Question: This lab is designed to have you analyze a packet capture of TCP packets between the instructors (client) computer and a webserver. During this packet
This lab is designed to have you analyze a packet capture of TCP packets between the instructors (client) computer and a webserver.
During this packet capture, the following events have occurred:
STEP 1 - The user at the client computer opens http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark-file1.html
STEP 2 - The user selects the file Alice.txt on their computer and chooses Upload alice.txt file on the web server using the above page. (Note: Alice.txt is the complete text of the book Alice in Wonderland).
STEP 3 - The server responds to the request for the web page above and accepts the transfer of the Alice.txt file via TCP.
STEP 4 - After the upload, the server directs the client to open this webpage (http://gaia.cs.umass.edu/ethereal-labs/lab3-1-reply.htm) with a congratulations message.
We have captured this conversation between the client and the server with Wireshark and have posted it on Cloudshark (https://www.cloudshark.org/captures/d55a037d8f84) for you to review.
Questions for you to answer
Review this page (https://www.cloudshark.org/captures/d55a037d8f84). and answer the following questions. Provide annotated screen shots to support your answers where requested.
1. Now, locate the packet containing the HTTP GET command. Note that in order to find the packet, look for the GET command in the INFO column of the Cloudshark packet listing. What is the TCP Length? (Look for Len: in the Transmission Control Protocol headers in the center white section of CloudShark, not the Length Column in the green part). Now, find the ACK from the server back to the workstation (should be the next packet in the trace). What is the ACK number in the ACKnowledgement? Explain the relationship between this number and the TCP Length (above). Provide a screen shot or two showing these values.
2.Packet #12 in the trace starts the transfer of the upload of Alice.txt to the server. Look at the next several TCP Segments that go FROM THE CLIENT TO THE SERVER. Look into the details section of Cloudshark for each of these segments and identify the TCP Packet length of each of the next six (6) TCP segments that go from the client to the server. What are these lengths? Note, dont simply report the full Ethernet frame length that is what you see in packet top section of Cloudshark (in green). Instead go to the details section of Cloudshark (in white) and report the TCP Packet length. Provide a screen shot of one of these segments.
3. What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command, youll need to dig into the packet content field at the bottom of the Wireshark window, looking for a segment with a POST within its DATA field.
4.Consider the TCP segment containing the HTTP POST as the first segment in the TCPconnection. What are the sequence numbers of the first six segments in the TCP connection (including the segment containing the HTTP POST)? At what time was each segment sent?When was the ACK for each segment received? What is one of the SampleRTT values? What is the difference between SampleRTT and EstimatedRTT?
5.What is the length of each of the first six TCP segments?
6.What is the throughput (bytes / time) for the TCP connection? Explain how you calculated this value.
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help