Question
Analysis packet Frame 1. From the frame 119. What might cause the sender to send this packet? From frame 119 Frame 119: 1514 bytes on
Analysis packet Frame
1. From the frame 119. What might cause the sender to send this packet? From frame 119
Frame 119: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits)
Encapsulation type: Ethernet (1) Arrival Time: Jun 13, 2008 04:36:28.222998000 ?????????? [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1213295788.222998000 seconds [Time delta from previous captured frame: 0.000038000 seconds] [Time delta from previous displayed frame: 0.000038000 seconds] [Time since reference or first frame: 4.005545000 seconds] Frame Number: 119 Frame Length: 1514 bytes (12112 bits) Capture Length: 1514 bytes (12112 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] [Coloring Rule Name: Bad TCP] [Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update] Ethernet II, Src: Dell_0b:ff:bc (00:18:8b:0b:ff:bc), Dst: Dell_0c:2a:db (00:18:8b:0c:2a:db) Destination: Dell_0c:2a:db (00:18:8b:0c:2a:db) Source: Dell_0b:ff:bc (00:18:8b:0b:ff:bc) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 11.0.0.2, Dst: 10.0.0.2 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 1500 Identification: 0xb92f (47407) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x66e9 [validation disabled] [Header checksum status: Unverified] Source: 11.0.0.2 Destination: 10.0.0.2 [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: 52000, Dst Port: 5038, Seq: 43449, Ack: 1, Len: 1448 Source Port: 52000 Destination Port: 5038 [Stream index: 0] [TCP Segment Len: 1448] Sequence number: 43449 (relative sequence number) [Next sequence number: 44897 (relative sequence number)] Acknowledgment number: 1 (relative ack number) 1000 .... = Header Length: 32 bytes (8) Flags: 0x010 (ACK) Window size value: 46 [Calculated window size: 5888] [Window size scaling factor: 128] Checksum: 0x1ad2 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps TCP Option - No-Operation (NOP) TCP Option - No-Operation (NOP) TCP Option - Timestamps: TSval 12096953, TSecr 6373956 [SEQ/ACK analysis] [iRTT: 0.055740000 seconds] [Bytes in flight: 52128] [Bytes sent since last PSH flag: 31856] [TCP Analysis Flags] TCP payload (1448 bytes) Retransmitted TCP segment data (1448 bytes)
2.From the packet number 425. Which host does an active close?
Frame 425: 322 bytes on wire (2576 bits), 322 bytes captured (2576 bits) Encapsulation type: Ethernet (1) Arrival Time: Jun 13, 2008 04:36:42.361896000 ?????????? [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1213295802.361896000 seconds [Time delta from previous captured frame: 0.000009000 seconds] [Time delta from previous displayed frame: 0.000009000 seconds] [Time since reference or first frame: 18.144443000 seconds] Frame Number: 425 Frame Length: 322 bytes (2576 bits) Capture Length: 322 bytes (2576 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:data] [Coloring Rule Name: TCP SYN/FIN] [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1] Ethernet II, Src: Dell_0b:ff:bc (00:18:8b:0b:ff:bc), Dst: Dell_0c:2a:db (00:18:8b:0c:2a:db) Destination: Dell_0c:2a:db (00:18:8b:0c:2a:db) Source: Dell_0b:ff:bc (00:18:8b:0b:ff:bc) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 11.0.0.2, Dst: 10.0.0.2 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 308 Identification: 0xb9cc (47564) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x6af4 [validation disabled] [Header checksum status: Unverified] Source: 11.0.0.2 Destination: 10.0.0.2 [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: 52000, Dst Port: 5038, Seq: 299745, Ack: 1, Len: 256 Source Port: 52000 Destination Port: 5038 [Stream index: 0] [TCP Segment Len: 256] Sequence number: 299745 (relative sequence number) [Next sequence number: 300002 (relative sequence number)] Acknowledgment number: 1 (relative ack number) 1000 .... = Header Length: 32 bytes (8) Flags: 0x019 (FIN, PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [TCP Flags: APF] Window size value: 46 [Calculated window size: 5888] [Window size scaling factor: 128] Checksum: 0x162a [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps TCP Option - No-Operation (NOP) TCP Option - No-Operation (NOP) TCP Option - Timestamps: TSval 12100487, TSecr 6375370 [SEQ/ACK analysis] [iRTT: 0.055740000 seconds] [Bytes in flight: 20529] [Bytes sent since last PSH flag: 1704] TCP payload (256 bytes) Data (256 bytes) Data: 000000000000000000000000000000000000000000000000... [Length: 256]
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Database Horse Betting The Road To Absolute Horse Racing 2
Authors: NAKAGAWA,YUKIO
1st Edition
B0CFZN219G, 979-8856410593
