an SSL protocol to encrypt the data thus packets get captured but the encrypted
data seems to be useless.
Many websites prevent packet capturing through use of tunnelling and block the softwires like Wireshark to access
the same
Simple website data can be captured like: