Lab 3 – TCP Coleby Martin IST 220 1. What’s the packet number of the HTTP request message you sent when you uploaded the file? The packet number of the HTTP request is 1301 2. Show a screenshot of the “Follow TCP Stream” window you found (the screenshot won’t be able to show all of the content within the scrollable area; just show whichever portion of it you wish). 3. After you follow the TCP stream, what filter has Wireshark applied to your packet list? Write the actual filter expression. Wireshark Applied the following filter to my packet list – tcp.stream eq 50 4. What is the IP address and TCP port number used by the client computer (source) that is uploading the file to the Web server? The TCP source port number is 64816 and the Source IP Address is 192.168.1.114 5. What is the IP address and TCP port number used by the Web server? The TCP Port Number used by the Web server is 80 and the IP address for the Web server is 71.58.64.40 6. What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and the Web server? What is it in the segment that identifies the segment as a SYN segment? The Sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and the Web server is 0. First of all, in the info part of the packet, there is [SYN], which was a major Identifier. Secondly, if you look in the analysis table, you will see flags, when you expand the flags information, you will see SYN set to one, indicating that it is a SYN segment. 7. What is the sequence number of the SYNACK (same as “SYN, ACK”) segment sent by the Web server to the client computer in reply to the SYN? What is the value of the ACK field in the SYNACK segment? What is it in the segment that identifies the segment as a SYNACK segment? The sequence number of the SYNACK segment sent by the Web server to the client computer in reply to the SYN is 0. The value of the ACK field in the SYNACK segment is 1. If you look in the info part of the packet, you will see [SYN, ACK], which is a big indicator. Also, if you look at the flags, you will see that SYN and ACK both have a value of 1, indicating that it is a SYNACK segment. 8. What is the sequence number of the TCP segment containing the HTTP POST command? The Sequence number of the TCP segment containing the HTTP Post command is 1. To find the correct segment, examine the data window for each packet until you see one with “POST” in it. 9. Because the houndofthebaskervilles.txt file was too big to send in one TCP segment, it was split into pieces and sent out as multiple segments/packets. For each segment, include the following information: Segment 1. Packet number: 1304 Sequence number: 643 Acknowledgement number: 1 TCP segment data (bytes): 1448 Bytes Segment 2: Packet Number: 1306 Sequence Number: 2091 Acknowledgment Number: 1 TCP segment data (bytes): 1488 bytes Segment 3: Packet Number: 1307 Sequence Number: 3539 Acknowledgment Number: 1 TCP segment data (bytes): 1409 bytes Do you see any relationship between the sequence numbers and TCP segment data (bytes) values? Yes, the TCP segment data uses the sequence numbers as a guide so we get the correct information in the correct order. As you can see, the first two segments have the same amount of bytes even though the sequence numbers are different, but the last segment has less byte because it knew that it was the last piece of data. 10. What are the packet numbers of the acknowledgements sent from the Web server to your computer? 1300 1311 1321