ELG5369_Lab_Manuals_Lab1_Traffic_Capture_Analysis

pdf

School

University of Ottawa *

*We aren’t endorsed by this school

Course

5369

Subject

Electrical Engineering

Date

Jan 9, 2024

Type

pdf

Pages

26

Uploaded by MegaHornet3590

Report
Université d’Ottawa Faculté de génie École d’ingénierie electrique et de science informatique University of Ottawa Faculty of Engineering School of Electrical Engineering And Computer Science ELG5369 Internetworking Technologies Using Wireshark to Capture and Analyze Network Traffic LAB MANUAL Dan Ionescu Fall 2022
Page | 1 TABLE OF CONTENT TABLE OF CONTENT ..................................................................................................................................... 1 1. Introduction ......................................................................................................................................... 2 2. Wireshark ............................................................................................................................................ 2 3. Installing Wireshark on Window ......................................................................................................... 2 4. More on Wireshark ............................................................................................................................. 3 5. Running Wireshark .............................................................................................................................. 8 6. Lab1: A Hands-On Wireshark Lab ........................................................................................................ 9 7. Lab 2 on Wireshark ............................................................................................................................ 11 8. Lab 2: Ethernet and Address Resolution Protocol ............................................................................ 12 8.1. Ethernet ..................................................................................................................................... 12 8.2. ARP Caching ............................................................................................................................... 13 8.3. Capturing IP packets .................................................................................................................. 14 9. Lab 3: TCP, UDP and HTTP Traffic Capturing and Analysis ................................................................ 16 9.1. Capturing TCP traffic ................................................................................................................. 16 9.2. Capturing UDP traffic ................................................................................................................ 20 9.3. Capturing HTTP traffic ............................................................................................................... 21 9.3.1. The HTTP CONDITIONAL GET/response interaction ......................................................... 21 9.3.2. Retrieving Long Documents .............................................................................................. 22 9.3.3. HTML Documents with Embedded Objects ...................................................................... 23 9.3.4. HTTP Authentication ......................................................................................................... 23
Page | 2 1. Introduction This document contains all the information you need in order to start working on the first part of the Lab-Assignment tasks of the ELG5369 “Internetworking Technologies”. As course content and documents might change from time to time, the most recent version of this document can always be retrieved from the ELG5369 course website, located at my Google Drive If you have any questions related to, the Lab Assignment component of the course as well as any subject covered in the class, please use the forum of the ELG5369 Brightspace course website. For this first lab/ Assignment you have to experiment with Wireshark the capturing of various packets and to explore the information that a Wireshark captures in regards to the following Internet protocols: 1. Ethenet 2. ARP 3. Ip 4. TCP 5. UDP 6. HTTP In order to get used with the Wireshark this Lab Manual has, in Section 7, a hands-on experiment. As such a description of Wireshark is given in Section3. Explanations about how to answer the lab questions are given through the experiments you have to generate for each of the five protocols mention above. Usually all the experiments, can be done in one single day. This is the reason that you are given one week to perform them and to prepare carefully your answers. Your answers have to be compulsory illustrated by corresponding screen shots. 2. Wireshark The Lab-Assignments you are required to resolve are group efforts. Though each student is required to install on his/her laptop the Wireshark software and resolve one of this Lab tasks. Wireshark is available for any version of the Operating System used on your laptop. The Wirehsark software can be downloaded from https://www.wireshark.org/download.html 3. Installing Wireshark on Window Note that you don’ t need Administrator rights to install Wireshark. 1. Download the Wireshark executable from https://www.wireshark.org/download.html 2. Begin the installation process by double-clicking the installer: wireshark setup 2.41.exe.The first screen is a general welcome screen for the setup wizard. Click Next to continue.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Page | 3 3. The next screen is the Wireshark GNU General Public License Agreement. After reading and accepting the terms of the license, click I Agree to accept the license and continue. 4. The next screen allows you to choose which Wireshark components to install. The default components require 65.2MB of free space. Of course, you should have adequate free space for storing your capture files as well. Click Next to continue. 5. The screen that appears allows you to select shortcuts to create and associate file extensions with Wireshark. Click Next to continue. 6. The next screen allows you to choose the folder where you would like to install Wireshark. Accept the default of C:\Program Files\Wireshark and click Next. 7. The screen that next appears allows you to install WinPcap if it is not already installed. If you have not installed WinPcap already, you may choose to do so by clicking the Install WinPcap 3.1 box. Click Install to begin the installation process. 8. A screen showing the status of the installation process should appear. It gives line-by-line details of what is happening behind the scenes, as well as an overall progress bar. If Wireshark is installing WinPcap for you, you will need to click Next through the WinPcap installation screens and accept the WinPcap license agreement. Once the Wireshark installation is complete, click Next to continue. 9. All done! Wireshark is now installed and ready to go. It even puts a nice shortcut icon right on the desktop. You may click the boxes to run Wireshark and to show the Wireshark news file. Click Finish to close the dialog box. You can now double-click the Wireshark desktop icon to open the Wireshark network analyzer GUI. 4. More on Wireshark Wireshark is a packet sniffer. The packet sniffer is a networking trouble shooting device which captures the messages, or the network traffic being sent or received from or by the local host which you use and analyzes the captured traffic. Wireshark is therefore a software application which installed on your laptop or computer capturing through copying the received or sent packages by or from your laptop or computer applications. Wireshark software is available in precompiled binaries and source code, which can be installed and run on over 20 OSs, including UNIX, Linux (various versions) and Windows. Third-party packages area also available for Mac OS X.
Page | 4 Figure 1: A simple architecture of Wireshark Software Figure 2: Data Capture Architecture of Wireshark
Page | 5 Figure 3: Packet Data Path. Figure 1 shows the architecture of the Wireshark in which the packet capture and the packet analyzer are distinct modules of the Wireshark architecture. To capture traffic and analyzing it the user has to start an application such that a sender and a receiver of Internet traffic enter in an exchange of packets via the communication stack of every OS under which the Wireshark was installed.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Page | 6 Figure 4: Wireshark main window The Wireshark interface shown in Figure 4: Wireshark main window above, presents to the user five major components, namely: 1. The command menus which are standard pulldown menus located at the top of the window of Figure 4: Wireshark main window. Out of the 10 pull-down menus the File and Capture are the most important for the capturing and analyzing of the network traffic. 1.1. The File pull down menu allows you to save and export the captured packet data or open a file containing previously recorded traffic data. Also allows you to exit the Wireshark application as you can do the same from the Wireshark icon on the Task-Bar of the OS used. 1.2. The Capture menu main function is to start the traffic capture process. The capture process can also be started by pressing the Blue Shark Fin situated at the left-most corner of the Wireshark window. Close to the Blue Shark Fin icon is a Red square which stops the Wireshark capturing and analyzing processes. Clicking once the Blue Shark Fin, while the Wiredshark is in capturing state, the following window will open
Page | 7 Figure 5: Saving, or Clearing the traffic window It is advisable to “Click on Continue without Saving” as the captured traffic can attain a huge number of Bytes in no time (figure out that you capture a 10Gps traffic!) 2. The packet-listing window displays a one-line summary for each packet captured, including the packet number (assigned by Wireshark; this is not a packet number contained in any protocol’s header), the time at which the packet was captured, the packet’s source and destination addresses, the protocol type, and protocol-specific information contained in the packet. The packet listing can be sorted according to any of these categories by clicking on a column name. The protocol type field lists the highest-level protocol that sent or received this packet, i.e., the protocol that is the source or ultimate sink for this packet. 3. The packet-header details window provides details about the packet selected (highlighted) in the packet-listing window. (To select a packet in the packetlisting window, place the cursor ove r the packet’s one -line summary in the packet-listing window and click with the left mouse button.). These details include information about the Ethernet frame (assuming the packet was sent/received over an Ethernet interface) and IP datagram that contains this packet. The amount of Ethernet and IP-layer detail displayed can be expanded or minimized by clicking on the plus minus boxes to the left of the Ethernet frame or IP datagram line in the packet details window. If the packet has been carried over TCP or UDP, TCP or UDP details will also be displayed, which can similarly be expanded or minimized. Finally, details about the highest-level protocol that sent or received this packet are also provided. 4. The packet-contents window displays the entire contents of the captured frame, in both ASCII and hexadecimal format. 5. Towards the top of the Wireshark graphical user interface, is the packet display filter field, into which a protocol name or other information can be entered in order to filter the information displayed in the packet-listing window (and hence )the packet-header and packet-contents windows). Wireshark understands the PDUs from a lot of protocols. The list of all the available protocols can be found is you click on the Expression window which is placed on the right upper cornet of the main Wireshark window.
Page | 8 Figure 6: Protocol List Table You will be required to find out how many protocols can Wireshark capture and analyze in your first Wireshark Lab. Wireshark software can be downloaded for free, however if you will install it you have to agree that you will use it only on your computer and you will not use it for any commercial purpose. Wireshark is protected under the Gnu’s Not UNIX (GNU) General Public License (GPL) open -source license. 5. Running Wireshark Pressing the Wireshark Blue Shark Fin icon will produce the following start-up screen (Figure 7: Wireshark start-up screen). In the Capture window you have to select Ethernet”, if your computer is connected to the network via a NIC card and “Wi - Fi en0” If the connection to the network is done via a Wi -Fi point. Double clicking on the “Ethernet” or “Wi - Fi en0” window will start the Wireshark capturing process from your Ethernet card as shown in Figure 4: Wireshark main window.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Page | 9 Figure 7: Wireshark start-up screen Once you start the packet capture, you can stop it by using the Capture pull down menu and selecting Stop or you can click on the Red Button on the main menu bar. 6. Lab1: A Hands-On Wireshark Lab Use a computer connected to the Internet via a wired Ethernet interface. Do the following 1. Start up a web browser, which will display your selected homepage. 2. Start up the Wireshark software. You will initially see the Wireshark screen as shown in Wireshark has not yet begun capturing packets Figure 1 3. To begin packet capture, you have to activate the Capture Interface which in this case is Ethernet. You’ll see a list of the interfaces on your computer as well as a count of the packets that have been observed on that interface so far. Click on Start for the interface on which you want to begin packet capture (in the case, the Gigabitnetwork Connection). Packet capture will now begin - Wireshark is now capturing all packets being sent/received from/by your computer! 4. Once you begin packet capture, a window similar to that shown in Figure 4 will appear. This window shows the packets being captured. By selecting Capture pulldown menu and
Page | 10 selecting Stop, you can stop packet capture. But don’t stop packet capture yet. Let’s capture some interesting packets first. To do so, we’ll need to generate some network traffic. Let’s do so using a web browser, which will use the HTTP protocol that we will study in detail in class to download content from a website. 5. While Wireshark is running, enter the URL: http://www.ncct.uottawa.ca/ and have that page displayed in your browser. In order to display this page, your browser will contact the HTTP server at www.ncct.uottawa.ca and exchange messages with the server in order to download this page, as discussed in above. The Ethernet frames containing these HTTP messages (as well as all other frames passing through your Ethernet adapter) will be captured by Wireshark. 6. Set the Wireshark filter on HTTP by typing in “http” (without the quotes, and in lower case all protocol names are in lower case in Wireshark) into the display filter specification window at the top of the main Wireshark window. Then select Apply (to the right of where you entered “http”). This will cause only HTTP message to be displayed in the packet -listing After your browser has displayed the NCCT Lab web-page, stop Wireshark packet capture by selecting stop Wireshark as in Section 4, point 1.2. 7. The main Wireshark window should now look similar to Figure 8 below. Refresh now the HTTP window and Wireshark will display a live series of packet data that contains all protocol messages exchanged between your computer and the lab web-server. 8. The HTTP message exchanges with the ncct.uottawa.ca web server should appear somewhere in the listing of packets captured. Even though the only action you took was to download a web page, there were evidently many other protocols running on your computer that are unseen by the user. You now have live packet data that contains all protocol messages exchanged between your computer and other network entities! The HTTP message exchanges with the gaia.cs.umass.edu web server should appear somewhere in the listing of packets captured. But there will be many other types of packets displayed as well (see, e.g., the many different protocol types shown in the Protocol column in Figure 3). Even though the only action you took was to download a web page, there were evidently many other protocols running on your computer that are unseen by the user. 9. Find the HTTP GET message that was sent from your computer to the www.ncct.uottawa.ca HTTP server. (Look for an HTTP GET message in the “listing of captured packets” portion of the Wireshark window (see Figure 3) that shows “GET” followed by the www.ncct.uottawa.ca URL that you entered. When you select the HTTP GET message, the Ethernet frame, IP datagram, TCP segment, and HTTP message header information will be displayed in the packet-header window2. By clicking on right-pointing down- arrowheads to the left side of the packet details window, minimize the amount of Frame, Ethernet, Internet Protocol, and Transmission Control Protocol information displayed. Maximize the amount information displayed about the HTTP protocol. Your Wireshark display should now look roughly as shown in Figure 9. (Note, in particular, the minimized
Page | 11 amount of protocol information for all protocols except HTTP, and the maximized amount of protocol information for HTTP in the packet-header window). 10. Exit Wireshark. Figure 8: Cleaning the Wireshark Capture Window In the next labs you will be asked to answer specific questions related to the protocol explored. Whenever possible, when answering a question you should hand in a printout of the packet(s) within the trace that you used to answer the question asked. Annotate the printout to explain your answer. To print a packet, use File->Print , choose Selected packet only , choose Packet summary line, and select the minimum amount of packet detail that you need to answer the question. 7. Lab 2 on Wireshark In this lab we will investigate a few of the seven layers protocols. These are: Ethernet IEEE 802.3 ARP RFC 826
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Page | 12 IP RFC 791 The RFC1122 (from 1989!) covers the following communications protocol layers: link layer, IP layer, and transport layer; its companion RFC-1123 covers the application and support protocols. 8. Lab 2: Ethernet and Address Resolution Protocol 8.1. Ethernet Based on the example provided in Lab1, capture and analyze the Ethernet frames which are generated when a link between your computer and the web page which is displayed when the following url http://www.ncct.uottawa.ca/ncit/ is requested. You should get the following window as in Figure 9 below, with different numbers and letters. Figure 9: Captured Ethernet protocol data Note: The captured screen has sometimes information about protocols which we are not interested on as in the
Page | 13 Figure 10: Capturing also unwanted data You are asked to devise a procedure such that the captured traffic data is similar to the traffic displayed in Figure 9 above. This procedure is part of your report. You should describe it in technical terms. Based on the content of the Ethernet frame which corresponds to the HTTP GET message, provide in the answer to the following questions 1. What is the 48-bit Ethernet address of your computer? 2. What is the 48-bit destination address in the Ethernet frame? What device has this as its Ethernet address? [Note: this is an important question] 3. Give the hexadecimal value for the two-byte Frame type field. What upper layer protocol does this correspond to? 4. How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear in the Ethernet frame? 5. What is the value of the Ethernet source address? Is this the address of your computer?. What device has this as its Ethernet address? 6. What is the destination address in the Ethernet frame? Is this the Ethernet address of your computer? 7. Give the hexadecimal value for the two-byte Frame type field. What upper layer protocol does this correspond to? 8. How many bytes from the very start of the Ethernet frame does the AS CII “O” in “OK” (i.e., the HTTP response code) appear in the Ethernet frame? 8.2. ARP Caching
Page | 14 Preamble: ARP protocol typically maintains a cache of IP-to-Ethernet address translation pairs on your computer. The arp command (in both MSDOS and Linux/Unix) is used to view and manipulate the contents of this cache. The ARP protocol defines the format and meaning of the messages sent and received between your computer and the destination computer. It defines the actions taken on message transmission and receipt. The following is part of the ARP lab 1. Write down the contents of your computer’s ARP cache. What is the meaning of each column value? 2. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP request message? 3. Give the hexadecimal value for the two-byte Ethernet Frame type field. What upper layer protocol does this correspond to? 4. Download the ARP specification from http://www.erg.abdn.ac.uk/users/gorry/course/inet- pages/arp.html . 5. Questions: a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin? b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP request is made? c) Does the ARP message contain the IP address of the sender? d) Where in the ARP request does the “question” appear – the Ethernet address of the machine whose corresponding IP address is being queried? 6. Now find the ARP reply that was sent in response to the ARP request. a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin? b) What is the value of the opcode field within the ARP-payload part of the c) Where in the ARP message does t he “answer” to the earlier ARP request appear – the IP address of the machine having the Ethernet address whose corresponding IP address is being queried? 7. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP reply message? 8.3. Capturing IP packets This lab investigates capturing and analyzing of the IP protocol data. As such , IP packets will be captured with the Wireshark tools and the IP datagram will be explored. This will beexplored by analyzing a trace of IP datagrams sent and received by an execution of the traceroute program. We’ll investigate the various fields in the IP datagram, and study IP fragmentation in detail.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Page | 15 Windows. Start up Wireshark and begin packet capture (Capture->Start) and then press OK on the Wireshark Packet Capture Options screen. The tracert program provided with Windows does not allow changing the size of the ICMP echo request (ping) message sent by the tracert program. To be able to change the packet size you have to install the pingplotter package , available both in free version and shareware versions at http://www.pingplotter.com . Download and install pingplotter (professional edition) and test it out by performing a few traceroutes to your favorite sites. The size of the ICMP echo request message can be explicitly set in pingplotter by selecting the menu item Edit-> Options->Engine and then filling in Packet Size field with the desired packet size value. The default packet size is 56 bytes for the first packet capture process. Then change the packet size twice setting it to 2000, and 3500 respectively in asset of three different capture processes in total. Once pingplotter has sent a series of packets with the increasing TTL values, it restarts the sending process again with a TTL of 1, after waiting Trace Interval amount of time which can be set in the Interval window on the menu bar. The value of Trace Interval and the number of intervals can be explicitly set in pingplotter . Thus the packet capturing process starts with introducing the name of the pinged destination such as example.com or yahoo.com, etc. Once the target IP domain, the size of the packet and the interval set, press the Trace button. You should see a pingplotter window that looks like Figure 11 below Stop Wireshark tracing every time after you change the packet size in pingploter. 1. Select the first ICMP Echo Request message sent by your computer, and expand the Internet Protocol part of the packet in the packet details window. What is the IP address of your computer? 2. Within the IP packet header, what is the value in the upper layer protocol field? 3. How many bytes are in the IP header? How many bytes are in the payload of the IP datagram ? Explain how you determined the number of payload bytes. 4. Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented. 5. Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer? 6. Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why? 7. Describe the pattern you see in the values in the Identification field of the IP datagram 8. What is the value in the Identification field and the TTL field? 9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router? Why?
Page | 16 Figure 11: Pingploter Window 10. Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 2000. Has that message been fragmented across more than one IP datagram? 11. Print out the first fragment of the fragmented IP datagram. What information in the IP header indicates that the datagram been fragmented? What information in the IP header indicates whether this is the first fragment versus a latter fragment? How long is this IP datagram? 12. Print out the second fragment of the fragmented IP datagram. What information in the IP header indicates that this is not the first datagram fragment? Are the more fragments? How can you tell? 13. What fields change in the IP header between the first and second fragment? 14. How many fragments were created from the original datagram? 15. What fields change in the IP header among the fragments? 9. Lab 3: TCP, UDP and HTTP Traffic Capturing and Analysis 9.1. Capturing TCP traffic To capture TCP traffic you have to make a file transfer from your computer to a PDF converter such as the following http://www.pdfconvertonline.com/ . Note: You can use any other upload repository service taking into account the fact that the url of the service is not an https protocol driven document upload Internet service. Why do you have to use such an url and not the other?
Page | 17 y analyzing a trace of the TCP segments sent and received in transferring a 150KB file (containing the text of Lewis Carrol’s Alice’s Adventures in Wonderland ) from your computer file system to a remote server, you can observe the parameters set by your computer communication stack such as shown in Figure 12 . Figure 12: A typical TCP traffic captured with Wireshark NOTE: In order to capture the traffic in conditions leading to congestion, there is a need to send a large amount of packets targeting the same receiver. In this process an important factor plays the architecture of the receiving server. Usually, servers are designed to be scalable such that they can cope with average quantity of traffic. Virtualization and server farms can also fight the congestion. For this reason, you have to upload the txt file Alice in Wonderland on the following url: http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark-file1.html . This is an existing server in the Computer Networks Research Group lab of the University of Massachusetts at Amherst. Of course, loading their server is not regarded well by that group, so please, do not abuse of it. However, proceeding carefully you should proceed as shown below. Do the following:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Page | 18 Start up your web browser. Go the http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark- file1.html .and retrieve an ASCII copy of Alice in Wonderland. Store this file somewhere on your computer. The file contains three copies of the book, one after each other. Next go to http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark-file1.html . You should see a screen that looks like Figure 13: Figure 13: The uploading server of the UMASS NOTE: We use the UMASS uploading service hoping that we can create a congestion process as other services might have better hardware which with a good parallelization server might avoid buffer overloading. Use the Browse button in this form to enter the name of the file (full path name) on your computer containing Alice in Wonderland . Don’t yet press the “ Upload alice.txt file ” button. Now start up Wireshark and begin packet capture (Capture->Start) and then press OK on the Wireshark Packet Capture Options screen. Set the TCP filter on the Wireshark filter window. Returning to your browser, press the “ Upload alice.txt file ” button to upl oad the file to the gaia.cs.umass.edu server. Once the file has been uploaded, a short congratulations message will be displayed in your browser window.
Page | 19 Stop Wireshark packet capture. Your Wireshark window should look similar to the window shown in Figure 12 Answer the following questions for the TCP segments: 1. What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu? What is it in the segment that identifies the segment as a SYN segment? 2. What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN? What is the value of the Acknowledgement field in the SYNACK segment? How did http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark-file1.html . determine that value? What is it in the segment that identifies the segment as a SYNACK segment? 3. What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command you’ll need to dig into the packet content field at the bottom of the Wireshark window, looking for a segment with a “POST” within its DATA field. 4. Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. What are the sequence numbers of the first six segments in the TCP connection (including the segment containing the HTTP POST)? At what time was each segment sent? When was the ACK for each segment received? Given the difference between when each TCP segment was sent, and when its acknowledgement was received, what is the RTT value for each of the six segments? What is the EstimatedRTT value after the receipt of each ACK? Assume that the value of the EstimatedRTT is equal to the measured RTT for the first segment, and then is computed using the following equation: EstimatedRTT = (1 a ) EstimatedRTT + a SampleRTT Note: Wireshark has a nice feature that allows you to plot the RTT for each of the TCP segments sent. Select a TCP segment in the “listing of captured packets” window that is being sent from the
Page | 20 client to the gaia.cs.umass.edu server. Then select: Statistics->TCP Stream Graph->Round Trip Time Graph. 5. What is the length of each of the first six TCP segments? 6. What is the minimum amount of available buffer space advertised at the received for the entire trace? Does the lack of receiver buffer space ever throttle the sender? 7. Are there any retransmitted segments in the trace file? What did you check for (in the trace) in order to answer this question? 8. How much data does the receiver typically acknowledge in an ACK? Can you identify cases where the receiver is ACKing every other received segment (see Table 3.2 on page 250 in the text). 9. What is the throughput (bytes transferred per unit time) for the TCP connection? Explain how you calculated this value 10. Use the Time-Sequence-Graph(Stevens ) plotting tool to view the sequence number versus time plot of segments being sent from the client to the gaia.cs.umass.edu server. Can you identify where TCP’s slowstart phase begins and ends, and where congestion avoidance takes over? Comment on ways in which the measured data differs from the idealized behavior of TCP that we’ve studied in the text. 11. Answer each of two questions above for the trace that you have gathered when you transferred a file from your computer to gaia.cs.umass.edu 9.2. Capturing UDP traffic Start capturing packets in Wireshark and then do something that will cause your host to send and receive several UDP packets. It’s also likely that just by doing nothing (except capturing packets via Wireshark) that some UDP packets sent by others will appear in your trace. In particular, the Simple Net work Management Protocol (SNMP) sends SNMP messages inside of UDP, so it’s likely that you’ll find some SNMP messages (and therefore UDP packets) in your trace. After stopping packet capture, set your packet filter so that Wireshark only displays the UDP packets sent and received at your host. Pick one of these UDP packets and expand the UDP fields in the details window. If you are unable to find UDP packets or are unable to run Wireshark on a live network connection, you can download a packet trace containing some UDP packets. Answer the following questions” 1. Select one UDP packet from your trace. From this packet, determine how many fields there are in the UDP header. Name these fields. 2. By consulting the displayed information in Wireshark’s packet content field for this packet, determine the length (in bytes) of each of the UDP header fields. 3. The value in the Length field is the length of what? (You can consult the text for this answer). Verify your claim with your captured UDP packet. 4. What is the maximum number of bytes that can be included in a UDP payload?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Page | 21 5. What is the largest possible source port number? 6. What is the protocol number for UDP? Give your answer in both hexadecimal and decimal notation. To answer this question, you’ll need to look into the Protocol field of the IP datagram containing this UDP segment. 7. Examine a pair of UDP packets in which your host sends the first UDP packet and the second UDP packet is a reply to this first UDP packet. (Hint: for a second packet to be sent in response to a first packet, the sender of the first packet should be the destination of the second packet). Describe the relationship between the port numbers in the two packets. 9.3. Capturing HTTP traffic You have to download a very simple HTML file, one that is very short, and which does not contain embedded objects. Do the following: 1. Start up your web browser. 2. Start up the Wireshark packet sniffer, as described in the i ntroductory lab (but don’t yet begin packet capture). Enter “http” (just the letters, not the quo tation marks) in the display-filter- specification window, so that only captured HTTP messages will be displayed later in the packet-listing window. 3. Wait a bit more than one minute (we’ll see why shortly), and then begin Wireshark packet capture. 4. Enter the following to your browser http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html Your browser should display the very simple, one-line HTML file. 5. Stop Wireshark packet capture. By looking at the information in the HTTP GET and response messages, answer the following questions. 1. What version of HTTP is the server running? 2. What languages (if any) does your browser indicate that it can accept to the server? 3. What is the IP address of your computer? 4. What is the status code returned from the server to your browser? 5. When was the HTML file that you are retrieving last modified at the server? 6. How many bytes of content are being returned to your browser? 7. By inspecting the raw data in the packet content window, do you see any headers within the data that are not displayed in the packet-listing window? If so, name one 9.3.1. The HTTP CONDITIONAL GET/response interaction Most web browsers perform object caching and thus perform a conditional GET when retrieving an HTTP object. Before performing the steps below, make sure your browser’s cache is empty. Now do the following:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Page | 22 1. Start up your web browser, and make sure your browser’s cache is cleared, as discussed above. 2. Start up the Wireshark packet sniffer 3. Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark-labs/HTTP- wireshark-file2.html Your browser should display a very simple five-line HTML file. 4. Quickly enter the same URL into your browser again (or simply select the refresh button on your browser) 5. Stop Wireshark packet capture, and enter “http” in the display -filter-specification window, so that only captured HTTP messages will be displayed later in the packet-listing window. Answer the following questions: 6. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an “IF -MODIFIED- SINCE” line in the HTTP GET? 8. Inspect the contents of the server response. Did the server explicitly return the contents of the file? How can you tell? 9. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you see an “IF -MODIFIED- SINCE:” line in the HTTP GET? If so, what information follows the “IF -MODIFIED- SINCE:” header? 10. What is the HTTP status code and phrase returned from the server in response to this second HTTP GET? Did the server explicitly return the contents of the file? Explain. 9.3.2. Retrieving Long Documents Do the following: 1. Start up your web browser, and make sure your browser’s cache is cleared, as discussed above. 2. Start up the Wireshark packet sniffer 3. Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark- labs/HTTP-wireshark-file3.html Your browser should display the rather lengthy US Bill of Rights. 4. Stop Wireshark packet capture, and enter “http” in the display -filter-specification window, so that only captured HTTP messages will be displayed. In the packet-listing window, you should see your HTTP GET message, followed by a multiple-packet TCP response to your HTTP GET request. The HTTP response message of the HTTP GET, the HTML file is rather long, and at 4500 bytes is too large to fit in one TCP packet. The single HTTP response message is thus broken into several pieces by TCP, with each piece being contained within a separate TCP segment Wireshark indicates each TCP segment as a separate packet, and the fact that the single HTTP response was fragmented across multiple TCP packets is indicated by the “TCP segment of a reassembled PDU” in the Info column of the Wireshark display. Answer the following questions:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Page | 23 12. How many HTTP GET request messages did your browser send? Which packet number in the trace contains the GET message for the Bill or Rights? 13. Which packet number in the trace contains the status code and phrase associated with the response to the HTTP GET request? 14. What is the status code and phrase in the response? 15. How many data-containing TCP segments were needed to carry the single HTTP response and the text of the Bill of Rights? 9.3.3. HTML Documents with Embedded Objects Now that we’ve seen how Wireshark displays the captured packet traffic for large HTML files, we can look at what happens when your browser downloads a file with embedded objects, i.e., a file that includes other objects (in the example below, image files) that are stored on another server(s). Do the Do the following: 1. Start up your web browser, and make sure your browser’s cache is cleared, as discussed above 2. Start up the Wireshark packet sniffer 3. Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark- labs/HTTP-wireshark-file4.html . Your browser should display a short HTML file with two images. These two images are referenced in the base HTML file. That is, the images themselves are not contained in the HTML; instead the URLs for the i mages are contained in the downloaded HTML file. The publisher’s logo is retrieved from the gaia.cs.umass.edu web site. 4. Stop Wireshark packet capture, and enter “http” in the display -filter-specification window, so that only captured HTTP messages will be displayed. Answer the following questions: 16. How many HTTP GET request messages did your browser send? To which Internet addresses were these GET requests sent? 17. Can you tell whether your browser downloaded the two images serially, or whether they were downloaded from the two web sites in parallel? Explain. 9.3.4. HTTP Authentication The traffic analysis in the case of HTTPS web sites , which are password-protected, will be examined below looking at the sequence of HTTP messages exchanged between you computer and an HTTPS site. The URL to use for this experiment is: http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html which is password protected.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Page | 24 Username: “wireshark - students” password: “network” Do the following: 1. Make sure your browser’s cache is cleared, as discussed above, and close down your browser. Then, start up your browser 2. Start up the Wireshark packet sniffer 3. Enter the following URL into your browser: http://gaia.cs.umass.edu/wireshark- labs/protected_pages/HTTP-wiresharkfile5.html and type the requested user name and password into the pop up box. 4. Stop Wireshark packet capture, and enter “http” in the display -filter-specification window, so that only captured HTTP messages will be displayed later in the packet- listing window. Note: On authentication read the following material “HTTP Access Authentication Framework” at http://frontier.userland.com/stories/storyReader$2159 Now let’s examine the Wireshark output. Answer the following questions: 18. What is the server’s response (status code and phrase) in response to the initial HTTP GET message from your browser? 19. When your browser’s sends the HTTP GET message for the second time, what new field is included in the HTTP GET message? The username (wireshark-students) and password (network) that you entered are encoded in the string of characters (d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=) following the “Authorization: Basic” header in the client’s HTTP GET message. While it may appear that your username and password are encrypted, they are simply encoded in a format known as Base64 format. The username and password are not encrypted! To see this, go to http://www.motobit.com/util/base64-decoder-encoder.asp and enter the base64-encoded string d2lyZXNoYXJrLXN0dWRlbnRz and decode. As you can see you have translated from Base64 encoding to ASCII encoding, and thus should see your username! To view the password, enter the remainder of the string Om5ldHdvcms= and press decode. Since anyone can download a tool like Wireshark and sniff packets (not just their own) passing by their network adaptor, and anyone can translate from Base64 t ASCII (you just did it!), it should be clear to you that simple passwords on WWW sites are not secure unless additional measures are taken.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Page | 25 Fear not! There are though ways to make WWW access more secure. However, we’ll clearly need something that goes beyond the basic HTTP authentication framework! The simple protection mode is provided by using HTTPS instead of HTTP. This supplemented by OAuth which id an open standard for access delegation. It is commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Unit 4 Milestone Statistics.docx
ECE_260A_FALL_2023_LAB3.docx
IMG_1148.jpeg
Week1_LabAssignment1_.doc
EET221L_Wk1_Assignment_1.docx
Evaluating Learing and Instruction D172 Task 2.docx
PHYS_personSpreadsheet.docx
Emergency Official Interview.docx
Game3.pdf
ics400 1.png
Kirchoffs_Rule
_EEG assignment 6.docx
Related Questions
an someone explain to me the logic how to do this problem step by step I have the answers but I want to know how to do each part and understand the concepts of what is happening  in the circuit shown below
When a system has a permanent part and a removable part (such as a CD-ROM drive and the CD-ROM), it is important that the system be standardized, so that different companies can make both the permanent and removable parts and everything still works together. Give three examples outside the computer industry where such international standards exist. Now give three areas outside the computer industry where they do not exist.
Q3 Figure Q3 shows a functional block diagram of a digital circuit. Уз y2 Yo X3 X2 C3 C2 FA FA FA FA $3 $2 So V N (overflow) (negative) (zero) Figure Q3 (a) Name the circuit and explain the operation of the given FBD. (b) Discuss the importance of this circuit in digital hardware.
build an Arduino project that solves a real-world problem. This can be anything such asa motion detector, alarm, temperature reader, etc. It can be as simple or as complicated as youwould. NameDetail1. What problem does it solve?2. What improvements can be made to your device?3. Research: Is there a device that already solves this problem? (it’s ok if there is, how isit different and/or similar?)4. Hardware Parts Used:5. Photo or Screenshot of your Project (top view, pin layout should be clear):                 6. Code (minimal 25 lines of code)://code goes here
Please send the answer by typing only. I don't want handwritten.  The subject is ( Electronic Circuits ) Q4) Give the drain current equation of JFET.
I need the correct expert solution with explanation of the steps of the solution and the abbreviations, please.
Please answer question 1C, 1D with details on why its true or false. Please make handwriting legible. Thank you
Orders for a computer are summarized by the optional features that are requested. The proportion of orders with no optional features is 0.24. The proportion of orders with one optional feature is 0.38. The proportion of orders with more than one optional feature is 0.38. (a) What is the probability that an order requests at least one optional feature? Round your answer to two decimal places (e.g. 0.98). (b) What is the probability that an order does not request more than one optional feature? Round your answers to two decimal places (e.g. 0.98). (a) i (b) i
I need the answer as soon as possible
SEE MORE QUESTIONS
Recommended textbooks for you
Text book image
Introductory Circuit Analysis (13th Edition)
Electrical Engineering
ISBN:9780133923605
Author:Robert L. Boylestad
Publisher:PEARSON
Text book image
Delmar's Standard Textbook Of Electricity
Electrical Engineering
ISBN:9781337900348
Author:Stephen L. Herman
Publisher:Cengage Learning
Text book image
Programmable Logic Controllers
Electrical Engineering
ISBN:9780073373843
Author:Frank D. Petruzella
Publisher:McGraw-Hill Education
Text book image
Fundamentals of Electric Circuits
Electrical Engineering
ISBN:9780078028229
Author:Charles K Alexander, Matthew Sadiku
Publisher:McGraw-Hill Education
Text book image
Electric Circuits. (11th Edition)
Electrical Engineering
ISBN:9780134746968
Author:James W. Nilsson, Susan Riedel
Publisher:PEARSON
Text book image
Engineering Electromagnetics
Electrical Engineering
ISBN:9780078028151
Author:Hayt, William H. (william Hart), Jr, BUCK, John A.
Publisher:Mcgraw-hill Education,
SEE MORE TEXTBOOKS
Related Questions
Recommended textbooks for you
Text book image
Introductory Circuit Analysis (13th Edition)
Electrical Engineering
ISBN:9780133923605
Author:Robert L. Boylestad
Publisher:PEARSON
Text book image
Delmar's Standard Textbook Of Electricity
Electrical Engineering
ISBN:9781337900348
Author:Stephen L. Herman
Publisher:Cengage Learning
Text book image
Programmable Logic Controllers
Electrical Engineering
ISBN:9780073373843
Author:Frank D. Petruzella
Publisher:McGraw-Hill Education
Text book image
Fundamentals of Electric Circuits
Electrical Engineering
ISBN:9780078028229
Author:Charles K Alexander, Matthew Sadiku
Publisher:McGraw-Hill Education
Text book image
Electric Circuits. (11th Edition)
Electrical Engineering
ISBN:9780134746968
Author:James W. Nilsson, Susan Riedel
Publisher:PEARSON
Text book image
Engineering Electromagnetics
Electrical Engineering
ISBN:9780078028151
Author:Hayt, William H. (william Hart), Jr, BUCK, John A.
Publisher:Mcgraw-hill Education,
SEE MORE TEXTBOOKS