User Account

All Pages

Find the first tcp handshake

Assignment Help Management Information Sys
Reference no: EM131310512

Assignment:

A packet trace of normal network traffic will contain more than just the packets you want to look at. You can apply a display filter to isolate conversations within the trace. For this exercise you will use a trace file of a student at home using a browser to connect to UMUC. The trace captures the traffic that resulted when the student pointed a browser to www.umuc.edu.

If you are using an older, or newer version of ethereal/wireshark, or different OS some of the buttons may be in different windows or positions.

I. Answer the following questions about trace file www_umuc_edu.cap.

1. Download trace file www_umuc_edu.cap (see attached) and open it with Wireshark.

2. Find the first TCP handshake. These are packet numbers ____, _____, and _____.

3. What is the IP address of the host that started the handshake? __________________.

4. What is the TCP port connection pair for this handshake? ______, ______.

5. In the first packet of the handshake, the source port is the ephemeral port this host wants to use for the connection, and the destination port indicates the application the host wants to use on the serving host. What application does the host want to use on the serving host?______________

6. Look at packet number 14. Is this part of the conversation initiated by the first handshake? ______

II. Build a filter to see only the first handshake and the conversation for this connection.

1. Click Analyze (or &Edit& on other versions of ethereal) and select Display Filters from the drop-down list. This brings you to the Edit Display Filters List.

2. Click &Expression&

3. Expand TCP (click the plus sign next to TCP), and highlight &Source or Destination Port&.

4. In the Relation section highlight == .

5. In the Value field type the source port used by the host that initiated the conversation. (The source port should be 1097 in this example).

6. Click &OK&. Now there is a filter string in the Edit Display Filter List window. (The filter string should be &tcp.port == 1097&.)

7. In the Filter name box type &Conversation on 1097&.

8. Click New, then OK. Now you have defined a filter (but not yet applied it).

III. Answer question 4.

The handshake establishes the initial sequence numbers for each connection. Try to follow the sequence numbers in the conversation. Now change the display to show relative sequence numbers:

1. Click Edit and select Preferences from the drop-down list.

2. Drill down into Protocols until you get to TCP.

3. Highlight TCP and select the options, &Analyze TCP sequence numbers& and &Relative sequence numbers and window scaling.& Click OK. Try again to follow the sequence numbers.

4. You cannot see the &next sequence number& in the summary pane for packet number 6. Look for it in the protocol tree pane. Explain why packet number 7 says &ACK =344.&

IV. Extra practice

If you would like to try the same exercise on another trace file without the hints, you can practice on link_to_umuc.cap. This is a trace of a student who is already at www.umuc.edu/students/ clicking on the link to enter the online class. Or, if you want to capture function of Ethereal, you will need to download and install the packet driver, winpcap, from https://netgroup.polito.it/tools . (Note: For privacy or security reasons, the network usage policy at your place of work may not allow you to use packet sniffing software on the network. Do not practice capturing network traffic at work without first checking the policy and obtaining written permission from your employer.)
Attached you may find the files needed for this lab.

This exercise does not specify that you should perform the trace yourselves, because not all of you may have permissions to do that. However, it does encourage those who can make their own captures, and it would be great if some of you could do that and post your traces for discussion.

The prerequisites are listed:

1. Winpcap

If you want to capture your own packets, you will need Winpcap. The download location is given in the last section of the exercise (https://netgroup.polito.it/tools).

Winpcap is the packet driver that sets the network interface in promiscuous mode. Without it, the NIC simply ignores frames not addressed to it, and it won't echo anything up to the packet analyzing application. However, some of you will not be able to install the packet driver (because it talks directly to the network interface hardware and may violate a workstation policy), and others may not be able to use the driver (because of settings in a personal firewall or IDS).

2. Clear browser cache

Those who can run the driver do need to clear their browser cache. Otherwise, the browser will simply display what's in the cache instead of initiating the new connection they are trying to capture.

3. Firewalls

A firewall on your network is unlikely to prevent anyone from capturing files. However, a firewall on the network probably also means you are using someone else's network and shouldn't be capturing files on it anyway, without permission of the owner. On the other hand, a firewall or IDS installed directly on the your computer could prevent you from capturing packets, depending how the firewall/IDS is configured.

You are welcome to view attached Dick Hazeleger's &Packet Sniffing - A Crash Course.& It's especially non-threatening and very encouraging.

Also you may see Mike Schiffman's book, Building Open Source Network Security Tools: Components and Techniques, (Wiley, 2003). This book shows how to use the libraries included with Ethereal (and TCPDump, WinDump, etc) to actually replay packets.

Reference no: EM131310512

Questions Cloud

Create an easy to read report layout for the daily report : Create an easy to read report layout (consistent spaces for each column and column headers) for the daily report (HINT: column headers you can use...auto info, price/discounted price, customer info)
Develop a data analysis for the information systems plan : Conduct and develop a data analysis for the Information Systems Plan. Provide a narrative of system processes with associated data and data flow. Decompose the context level diagram of the system submitted in an earlier assignment into a data flow..
Evaluate height of tower required by graphical integration : Evaluate the ratio (Ls/Gs)actual to (Ls/Gs)minimum.-  Evaluate the height of tower required, by graphical integration.
Write paper on security privacy and trust issues in internet : Write a research paper about Security, privacy and trust issues in internet. The research paper should contain the following abstract, introduction and refrences. The research paper should be Maximum pages 6.
Find the first tcp handshake : What is the IP address of the host that started the handshake? What is the TCP port connection pair for this handshake? In the first packet of the handshake, the source port is the ephemeral port this host wants to use for the connection, and the d..
Create your own short and simple jdbc java code : Create your own short and simple JDBC Java code example that inserts 2 records into an Oracle table of your creation. Post your fully functional code along with screen shots demonstrating the successful running of it.
Determine the height of the tower using a modified equation : A tower, 15 cm in diameter, is to be used to lower the ammonia, NH3, concentration in a gas stream from 3.6 to 0.3 mol %.- Determine the height of the tower using a modified Equation.
How sales of individual items would be entered : How a system could improve efficiency? How a system could improve accuracy? How sales of individual items would be entered? How the database would store the data compared to the current spreadsheet method?
What is the cross-sectional area at the nozzle throat : If expansion is isentropic, what is the minimum pressure that can be reached in such a nozzle and what is the cross-sectional area at the nozzle throat at this pressure for a flow rate of 0.75 kg s-1?

Reviews

Write a Review

Management Information Sys Questions & Answers

  Explain the importance and purpose of technical definitions

Explain the importance and purpose of technical definitions. Select a term you know the meaning of but others may not

  Would edi pay for itself within the first 5 years

Would EDI pay for itself within the first 5 years?- What Effects Aside From Cost Might Mr. Mcneely Consider When Implementing Edi?

  Construct a packet that minimizes the size of the packet

Construct a packet that minimizes the size of the packet. What data rate must your data connection be set at

  Keeping information secureexplore ways an organization can

keeping information secureexplore ways an organization can keep its information secure. in 250 words apa style describe

  Focus on a type of technology or information systems

Focus on a type of technology or information systems such as CRM (customer relationship management) or decision support. Focus on an IT function or functional responsibility such as security, privacy, policy development

  How to deploy and configure intranet and web applications

Propose the best way to plan, deploy, and configure the file servers. Determine how to deploy and configure the intranet and Web applications

  What are the benefits and costs of involving customers

Identify an example of a development project and what type of team you believe they used. Do you think this was the appropriate type of team given the nature of the project?

  What is the mindset required to properly protect

what is the mindset required to properly protect information? what role does reasoned paranoia play in the minded and

  Common business practicesbelow are five common business

common business practicesbelow are five common business problems and strategies. the one we will research is issue i

  Write a paper about disaster backup-disaster recovery

Write a paper about Disaster Backup-Disaster Recovery.compare and contrast Database Backup & Disaster Planning.

  Prepare a presentation to convince the audience

what you have learned about data protection in an online environment, prepare a presentation to a department head or the CEO of a company to convince the audience that data protection controls would benefit their business.

  It governance - a hands on approach is the best way

IT Governance - A Hands on Approach is the best way-Prepare a 4- 5-minute one-point argumentative speech present. ation on a topic related to the IT profession or of interest to IT Professionals

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd