TCP Wireshark Lab – Working with a remote server.
You will go through the steps below,
use your captured wireshark file and the provided wireshark file (on D2L) to answer the
questions. When you have finished the lab you will submit the following:
1. This document with your answers provided in the appropriate places.
2. Your wireshark capture file as a zipped file.
STEPS:
1. Start up your web browser. Go the http://gaia.cs.umass.edu/wireshark-labs/alice.txt and
retrieve an ASCII copy of Alice in Wonderland. Store this file somewhere on your
computer.
2. Next go to http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark-file1.html.
3. Use the Browse button in this form to enter the name of the file (full path name) on your
computer containing Alice in Wonderland (or do so manually). Don’t press the “Upload
alice.txt file” button, yet!
4. Now start up Wireshark and begin packet capture (Capture->Start) and then press OK
on the Wireshark Packet Capture Options screen (we’ll not need to select any options
here).
5. Returning to your browser, press the “Upload alice.txt file” button to upload the file to
the gaia.cs.umass.edu server. Once the file has been uploaded, a short congratulations
message will be displayed in your browser window.
6. Stop Wireshark packet capture and save your capture file. Your Wireshark window
should look similar to the window shown below.
———————————————————————————————————————
————————————————-
PART 2: A first Look At the Captured Trace
Use the provided online capture (uploaded in D2L as a zip file – you will need to extract it
before opening in Wireshark) to answer the following:
�1. What is the IP address and TCP port number used by the client computer (source) that
is transferring the file to gaia.cs.umass.edu? To answer this question, it’s probably easiest
to select an HTTP message and explore the details of the TCP packet used to carry this
HTTP message, using the “details of the selected packet header window”. (5 pts answer, 5
pts explanation of which packet # you used to answer this question)
2. What is the IP address of gaia.cs.umass.edu? On what port number is it sending and
receiving TCP segments for this connection? (5 pts for answer, 5 pts for explanation of
which packet # )
Use your own Capture to answer the following:
3. What is the IP address and TCP port number used by your client computer (source) to
transfer the file to gaia.cs.umass.edu? (10 pts – with screenshot of your capture)
———————————————————————————————————————
————————————————-
PART 3: TCP Basics
4. What is the sequence number of the TCP SYN segment that is used to initiate the TCP
connection between the client computer and gaia.cs.umass.edu? What is it in the segment
that identifies the segment as a SYN segment? (5 pts for answer, 5 pts for packet #)
�5. What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the
client computer in reply to the SYN? What is the value of the Acknowledgement field in the
SYNACK segment? How did gaia.cs.umass.edu determine that value? What is it in the
segment that identifies the segment as a SYNACK segment? (5 pts for answer , 5 pts for
screenshot of highlighted packet)
6. What is the sequence number of the TCP segment containing the HTTP
POST command? Note that in order to find the POST command, you’ll need to dig into the
packet content field at the bottom of the Wireshark window, looking for a segment with a
“POST” within its DATA field. (5 pts for answer, 5 pts for screenshot of highlighted
packet)
7. Consider the TCP segment containing the HTTP POST as the first segment in the TCP
connection. What are the sequence numbers of the first six segments in the TCP connection
(including the segment containing the HTTP POST)? At what time was each segment sent?
When was the ACK for each segment received? (10 pts)
8. What is the length of each of the first six TCP segments? (10 pts)
9. What is the minimum amount of available buffer space advertised at the received for the
entire trace? Does the lack of receiver buffer space ever throttle the sender? (10 pts)
10. Are there any retransmitted segments in the trace file? What did you check for (in the
trace) in order to answer this question? (10 pts)
———————————————————————————————————————
————————————————-
PART 4: TCP Congestion Control In Action
STEPS:
1. Select a TCP segment in the Wireshark’s “listing of captured-packets” window. Then
select the menu : Statistics->TCP Stream Graph-> Time-SequenceGraph(Stevens).
QUESTIONS:
Answer Question 11 Using the provided Capture (Bonus: 10 pts)
11. Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number
versus time plot of segments being sent from the client to the gaia.cs.umass.edu server. Can
you identify where TCP’s slowstart phase begins and ends, and where congestion
avoidance takes over? Insert a screenshot of your Time-Sequence-Graph and explain your
answer.
