Scribd
Upload
505 views2 pages

CS2105 DIY Exercise 2

This document provides instructions for using Wireshark to analyze network packets for a networking exercise. It instructs the user to: 1. Download and install Wireshark. Filter for TCP port 80 and capture packets while making an HTTP request. This captures connection establishment packets. 2. Make a telnet request to a website and capture the connection termination packets. 3. Remove the port filters, capture new packets making an HTTP GET request, and analyze sequence numbers and packets that indicate lost or retransmitted packets. It asks the user to observe how sequence numbers change and to count ACK and data packets to understand why the ACK to data ratio is not equal to one.

Uploaded by

weitsang
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
505 views2 pages

CS2105 DIY Exercise 2

This document provides instructions for using Wireshark to analyze network packets for a networking exercise. It instructs the user to: 1. Download and install Wireshark. Filter for TCP port 80 and capture packets while making an HTTP request. This captures connection establishment packets. 2. Make a telnet request to a website and capture the connection termination packets. 3. Remove the port filters, capture new packets making an HTTP GET request, and analyze sequence numbers and packets that indicate lost or retransmitted packets. It asks the user to observe how sequence numbers change and to count ACK and data packets to understand why the ACK to data ratio is not equal to one.

Uploaded by

weitsang
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

National University of Singapore

School of Computing
CS2105 DIY Exercise 2 Semester 2 10/11

You may run the following on Linux, Mac OS X, or Microsoft Windows. The behaviour
may be slightly different (but should not impact your learning).
You need a network connection for this exercise. Bad network connection (e.g., wifi with
weak signal) works better for this exercise.

HAVE FUN, AND BE CURIOUS

Wireshark is a GUI tool for capturing and analyzing network packets. It is freely available
on http://www.wireshark.org/
Download and install wireshark on your computer. You will need it for this exercise and
future exercises.
It is best if you stop running as many networked programs as possible, and close any many
browser windows/tab as possible.
1. Launch Wireshark. In the field “Filter:”, enter

tcp.port == 80

and click “Apply.”


Under “Edit” → “Preferences..” → “Protocols” → “TCP”, make sure that the option
“Relative sequence numbers and window scaling” is turned off, and “Analyze TCP sequence
numbers” is turned on.
Start capturing packets by typing Ctrl-E.
If you are running any application that uses HTTP, you should see some packets being
listed, ignore them.
2. On a terminal, run

telnet www.nus.edu.sg 80

Wait until the connection closes. Type Ctrl-E in Wireshark to stop capturing.
Wireshark have captured the TCP packets exchanged between your computer and www.nus.edu.sg.
A sequence of exchanges between two host/ports is called a conversation. You can right
click on a packet that belongs to that conversation and choose “Conversation Filter” →
“TCP”, to show only that conversation. You may want to colorize the conversation so that
the text is easier to read.
You should now see seven packets, three for connection establishment, four for connection
termination. Examine various header fields in the TCP headers of these seven packets,
relate them to what you have learnt about the functions of these fields, and how TCP
establishes/terminates connection.
3. At your display filter, you should now see a filter with four conditions, two for IP addresses
and two for TCP port numbers. This display filter is set for you when you chose to filter a
conversation.
Now edit the field ”Filter:” to remove the conditions involving TCP ports.
Start capturing again with Control-E (if you are asked to save a previous capture, just
answer the question and continue).
On a terminal, run
curl www.nus.edu.sg

You should now see a longer conversation that includes some HTTP request/response ex-
changes between your computer and www.nus.edu.sg.
Wait until the connection closes. Type Ctrl-E in Wireshark to stop capturing.
(a) Look through the TCP sequence numbers and ACK numbers exchanged carefully.
Observe how the sequence numbers and ACK numbers changes.
(b) Look for packets that are marked as “TCP Out-Of-Order,” “TCP Previous segment
lost,” “TCP Dup ACK,” “TCP Retransmission,” or “TCP Fast Retransmission” (You
may not necessary find such packets in your trace, especially if you are on a good
connection). Observe the sequence numbers and ACK numbers of such packets and
the packets before/after.
(c) Roughly count the number of ACK packets and data packets. What is the ratio of the
number of ACK packets to data packets?
Why isn’t the ratio equal to one?

THE END

Page 2

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy