Part 1: Wireshark. TCP - Transmission Control Protocol
In this practical part we would like to demonstrate how the basic functions of the TCP, namely,
• Linking to the Application Layer
• Segmenting
• Session management
are implemented in practical situations. We also need to know the structure of the TCP segment that you can conveniently access from http://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure
Download again from Moodle the Wireshark HTTP demo file WiresharkHTTPdemo090402.pcap and place it in a known folder, say, desktop. Invoke wireshark from the folder Start\Programs\Developments and open the demo file.
1. Linking to the Application Layer:
We start at the familiar frame 35. After selecting this frame in the top pane, in the middle pane select and expand the “Transmission Control Protocol” line.
a. Note the values of the source and destination ports.
b. Go to the frame 38 and again record the values of the source and destination port.
c. Describe the meaning of these values.
2. Segmenting
Start with the frame 42 (get Andrew’s photo)
a. How many TCP segments it takes to transmit the photo?
#Line no 112 to 43 = 71 and then ACK are 23. 71-23 = 48 -1 = 47
b. What is the total size of the photo?
66694
c. Read first about the “continuous ARQ” and then answer how many times the transmission of the photo segments have been acknowledged.
23
d. Give the numbers of the acknowledgment frames.
46,49,52,55,58,61,64,67,70,73,76,79,82,85,88,91,94,97,100,103,106,109,112
2-2
3. Session management
a. Identify from which packet or frame the start of TCP session between the
client (192.6168.1.2) and Server (130.194.64.145) is established. List the steps
required for session layer to identify the start and establishment of a session
between the communicating peers.
ip.src == 130.194.64.145 and ip.dst == 192.168.1.2 starts from line number 33
ip.src == 192.168.1.2 and ip.dst == 130.194.64.145 starts from line number 30
Wireshark Queried
3 WAYS HANDSHAKE
b. Identify from which packet or frame the ending of TCP session between the
client (192.6168.1.2) and Server (130.194.64.145) is finished. List the steps
required for session layer to identify the termination and finishing of a session
between the communicating peers.
3 WAYS HANDSHAKE -ACK AND SYN 30,33,34 STEPS PROCESS
4 WAYS ENDING WITH THE KEYOWRD - FIN
4. The length of the Ethernet frame
Verify that the Ethernet II frame does not have any information about its length.
Instead, it is dependent on the information supplied by the IP header:
8000 - IPV4
86DD - IPV6
TOTAL LENGHT - UNDER IP + 14 = 54 IPV4
TOTAL LENGHT - UNDER IP + 14 + 40 = 54 IPV6
1. What does the transport layer do?
Links Application to the network
2. What does the network layer do?
Routing and addressing
3. Compare and contrast the types of addresses used in a network.
Application layer address (www.google.com)Protocol Http
Network layer address (546.45.23.14 four bytes - protocol IP)
Data link layer address (6 bytes hexa decimal addressing 00-55-d4-gf-gg-55) Ethernet addressing
4. What is the function of Transport layer protocols TCP and UDP, Distinguish TCP from UDP protocol?
TCP - A typical TCP segment has 24 beyts or 192 bit header of control information which has information about the sender / receiver 's application layer. The message in receivers end tells in which application program it should be sent to. It also says which application was used at senders end to generate the message. TCP header also has a seq which helps to assemble tcp segments and complete the message. This makes sure no packet gets missed or lost. Requires connection ,Example web surfing.
UDP - TCP / IP has a second type of transport layer protocol which is called User datagram Protocol. It gets used for sending small messages which dont require to be segmented. It holds it has only 4 fields (8 bytes) plus application layer packet. It doesnt check for sequence so occasionally data gets lost. Connection less protocol. Example - IPTV, multilayer online games, satellite cast for an live event.
5. How does TCP establish a connection? Explain the three-way handshake?
Host A sends a TCP SYNchronize packet to Host B
Host B receives A's SYN
Host B sends a SYNchronize-ACKnowledgement
Host A receives B's SYN-ACK
Host A sends ACKnowledge
Host B receives ACK.
TCP socket connection is ESTABLISHED.
Ref - 3 way handshake
6. Explain briefly different classes of networks? What is a subnet and why do networks need them?
Class A from N.H.H.H from 1 to 127
Class B from N.N.H.H from 128 to 127+64 = 191
Class C from N.N.N.H from 192 to 191+32 = 223
Dividing a network or logical partition or distribution of the network to organise and control the network flow is called subnet.
7. What is a subnet mask? And how is it related to different class of networks?
8. How does dynamic addressing work?
9. What benefits and problems does dynamic addressing provide?
10. What is address resolution (translation)? Explain how a DNS server does name resolution.
11. How is address resolution performed for network layer addresses?
12. How is address resolution performed for data link layer addresses?
