Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Please can some expain this to me Wireshark lab https://www.wireshark.org/docs/wsug_html_chunked/ChUsePacketListPaneSection.html https://www.wireshark.org/docs/wsug_html_chunked/ChUsePacketListPaneSection.html The Len value in the packet list (top) pane is the length of a

Please can some expain this to me Wireshark lab https://www.wireshark.org/docs/wsug_html_chunked/ChUsePacketListPaneSection.html

https://www.wireshark.org/docs/wsug_html_chunked/ChUsePacketListPaneSection.html

The Len value in the packet list (top) pane is the length of a complete frame (unit of data at the link layer). You can see this by clicking packet #1 and examining the frame summary, which says 74 bytes on wire. This is confirmed by expanding the summary, and noting that the Frame Length is 74 bytes.

In packet #1 viewed in the top pane, we can see that the source port is 54481 (an ephemeral port) and the destination is port 80 (a well-known port). Explain what these terms mean and why these particular ports are being used: (1) ________________________________________________________________.

The Maximum Segment size is set in the Options field of the TCP header. Here (in packet #1) it is set to 1,460 bytes (MSS=1,460). This value is chosen because many networks use Ethernet technology, which allows a maximum payload (data to be carried) size of 1,500 bytes. A segment is the unit of data sent by TCP. Given that the Ethernet maximum payload size is 1,500 bytes, if we sent a TCP segment larger than 1,500 bytes (which, after all, would have to be encapsulated in an Ethernet frame), then we would have to break up the segment to enable it to fit in the frame, which would be a lot of work (and, we would have to reassemble it later). It is better to limit the size of a segment to what will fit into an Ethernet frame.

Every segment contains a TCP header (the minimum TCP header length is 20 bytes) and is encapsulated in an IP packet which has a minimum IP header length of 20 bytes. If we subtract the IP and TCP header lengths from the 1,500 byte length of the Ethernet frame (which encapsulates the IP packet), that leaves 1,460 bytes for the TCP payload (one full segment when the MSS is 1,460).

Label the diagram below with the header and payload lengths from packet #4. You can omit the Ethernet trailer, which is not displayed by Wireshark and not included in the length of the Ethernet frame by Wireshark. The field lengths are depicted in slide 46.

Now, lets examine the three-way handshake depicted in packets 1 through 3.

The three packets constituting the handshake contain no data only headers are present. Lets explain why this is so. Looking at the first packet in the packet list pane, the Len (length) of the data carried in the packet is 0. You can also see this by expanding the TCP layer analysis in the packet details (middle) pane and finding [TCP Segment Len: 0]. The brackets indicate this was computed by Wireshark and is not part of the TCP header. To verify this, look again at the first packet in the packet list (upper) pane; the Length of the frame is 74 bytes. This can also be seen by examining the frame layer analysis in the packet details pane; it indicates that there are 74 bytes on wire. Based on the research you did to fill in the diagram above, you know the length of the Ethernet header at the start of the Ethernet frame. your diagram. Subtracting the length of the Ethernet header from the length of the Ethernet frame leaves 60 bytes for the IP packet, which is encapsulated in the Ethernet frame. The IP packet in turn encapsulates the TCP segment. Expand the IP layer analysis in the middle pane. What is the value of the Total Length field, also seen in slide 62? (3) _____ This is the length of the packet, i.e., it does not include the Ethernet header (as confirmed by your diagram), but does include the encapsulated TCP segment. What is the length of the IP header? (4) _____ The header length in this instance is the standard length of the IP header (this is the IHL or Internet header length field in the IP header slide, slide 62), the IP header, so this tells you that there are no options present in the IP header. And, looking at the IP header slide, the last standard IP header field is the Destination Address. Looking at the Wireshark middle pane, we can see that the last field of the IP header is the Destination, confirming that there are no other IP header fields. Items in brackets, such as [Source GeoIP: Unknown] are not in the header, but are extra information added by Wireshark.

Look at the note at the bottom of the TCP header slide (slide 76). It says TCP data length = IP length - IP header length (minimum 20) TCP header length (minimum 20). The TCP header of this segment contains option fields. To determine the length of the TCP header, expand the TCP header in the middle pane. What is the value of the Header Length field (Data offset in slide 76) as displayed in the middle pane? (5) _____. The header is composed of the standard 20 byte of TCP header plus (6) _____ bytes of options (this can also be seen by examining the Options information at the bottom of the middle pane: Options: This field is expressed in the header as the number of words (a word is four bytes or 32 bits) in the header. (7) So, the TCP data length = IP length (____) - IP header length (____) TCP header length (____) = ____.

Lets now look at what data actually looks like in a packet (in this example, I am referring to the content of the header itself). Of course, the content of the packet is zeroes and ones. Interpreting binary data is very tedious, so we use a short-hand to describe the data, using hexadecimal (base 16) rather than binary (base 2). This is convenient because four binary bits equal one hexadecimal digit, so we can express every group of four bits as one simpler hexadecimal digit (see the Hexadecimal slide). Select the Header Length field (Data offset in slide 76) as displayed in the middle pane. Per the TCP header slide, the Data offset is 4 bits (one hex digit) long. The smallest area that can be highlighted in the packet bytes pane (lower pane) is one byte, represented as two hex digits. We see that a0 is highlighted. This corresponds to a single byte, represented by one hex digit for the first four bits of the byte and a second hex digit for the last four bits of the byte. Since we know that the Data offset is four bits long, we are only interested in the first of these hex digits. Looking at the lower pane, the highlighted value is a0 representing the 8 bits of a byte. As mentioned above, we are interested in the four bits (one hex digit) representing the Data offset. This is the first of the two highlighted hex digits, the a in a0. Looking at the hexadecimal slide, we can see that A has the value of ten when it is in the first position (column) of a hex number. So, the length of the header is expressed as A, or 10, multiplied by the value of 160, which is one (any number to the zeroth power = 1). So, A, or ten (decimal), times 160, or 1 = 10 words, (or 40 bytes).

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

How Do I Use A Database Research Tools You Can Use

Authors: Laura La Bella

1st Edition

1622753763, 978-1622753765

More Books

Students also viewed these Databases questions

Question

List different probability sampling techniques.

Answered: 1 week ago

Question

1 The difference between a command system and a market system.

Answered: 1 week ago

Question

4 How the market system adjusts to change and promotes progress.

Answered: 1 week ago