ssh.pcap

1. Identify the frames in your Wireshark capture that are part of the ssh connection establishment sequence. If you want to reduce the frames captured that are unrelated to your ssh connection, you can use the Wireshark filter and filter only for tcp. Answer the following questions: 1. What are the Wireshark frame numbers of the frames used in the TCP connection establishment sequence. 2. Provide a brief description of each of the frames you identified in terms of their role in establishing the TCP connection. 2. What is the server port number being used by this TCP connection? 3. What is the client port number being used by this TCP connection? 4. Identify the frames in your Wireshark capture file that are part of the ssh connection termination sequence and answer the following questions (you should see 3 frames): 1. What are the Wireshark frame numbers of the frames used in the TCP connection termination sequence. 2. Provide a brief description of each of the frames you identified in terms of their role in terminating the TCP connection. 5. Somewhere between the establishment and termination, choose any TCP ACK frame that is sent from the SSH server to the client and answer the following questions: 1. What frame number did you choose? 2. What is next sequence number that the SSH server expects the client to send? How did you determine this? 3. In which subsequent frame number is that next sequence number sent from the client to the server? 6. What is the final window size that the SSH server has granted to the client?