Hat is the tcp port connection pair for this handshake

Assignment Help Humanities
Reference no: EM131312077

IDENTIFYING TCP CONVERSATIONS

The purpose of this lab is to practice examining traffic with a display filter.

Assignment:

A packet trace of normal network traffic will contain more than just the packets you want to look at. You can apply a display filter to isolate conversations within the trace. For this exercise you will use a trace file of a student at home using a browser to connect to UMUC. The trace captures the traffic that resulted when the student pointed a browser to www.umuc.edu.
If you are using an older, or newer version of ethereal/wireshark, or different OS some of the buttons may be in different windows or positions.

I. Answer the following questions about trace file www_umuc_edu.cap.

1. Download trace file www_umuc_edu.cap (see attached) and open it with Wireshark.

2. Find the first TCP handshake. These are packet numbers ____, _____, and _____.

3. What is the IP address of the host that started the handshake? __________________.

4. What is the TCP port connection pair for this handshake? ______, ______.

5. In the first packet of the handshake, the source port is the ephemeral port this host wants to use for the connection, and the destination port indicates the application the host wants to use on the serving host. What application does the host want to use on the serving host?______________

6. Look at packet number 14. Is this part of the conversation initiated by the first handshake? ______

II. Build a filter to see only the first handshake and the conversation for this connection.

1. Click Analyze (or "Edit" on other versions of ethereal) and select Display Filters from the drop-down list. This brings you to the Edit Display Filters List.

2. Click "Expression"

3. Expand TCP (click the plus sign next to TCP), and highlight "Source or Destination Port".

4. In the Relation section highlight == .

5. In the Value field type the source port used by the host that initiated the conversation. (The source port should be 1097 in this example).

6. Click "OK". Now there is a filter string in the Edit Display Filter List window. (The filter string should be "tcp.port == 1097".)

7. In the Filter name box type "Conversation on 1097".

8. Click New, then OK. Now you have defined a filter (but not yet applied it).

III. Answer question 4.

The handshake establishes the initial sequence numbers for each connection. Try to follow the sequence numbers in the conversation. Now change the display to show relative sequence numbers:

1. Click Edit and select Preferences from the drop-down list.
2. Drill down into Protocols until you get to TCP.
3. Highlight TCP and select the options, "Analyze TCP sequence numbers" and "Relative sequence numbers and window scaling." Click OK. Try again to follow the sequence numbers.
4. You cannot see the "next sequence number" in the summary pane for packet number 6. Look for it in the protocol tree pane. Explain why packet number 7 says "ACK =344."

IV. Extra practice

If you would like to try the same exercise on another trace file without the hints, you can practice on link_to_umuc.cap. This is a trace of a student who is already at www.umuc.edu/students/ clicking on the link to enter the online class. Or, if you want to capture function of Ethereal, you will need to download and install the packet driver, winpcap, from https://netgroup.polito.it/tools . (Note: For privacy or security reasons, the network usage policy at your place of work may not allow you to use packet sniffing software on the network. Do not practice capturing network traffic at work without first checking the policy and obtaining written permission from your employer.)
Attached you may find the files needed for this lab.

This exercise does not specify that you should perform the trace yourselves, because not all of you may have permissions to do that. However, it does encourage those who can make their own captures, and it would be great if some of you could do that and post your traces for discussion.

The prerequisites are listed:

1. Winpcap

If you want to capture your own packets, you will need Winpcap. The download location is given in the last section of the exercise (https://netgroup.polito.it/tools).

Winpcap is the packet driver that sets the network interface in promiscuous mode. Without it, the NIC simply ignores frames not addressed to it, and it won't echo anything up to the packet analyzing application. However, some of you will not be able to install the packet driver (because it talks directly to the network interface hardware and may violate a workstation policy), and others may not be able to use the driver (because of settings in a personal firewall or IDS).

2. Clear browser cache

Those who can run the driver do need to clear their browser cache. Otherwise, the browser will simply display what's in the cache instead of initiating the new connection they are trying to capture.

3. Firewalls

A firewall on your network is unlikely to prevent anyone from capturing files. However, a firewall on the network probably also means you are using someone else's network and shouldn't be capturing files on it anyway, without permission of the owner. On the other hand, a firewall or IDS installed directly on the your computer could prevent you from capturing packets, depending how the firewall/IDS is configured.

You are welcome to view attached Dick Hazeleger's "Packet Sniffing - A Crash Course." It's especially non-threatening and very encouraging.

Reference no: EM131312077

Questions Cloud

Construct and use a trial balance : Construct and use a trial balance.- The accounts of Lake Oaks Pool Service, Inc., follow with their normal balances at April 30, 2014.
What dollar amount of deposits can the bank have : A new bank has vault cash of $1 million and $5 million in deposits held at its Federal Reserve District Bank. If the required reserves ratio is 8 percent, what dollar amount of deposits can the bank have
Argue for or against an established theory involving mergers : Argue for or against an established theory involving Mergers and Acquisitions or Financial Ratio Analysis. The presentation of a firm position regarding your stance or theory.
What distance produces an area : The area of a projected picture on a movie screen varies directly as the square of the distance from the projector to the screen. If a distance of 20 feet produces a picture with an area of 68 sq feet, what distance produces an area of 120 square ..
Hat is the tcp port connection pair for this handshake : A packet trace of normal network traffic will contain more than just the packets you want to look at. You can apply a display filter to isolate conversations within the trace. For this exercise you will use a trace file of a student at home using ..
Many tie-dyed t-shirts as silk-screened shirts : Last week at a festival, a man sold 44 times as many tie-dyed T-shirts as silk-screened shirts. He sold 190190 shirts altogether. How many tie-dyed shirts did he sell?
Which economic indicators the federal reserve should analyze : Evaluate the role and the effectiveness of the Federal Reserve in stabilizing the current economy. Determine which economic indicators the Federal Reserve should analyze so it can better stabilize this particular economy.
Which economic indicators the federal reserve should analyze : Evaluate the role and the effectiveness of the Federal Reserve in stabilizing the current economy. Determine which economic indicators the Federal Reserve should analyze so it can better stabilize this particular economy.
Compounded monthly and still stay within the budget : A homeowner planning a kitchen remodeling can afford a $700 monthly payment. How much can the homeowner borrow for 2 years at 6%, compounded monthly, and still stay within the budget? (Round your answer to the nearest cent.)

Reviews

Write a Review

 

Humanities Questions & Answers

  Write about impact of korean dramas on distributing korea

Write a research paper about The Impact of Korean Dramas on Distributing Korean Culture IN China.

  Us department of health & human services

What are the main issues in this case? -  What ethical theories, principles, & values are of concern? Describe them.

  Mary saw the boy with the binoculars

The sentence 'Mary saw the boy with the binoculars' is ambiguous - illustrate how this ambiguity can be accounted using tree diagrams

  Determine the bit rate that can be transmitted

Orthogonal 8-FSK with non coherent detection. For (a)-(c), assume that the transmitter pulse shape has a raised cosine spectrum with a 50 percent roll-off.

  Definition of postmodernism

You will need to create a paragraph of 8 sentences writing the definition of POSTMODERNISM in YOUR OWN WORDS. Then you need to discuss the piece you chose that connects with your definition of Postmodernism.

  Expression for the small-signal voltage gain

Derive an expression for the small-signal voltage gain vo/vi of the circuit shown in Fig. P9.54 in two different ways: (a) as a differential amplifier(b) as a cascade of a common-collector stage Q1:and a common-base stage Q2:

  Discuss how the media constructs gender roles

DEFINE race, ethnicity, and gender.DISCUSS how the media constructs gender roles. PROVIDE a specific example.

  Identify the augite minerals using the key provided

Identify the following minerals using the Key provided. Place the names with the appropriate number. Augite, Biotite, Calcite, Galena, Graphite, Gypsum, Halite, Hematite, Hornblende, Kaolinite, Microcline (Orthoclase), Muscovite, Plagioclase, Pyr..

  Book review on ali eteraz book children of the dust 4

book review on ali eteraz book children of the dust 4 pages 12 point font new times roman no plagiarized materials

  Prepare the entries for leonard company

Equity Method On January 2, Leonard Company acquired 40% of the outstanding stock of Bristol Company for $320,000. For the year ending December 31, Bristol Company earned income of $83,000 and paid dividends of $26,000.

  Describe and analyse the influence of the independent

describe and analyse the influence of the independent sector on health care provision in england. make a judgment about

  Evaluate the concepts of normal and abnormal behaviour

evaluate the concepts of normal and abnormal behaviour .choose 2 concepts from the list below and explain the

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd