INST 346
Technologies Infrastructure and Applications
Spring 2018
Assignment H8
The goal of this assignment is to use Wireshark to gain insight into
what it is your computer is actually doing on the network.
First, look at the messages that are used to gain access to a Web
page. To do this, first launch Wireshark and select the network your
computer is using to exchange data over the Internet. Close all open
Web browsers, then select restart (in the capture menu) in Wireshark,
and then open a Web browser and go to this Web page and then select
stop in Wireshark (also in the capture menu). This will give you a
set of time-ordered messages that you can look at. Then find and
inspect the messages that you need to answer the following questions:
What port number did your computer use to send the first DNS
query message that was used to resolve the domain name in this Web
page (legacydirs.umiacs.umd.edu)?
How many DNS requests did your computer send before receiving the
IP address for that domain name?
Why weren't more DNS messages needed to find that IP address?
Explain how you know those three answers. Include one or more
screenshots and refer to specific items in those screenshot(s) to
substantiate your explanation.
Does your Web browser send content (a "payload") in the third
segment of the three way handshake in the TCP setup before requesting
a Web page?
Explain how you know that. Include a screenshot and refer to
specific items in that screenshot to substantiate your explanation.
Second, look at the IP datagram that was used to send the HTTP
GET request message that was used to request this Web page. Click to
expand the IP datagram and TCP segment and use what you see there to
answer the following questions:
Did your computer use IP version 4 or version 6?
What is the maximum number of routers that would be allowed to
forward this packet before it would be discarded?
What is the actual sequence number used in the TCP segment used
for the HTTP request? The middle window does now show the actual
sequence number, but rather the "relative sequence number" (i.e., the
sequence number minus the first sequence number that was used in that
TCP connection). To see the real sequence number (in base 16) just
click on the relative sequence number you want to see and then look
below for the eight highlighted hexadecimal digits.
Explain how you know those three answers. Include one or more
screenshots and refer to specific items in those screenshot(s) to
substantiate your explanation.
Now find the TCP segment that acknowledges the TCP segment the
HTTP GET message you just looked at and find its sequence number.
Wireshark stacks up packets from the different layers, so this TCP
segment may be include in the HTTP response message. Is the sequence
number the same in the the acknowledgment segment as in the original
TCP segment that is being acknowledged? Why or why not?
Explain how you know that. Include two screenshots (one for each
TCP segment) and refer to specific items in those screenshots to
substantiate your explanation.
Now use your Web browser to one of my favorite podcasts at
https://www.mixcloud.com/conversationswithapollo/conversations-with-apollo-episode-14-don-eyles-on-the-fly/
and start the playback. Then select start in Wireshark (in the
capture menu). While you listen to the first part of the podcast, answer the following questions:
Is the podcast audio being sent to you by TCP or by UDP?
What port number on the server is being used to send the podcast
audio to you?
Explain how you know the answers to those two questions. Include
one or more screenshots and refer to specific items in those
screenshot(s) to substantiate your explanation.
Submit your homework using ELMS before the start of class on the date
indicated in the schedule.
Doug Oard
Last modified: Wed Mar 28 12:34:07 2018