Skip to document
Welcome to StudocuSign in to access the best study resources
Guest user
0followers
HomeMy LibraryAsk AI
  • You don't have any recent items yet.
My Library
  • You don't have any courses yet.
  • You don't have any books yet.
  • You don't have any Studylists yet.
Premium
This is a Premium Document. Some documents on Studocu are Premium. Upgrade to Premium to unlock it.

Week 9 Lab 1 - Wireshark Tutorial Work

Wireshark Tutorial Work
Course

Networking Fundamentals (41092)

238 Documents
Students shared 238 documents in this course
Academic year: 2019/2020
Uploaded by:
Student
Tommy Mai
University of Technology Sydney
0followers
10Uploads
11upvotes

Recommended for you

Comments

Please sign in or register to post comments.

Students also viewed

Related documents

Preview text

Week 9 Lab 1

1 is the IP address of the client?

The IP address of the client is 192.168.1.

2 client actually communicates with several different Google servers in order to implement “safe browsing.” (See extra credit section at the end of this lab). The main Google server that will serve up the main Google web page has IP address 64.233.169. In order to display only those frames containing HTTP messages that are sent to/from this Google, server, enter the expression “http && ip == 64.233.169” (without quotes) into the Filter: field in Wireshark.

http && ip == 64.233.169 doesn’t return any result but ip == 64.233. returns result.

3 are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP GET?

Source: 192.168.1, 4335 Destination: 64.233.169, 80

4 what time is the corresponding 200 OK HTTP message received from the Google server? What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP 200 OK message?

Time the corresponding 200 OK HTTP: 7 seconds Source IP Address: 64.233.169, Port: 80 Destination IP Address: 192.168.1, Port: 4335

  1. Recall that before a GET command can be sent to an HTTP server, TCP must first set up a connection using the three-way SYN/ACK handshake. At what time is the client-to-server TCP SYN segment sent that sets up the connection used by the GET sent at time 7? What are the source and destination IP addresses and source and destination ports for the TCP SYN segment? What are the source and destination IP addresses and source and destination ports of the ACK sent in response to the SYN. At what time is this ACK received at the client? (Note: to find these segments you will need to clear the Filter expression you entered above in step 2. If you enter the filter “tcp”, only TCP segments will be displayed by Wireshark).

SYN Time: 7 seconds SYN Source IP Address: 192.168.1, Port: 4335 SYN Destination IP Address: 64.233.169, Port: 80

  1. In the NAT_ISP_side trace file, find the HTTP GET message was sent from the client to the Google server at time 7 (where t=7 is time at which this was sent as recorded in the NAT_home_side trace file). At what time does this message appear in the NAT_ISP_side trace file? What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP GET (as recording in the NAT_ISP_side trace file)? Which of these fields are the same, and which are different, than in your answer to question 3 above?

Home

ISP

  1. In the NAT_ISP_side trace file, at what time is the first 200 OK HTTP message received from the Google server? What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP 200 OK message? Which of these fields are the same, and which are different than your answer to question 4 above?

HTTP 200 OK message first time: 6 seconds

HTTP 200 OK message source IP: 64.233.169, Port: 80

HTTP 200 OK message Destination IP: 71.192.34, Port: 4335

Version is the same, Flag does not change.

Time to live changed and Header checksum changed.

Home

ISP

  1. Using your answers to 1-8 above, fill in the NAT translation table entries for HTTP connection considered in questions 1-8 above.

NAT TRANSLATE TABLE WAN SIDE LAN SIDE 71.192.34, 4335 192.168.1, 4335

Was this document helpful?
Premium
This is a Premium Document. Some documents on Studocu are Premium. Upgrade to Premium to unlock it.

Week 9 Lab 1 - Wireshark Tutorial Work

Course: Networking Fundamentals (41092)

238 Documents
Students shared 238 documents in this course

University: University of Technology Sydney

Was this document helpful?

This is a preview

Do you want full access? Go Premium and unlock all 7 pages

  • Access to all documents

  • Get Unlimited Downloads

  • Improve your grades

Upload

Share your documents to unlock

Already Premium?
Week 9 Lab 1
1.What is the IP address of the client?
The IP address of the client is 192.168.1.100.
2.The client actually communicates with several different Google servers in order to implement “safe
browsing.” (See extra credit section at the end of this lab). The main Google server that will serve up the
main Google web page has IP address 64.233.169.104. In order to display only those frames containing
HTTP messages that are sent to/from this Google, server, enter the expression “http && ip.addr ==
64.233.169.104” (without quotes) into the Filter: field in Wireshark.
http && ip.addr == 64.233.169.104 doesn’t return any result but ip.addr == 64.233.169.104
returns result.
3.What are the source and destination IP addresses and TCP source and destination ports on the IP
datagram carrying this HTTP GET?
Source: 192.168.1.100, 4335 Destination: 64.233.169.104, 80

Why is this page out of focus?

This is a Premium document. Become Premium to read the whole document.

Why is this page out of focus?

This is a Premium document. Become Premium to read the whole document.

Students also viewed

Related documents