Wireshark tcp - 2110165028
1 like25,906 views
The document summarizes the analysis of a TCP packet trace file between a client computer and a server. It contains the answers to 12 questions about the TCP connection details that can be observed from the trace file, including IP addresses, port numbers, sequence numbers, timestamps, packet sizes, throughput calculation. The analysis found that the connection was established successfully with no retransmissions, and the server acknowledged varying amounts of received data with some cases of acknowledging every other segment.
Wireshark tcp - 2110165028
- 1. LAPORAN TUGAS WIRESHARK TCP JARINGAN KOMPUTER Nanda Afif Ashari 2110165028
- 2. 2NANDA AFIF ASHARI | 2110165028 Buka wireshark dengan tcp-ethereal trace 1 TCP Basics Answer the following questions for the TCP segments: 1. What is the IP address and TCP port number used by your client computer source) to transfer the file to gaia.cs.umass.edu? Client computer (source) IP address: 192.168.1.102 TCP port number: 1161 2. What is the IP address and port number used by gaia.cs.umass.edu to receive the file. Destination computer: gaia.cs.umass.edu IP address: 128.119.245.12 TCP port number: 80 3. If you did this problem on your own computer, you’ll have your own solution
- 3. 3NANDA AFIF ASHARI | 2110165028 4. What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu? What is it in the segment that identifies the segment as a SYN segment? Solution: Sequence number of the TCP SYN segment is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu. The value is 0 in this trace.The SYN flag is set to 1 and it indicates that this segment is a SYN segment.
- 4. 4NANDA AFIF ASHARI | 2110165028 5. What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN? What is the value of the ACKnowledgement field in the SYNACK segment? How did gaia.cs.umass.edu determine that value? What is it in the segment that identifies the segment as a SYNACK segment? Solution: Sequence number of the SYNACK segment from gaia.cs.umass.edu to the client computer in reply to the SYN has the value of 0 in this trace.The value of the ACKnowledgement field in the SYNACK segment is 1. The value of the ACKnowledgement field in the SYNACK segment is determined by gaia.cs.umass.edu by adding 1 to the initial sequence number of SYN segment from the client computer (i.e. the sequence number of the SYN segment initiated by the client computer is 0.). The SYN flag and Acknowledgement flag in the segment are set to 1 and they indicate that this segment is a SYNACK segment.
- 5. 5NANDA AFIF ASHARI | 2110165028 6. What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command, you’ll need to dig into the packet content field at the bottom of the Wireshark window, looking for a segment with a “POST” within its DATA field. Solution: segment is the TCP segment containing the HTTP POST command. The sequence number of this segment has the value of 164041. 7. Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. What are the sequence numbers of the first six segments in the TCP connection (including the segment containing the HTTP POST)? At what time was each segment sent? When was the ACK for each segment received? Given the difference between when each TCP segment was sent, and when its acknowledgement was received, what is the RTT value for each of the six segments? What is the EstimatedRTT value (see page 237 in text) after the receipt of each ACK? Assume that the value of the EstimatedRTT is equal to the measured RTT for the first segment, and then is computed using the EstimatedRTT equation on page 237 for all subsequent segments. Note: Wireshark has a nice feature that allows you to plot the RTT for each of the TCP segments sent. Select a TCP segment in the “listing of captured packets” window that is being sent from the client to the gaia.cs.umass.edu server. Then select: Statistics->TCP Stream Graph->Round Trip Time Graph
- 6. 6NANDA AFIF ASHARI | 2110165028 8. What is the length of each of the first six TCP segments? Solution: Length of the first six TCP segment : 1460 bytes
- 7. 7NANDA AFIF ASHARI | 2110165028 9. What is the minimum amount of available buffer space advertised at the received for the entire trace? Does the lack of receiver buffer space ever throttle the sender? Solution: The minimum amount of buffer space (receiver window) advertised at gaia.cs.umass.edu for the entire trace is 5840 bytes, which shows in the first acknowledgement from the server. This receiver window grows steadily until a maximum receiver buffer size of 62780 bytes. The sender is never throttled due to lacking of receiver buffer space by inspecting this trace. 10. Are there any retransmitted segments in the trace file? What did you check for (in the trace) in order to answer this question? Solution: There are no retransmitted segments in the trace file. We can verify this by checking the sequence numbers of the TCP segments in the trace file. In the Time-Sequence-Graph (Stevens) of this trace, all sequence numbers from the source (192.168.1.102) to the destination (128.119.245.12) are increasing monotonically with respect to time. If there is a retransmitted segment, the sequence number of this retransmitted segment should be smaller than those of its neighboring segments.
- 8. 8NANDA AFIF ASHARI | 2110165028 11. How much data does the receiver typically acknowledge in an ACK? Can you identify cases where the receiver is ACKing every other received segment (see Table 3.2 on page 247 in the text). Solution: The acknowledged sequence numbers of the ACKs are listed as follows. acknowledged sequence number acknowledged data ACK 1 566 566 ACK 2 2026 1460 ACK 3 3486 1460 ACK 4 4946 1460 ACK 5 6406 1460 ACK 6 7866 1460 ACK 7 9013 1147 ACK 8 10473 1460 ACK 9 11933 1460 ACK 10 13393 1460 ACK 11 14853 1460 ACK 12 16313 1460 …… The difference between the acknowledged sequence numbers of two consecutive ACKs indicates the data received by the server between these two ACKs. By inspecting the amount of acknowledged data by each ACK, there are cases where the receiver is ACKing every other segment
- 9. 9NANDA AFIF ASHARI | 2110165028 12. What is the throughput (bytes transferred per unit time) for the TCP connection? Explain how you calculated this value. Solution: The computation of TCP throughput largely depends on the selection of averaging time period. As a common throughput computation, in this question, we select the average time period as the whole connection time. Then, the average throughput for this TCP connection is computed as the ratio between the total amount data and the total transmission time. The total amount data transmitted can be computed by the difference between the sequence number of the first TCP segment (i.e. 1 byte for No. 4 segment) and the acknowledged sequence number of the last ACK (164091 bytes for No. 202 segment). Therefore, the total data are 164091 - 1 = 164090 bytes. The whole transmission time is the difference of the time instant of the first TCP segment (i.e., 0.026477 second for No.4 segment) and the time instant of the last ACK (i.e., 5.455830 second for No. 202 segment). Therefore, the total transmission time is 5.455830 - 0.026477 = 5.4294 seconds. Hence, the throughput for the TCP connection is computed as 164090/5.4294 = 30.222 KByte/sec.
- 10. 10NANDA AFIF ASHARI | 2110165028