INST 346
Technologies Infrastructure and Applications
Spring 2018
Assignment H8

1. First, look at the messages that are used to gain access to a Web page. To do this, first launch Wireshark and select the network your computer is using to exchange data over the Internet. Close all open Web browsers, then select restart (in the capture menu) in Wireshark, and then open a Web browser and go to this Web page and then select stop in Wireshark (also in the capture menu). This will give you a set of time-ordered messages that you can look at. Then find and inspect the messages that you need to answer the following questions:
   1. What port number did your computer use to send the first DNS query message that was used to resolve the domain name in this Web page (legacydirs.umiacs.umd.edu)?
   2. How many DNS requests did your computer send before receiving the IP address for that domain name?
   3. Why weren't more DNS messages needed to find that IP address?
   4. Explain how you know those three answers. Include one or more screenshots and refer to specific items in those screenshot(s) to substantiate your explanation.
   5. Does your Web browser send content (a "payload") in the third segment of the three way handshake in the TCP setup before requesting a Web page?
   6. Explain how you know that. Include a screenshot and refer to specific items in that screenshot to substantiate your explanation.
2. Second, look at the IP datagram that was used to send the HTTP GET request message that was used to request this Web page. Click to expand the IP datagram and TCP segment and use what you see there to answer the following questions:
   1. Did your computer use IP version 4 or version 6?
   2. What is the maximum number of routers that would be allowed to forward this packet before it would be discarded?
   3. What is the actual sequence number used in the TCP segment used for the HTTP request? The middle window does now show the actual sequence number, but rather the "relative sequence number" (i.e., the sequence number minus the first sequence number that was used in that TCP connection). To see the real sequence number (in base 16) just click on the relative sequence number you want to see and then look below for the eight highlighted hexadecimal digits.
   4. Explain how you know those three answers. Include one or more screenshots and refer to specific items in those screenshot(s) to substantiate your explanation.
   5. Now find the TCP segment that acknowledges the TCP segment the HTTP GET message you just looked at and find its sequence number. Wireshark stacks up packets from the different layers, so this TCP segment may be include in the HTTP response message. Is the sequence number the same in the the acknowledgment segment as in the original TCP segment that is being acknowledged? Why or why not?
   6. Explain how you know that. Include two screenshots (one for each TCP segment) and refer to specific items in those screenshots to substantiate your explanation.
3. Now use your Web browser to one of my favorite podcasts at https://www.mixcloud.com/conversationswithapollo/conversations-with-apollo-episode-14-don-eyles-on-the-fly/ and start the playback. Then select start in Wireshark (in the capture menu). While you listen to the first part of the podcast, answer the following questions:
   1. Is the podcast audio being sent to you by TCP or by UDP?
   2. What port number on the server is being used to send the podcast audio to you?
   3. Explain how you know the answers to those two questions. Include one or more screenshots and refer to specific items in those screenshot(s) to substantiate your explanation.