Lab 3 – TCP
Coleby Martin
IST 220
1.
What’s the packet number of the HTTP request message you sent when you uploaded
the file?
The packet number of the HTTP request is 1301
2. Show a screenshot of the “Follow TCP Stream” window you found (the screenshot
won’t be able to show all of the content within the scrollable area; just show whichever
portion of it you wish).
3. After you follow the TCP stream, what filter has Wireshark applied to your packet list?
Write the actual filter expression. Wireshark Applied the following filter to
my packet list – tcp.stream eq 50
4. What is the IP address and TCP port number used by the client computer (source) that
is uploading the file to the Web server? The TCP source port number is 64816
and the Source IP Address is 192.168.1.114
5. What is the IP address and TCP port number used by the Web server? The TCP
Port Number used by the Web server is 80 and the IP address for the
Web server is 71.58.64.40
6. What is the sequence number of the TCP SYN segment that is used to initiate the TCP
connection between the client computer and the Web server? What is it in the segment
that identifies the segment as a SYN segment? The Sequence number of the
TCP SYN segment that is used to initiate the TCP connection
between the client computer and the Web server is 0. First of all, in
the info part of the packet, there is [SYN], which was a major
Identifier. Secondly, if you look in the analysis table, you will see flags,
when you expand the flags information, you will see SYN set to one,
indicating that it is a SYN segment.
7. What is the sequence number of the SYNACK (same as “SYN, ACK”) segment sent by
the Web server to the client computer in reply to the SYN? What is the value of the
ACK field in the SYNACK segment? What is it in the segment that identifies the
segment as a SYNACK segment? The sequence number of the SYNACK
segment sent by the Web server to the client computer in reply to the
SYN is 0. The value of the ACK field in the SYNACK segment is 1. If
you look in the info part of the packet, you will see [SYN, ACK], which
is a big indicator. Also, if you look at the flags, you will see that SYN
and ACK both have a value of 1, indicating that it is a SYNACK
segment.
8. What is the sequence number of the TCP segment containing the HTTP POST
command? The Sequence number of the TCP segment containing the
HTTP Post command is 1. To find the correct segment, examine the
data window for each packet until you see one with “POST” in it.
9. Because the houndofthebaskervilles.txt file was too big to send in one TCP segment, it
was split into pieces and sent out as multiple segments/packets. For each segment,
include the following information:
Segment 1.
Packet number: 1304
Sequence number: 643
Acknowledgement number: 1
TCP segment data (bytes): 1448 Bytes
Segment 2:
Packet Number: 1306
Sequence Number: 2091
Acknowledgment Number: 1
TCP segment data (bytes): 1488 bytes
Segment 3:
Packet Number: 1307
Sequence Number: 3539
Acknowledgment Number: 1
TCP segment data (bytes): 1409 bytes
Do you see any relationship between the sequence numbers and TCP segment data
(bytes) values?
Yes, the TCP segment data uses the sequence numbers as a guide so
we get the correct information in the correct order. As you can see,
the first two segments have the same amount of bytes even though
the sequence numbers are different, but the last segment has less
byte because it knew that it was the last piece of data.
10. What are the packet numbers of the acknowledgements sent from the Web server to
your computer? 1300 1311 1321