Understanding TCP Segments
Note: Everything must be typed and drawn via computer!
A- Download Example A file. Answer the following questions:
1- Consider Frame 1. How large is it in terms of number of bytes?
2- Using the Flow Graph feature (Statistics -> Flow Graph) take a snap shot of your results.
3- In frame 2 which flags are set?
4- What is the average window size in this connection?
5- Using Statistics ->TCPStreamGraph -> Window plot the announced window sizes.
6- Go to Edit -> Preference -> Protocols -> TCP and uncheck the box next to Relative Sequence Number & Window Scaling. What happens? Make sure it is Checked.
7- Carefully observe the timing between packets. How is transmission time of Frames 3, 4, & 5 changing? Explain what is happening.
8- What are the key differences between Frames 4 and 5?
9- Go to Statistics -> TCPStreamGraph -> TimeSequenceGraph. What do you see? Show your plot.
10- Plot the throughput graph for this connection. What is happening?
11- Go to Coloring Rules. Select Bad TCP. Note the conditions. Change the Foreground to RED and Background to YELLOW. What happens?
B- Download Example B file. Answer the following questions. Make sure the Relative Sequence Number is unchecked as explained above.
1. Using a timing diagram show all the TCP segments exchanged between the source and destination. You must include Seq#, Data Size, ACK#, for each TCP segment. You graph will be a more detailed version of what you see using Statistics -> Flow Graph.
2. Explain what the relationship between ACK and Seq# is.
3. What type of application the client is trying to access in this case.
4. How many retransmission packets (if any) are in this connection?
5. Try to filter tcp.analysis.flags. What happens?
6. Explain why 172.31.136.84 sends so many duplicated packets. What is it expecting? Be specific. You can use FlowGraph results.
7. Explain how the Seq# is calculate in Frame 9.
C- Download Example C file. Answer the following questions. Make sure the relative timing between packets is set.
1. How does Wireshark know a TCP segment is a KeepAlive segment?
2. Explain how often the KeepAlive packets are transmitted.
3. How many bytes are in a KeepAlive segment. Explain. Note that the LEN is zero!
4. What is the purpose of transmitting Frame 4 and 6?
5. What happens after receiving a KeepAlive Packet? What does the node do?
D- Download Example D file. Answer the following questions. Assume 172.16.0.8 is the attacker and 184.108.40.206 is the victim. Make sure the relative timing between packets is set.
E- Download Example E file. Use this for class excercise.