Now answer the questions below⁴. If youre unable to run Wireshark on a live network connection or are answering questions via an LMS, you can download a packet trace file that was captured while following the steps above⁵. 1. Which of the following protocols are shown as appearing (i.e., are listed in the Wireshark protocol column) in your trace file: TCP, QUIC, HTTP, DNS, UDP, TLSv1.2? 2. How long did it take from when the HTTP GET message was sent until the HTTP OK reply was received? (By default, the value of the Time column in the packet-listing window is the amount of time, in seconds, since Wireshark tracing began.

³ Recall that the HTTP GET message that is sent to the gaia.cs.umass.edu web server is contained within a TCP segment, which is contained (encapsulated) in an IP datagram, which is encapsulated in an Ethernet frame. If this process of encapsulation isnt quite clear yet, review section 1.5 in the text ⁴ For the authors class and written answers, students print out the GET and response messages and indicate where in the message theyve found the information that answers a question. They do this by marking paper copies with a pen or annotating electronic copies with text in a colored font. There are LMS modules for teachers that allow students to answer these questions online and have answers auto-graded for these Wireshark labs at http://gaia.cs.umass.edu/kurose_ross/lms.htm ⁵ You can download the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces-8.1.zip and extract the trace file intro-wireshark-trace1-1. This trace file can be used to answer these Wireshark lab questions without actually capturing packets on your own. Each trace was made using Wireshark running on one of the authors computers, while performing the steps indicated in the Wireshark lab. Once youve downloaded a trace file, you can load it into Wireshark and view the trace using the File pull down menu, choosing Open, and then selecting the trace file name.

(If you want to display the Time field in time-of-day format, select the Wireshark View pull down menu, then select Time Display Format, then select Time-of-day.) 3. What is the Internet address of the gaia.cs.umass.edu (also known as www-net.cs.umass.edu)? What is the Internet address of your computer or (if you are using the trace file) the computer that sent the HTTP GET message? To answer the following two questions, youll need to select the TCP packet containing the HTTP GET request (hint: this is packet number 2866). The purpose of these next two questions is to familiarize you with using Wiresharks Details of selected packet window; see Figure 3. To do this, click on Packet 286 (your screen should look similar to Figure 3). To answer the first question below, then look in the Details of selected packet window toggle the triangle for HTTP (your screen should then look similar to Figure 5); for the second question below, youll need to expand the information on the Transmission Control Protocol (TCP) part of this packet.

4. Expand the information on the HTTP message in the Wireshark Details of selected packet window (see Figure 3 above) so you can see the fields in the HTTP GET request message. What type of Web browser issued the HTTP request? The answer is shown at the right end of the information following the User-Agent: field in the expanded HTTP message display. [This field value in the HTTP message is how a web server learns what type of browser you are using.] Firefox, Safari, Microsoft Internet Edge, Other 5. Expand the information on the Transmission Control Protocol for this packet in the Wireshark Details of selected packet window (see Figure 3 in the lab writeup) so you can see the fields in the TCP segment carrying the HTTP message. What is the destination port number (the number following Dest Port: for the TCP segment containing the HTTP request) to which this HTTP request is being sent? And finally ... 6. Print the two HTTP messages (GET and OK) referred to in question 2 above. To do so, select Print from the Wireshark File command menu, and select the Selected Packet Only and Print as displayed radial buttons, and then click OK.