ASSESSMENT DESCRIPTION: This assessment is a group assignment. For this assessment, you will work in groups of five stud
Posted: Sat May 14, 2022 3:31 pm
ASSESSMENT
DESCRIPTION:
This assessment is a group
assignment.
For this assessment,
you will work in groups of five students. Your lecturer will help
you to form the groups in Week 2.
Two protocols in the
TCP/IP transport layer are TCP (defined in RFC 761) and UDP
(defined in RFC 768). Both protocols support upper-layer protocol
communication. For example, TCP is used to provide transport layer
support for the HyperText Transfer Protocol (HTTP) and FTP
protocols, among others. UDP provides transport layer support for
the Domain Name System (DNS) and TFTP, among others.
In part 1 of this
assignment, you will use the Wireshark open source tool to capture
and analyze TCP protocol header fields for FTP file transfers
between the host computer and an anonymous FTP server. In Part 2,
you will use Wireshark to capture and analyze UDP header fields for
DNS through the captured traffic.
Part 1: Identify TCP Header Fields and Operation Using a
Wireshark FTP Session Capture
2. Now click ftp://test.rebex.net/. You will
see a new window as shown in Fig.2. Log into the FTP site using
demo for the username and
password for the password.
3. Once you connect, the following window will pup up. Go
to the pub folder then to
examples folder and save one of the image files in
it on your computer folder.
4. Open the captured file (file which you have saved in your
computer in step 3) in Wireshark. Apply tcp filter
and click Apply (enter). Look for the first TCP packet that started
the 3-way handshake with ftp://test.rebex.net/.
The destination IP address is the IP address you should use for
further filtering. Thus, you will filter as follows: tcp and
ip.add==104.83.206.150 (you may find a different IP address in your
experiment).
Table.1
Description
Wireshark Results
Source IP address
Destination IP address
Source port number
Destination port number
Sequence number
Acknowledgment number
Header length
Window size
Table.2
Description
Wireshark Results
Source IP address
Destination IP address
Source port number
Destination port number
Sequence number
Acknowledgment number
Header length
Window size
Part 2: Identify UDP Header Fields and Operation in Wireshark
using DNS
The other type of
traffic looked at (and this may be of some interest when
troubleshooting network issues) is DNS traffic. DNS uses port 35
and uses UDP for the transport layer. To complete this part, you
need to take the following steps:
Now, using the first UDP datagram put
the requested information in Table.3.
Table.3
Description
Wireshark Results
Source IP address
Destination IP address
Source port number
Destination port number
UDP message length
UDP checksum
Then, answer the following
questions:
Open to select interface @ 9 9 1 Current Wi-Fe eno po Wireshark Capture Options rout Output Options Link-Layer Header themet Raw Ethemet Ethemet BSD loopback BSD loopback BSD loopback BSD lopteck BSD loopback Ethemet Ethemet Promiso Sragen M M Motor default 2 de 2 default 2 detast 2 SOS uno tunt una delaut 2 delet 2 Loopback: 100 Thunderbolt Bridge bridge Thunderbolt 1: ent Enable promiscuous mode on all interfaces defaut 2 defaut 2 det 2 Manage Interfaces Capture fier for selected interfaces Enter a capture fier Comples Close Star ds) se 3a b448 00 45 77 te 7 a5 se 10 2030 3 12 tao wir W-FMA Puckats 10 Displayed 1000000
Log on as X Either the server does not allow anonymous log-ins or the email address was not accepte FTP server: test.rebex.net Username: demo Password: After you've logged on, you can add this server to your Favourites and return to it easily. FTP does not encrypt or encode passwords or data before sending them to the server. To protect the security of your passwords and data, use WebDAV instead. Log on anonymously Save password Log On Cancel
> The Internet > test.rebex.net pub readme.txt 5 S Internet > testrebe.net > pub ▸ example Search example imap-console-cient.png KeyGenerator.png Key GeneratorSmall pre mail-editor.png mail-send-winforms.png mime-explorer.png pocketftp.png pocketftpSmall.png pop3-browser.png pop3-console-cient.png readme.it Resumable Transfer.png wincedient.png winceclentSmallong WirformClient.png WeformchentSmall.png
DO tep Ne Time Source Destination Protocol Length 1 0.00 52.98.0.2 192.168.0.11 TLSW. 19 Application Data 2 8.000007 52.98.6.2 192.168.0.11 TLS 1145 Application Data 3 8.2009 52.98.0.2 192.168.0.11 TUSVL 89 Application Data 4 8.000135 192.168.0.11 52.98.8.2 TOP 54 37001 - 463 [OKSegel Ack-36 Vide9 Lenne 5 8.608135 192.168.0.11 52.98.6.2 TOP 54 57801 - 443 AOK] Segel Ack-1127 Wi-4078 Lena G 8.000135 192.168.0.11 52.98.2.2 TOP 56 57001 - 443 TACK Segel Ack 1162 W4077 Lena 78.489192 52.98.14.11 192.168.0.11 TLSW. 170 Application Data 8 8.489395 192.168.0.11 52.98.14.13 TOP 54 57838 - 443 AK Sequl Ack-117 Win4094 Lene 9 8.500528 52.98.14.130 192.168.0.11 TLS 1. 170 Application Data 10 8.500636 192.168.0.11 52.98.14.230 TOP 54 57830 - 43 CACK) Sel Ack117 Win4094 Le 14 5.125779 192.168.0.1 1.83.205.150 TOP 78 57973-443 SYN) Segee wan65535 Len 55-2460 564 TSVal57532 15 5.134276 184.83.200.150 192.168.0.10 TOP 7843-57973 SYN, ARIS Act Win 85160 Lene S1460 SAKI 16 5.134327 192.168.0.11 10.8.206.150 TOP 66 57978 - 443 (ADK] Sol Ackel Win131712 Lens Sval-575326501 Tser 17 5.134760 192.168.0.11 10.03.200.150 TLSW. 500 client Hello 18 5.143476 184.83.206.158 192.168.0.11 TOP 66443-57978 CACK] Set Ack 518 Win 768 Lena Tsval-220852886 T! 19 5.143795 104.83.206.150 192.168.0.11 TLSV1 218 Server Hello, Change Cipher Spec, Encrypted Handshake Message 20 5.143485 192.168.0.11 104.83.200.150 TOP 66 57978 - 443 AOKI Sequ518 Act 153 Win131584 Lene Sval37532610 21 5.144321 192.168.0.11 104.83.206.150 TLS 117 Change Cipher See, Encrypted Handshake Message 22 5.140603 192.168.0.11 104.03.205.15 TLSV1 928 Application Data 23 5.153670 184.83.200.158 192.168.0.11 TOP 66 443-57978 CACK] Seq153 A 509 Win64768 Lens Sval-220402896 24 5.154161 164.83.206.150 192.168.0.11 TOP 66443 - 57078 AOKI S-153 A-3431 Win-64128 Lene Sval-220488280 25 5.520285 184.83.206.150 192.168.0.11 TLS. 368 Application Data 26 5.529292 184.83.200.150 192.168.2.11 TLSV1. 226 Application Data 27 5.5293 226 TOP Retransmission) 44357973 IPSH, AK Seq-155 Ack3031 Wine 192.168.0.11 66 3978 - 413 AGRI Seg1431 A455 van 131264 Lena Tsva 57532639 29 5.529424 192.168.0.11 10.03.206.15 TOP 66 57978 -43 ACK] Seg1431 Ack615 Win131136 Lena Tsval-57532689 30 5.20 192.168.0.1 73 1 BUDAK230.23.23 AS18 AC 615 1335 Lt Frame 14: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface ene, id 0908 64 66 24 31 Bf da 14 70 da 13 3a 488 88 45 df$? 2018 88 48 BD 48 8 40 86 43 lb ca BD BD 68 53 CS 2020 ce 96 e2 7a 01 bb 20 od 1b ees Bebe 2 2038 11 11 57 86 88 ee 82 84 85 b4 01 83 83 86 1 81 1040 88 a 22 4 9 id 0 0 0 0 4 2 0 88 3 07 Transmission Control Protest Proto Pockets 229 Displayed: 143 (62.44 PD
DESCRIPTION:
This assessment is a group
assignment.
For this assessment,
you will work in groups of five students. Your lecturer will help
you to form the groups in Week 2.
Two protocols in the
TCP/IP transport layer are TCP (defined in RFC 761) and UDP
(defined in RFC 768). Both protocols support upper-layer protocol
communication. For example, TCP is used to provide transport layer
support for the HyperText Transfer Protocol (HTTP) and FTP
protocols, among others. UDP provides transport layer support for
the Domain Name System (DNS) and TFTP, among others.
In part 1 of this
assignment, you will use the Wireshark open source tool to capture
and analyze TCP protocol header fields for FTP file transfers
between the host computer and an anonymous FTP server. In Part 2,
you will use Wireshark to capture and analyze UDP header fields for
DNS through the captured traffic.
Part 1: Identify TCP Header Fields and Operation Using a
Wireshark FTP Session Capture
- Assessment Description This Assessment Is A Group Assignment For This Assessment You Will Work In Groups Of Five Stud 1 (88.28 KiB) Viewed 86 times
see a new window as shown in Fig.2. Log into the FTP site using
demo for the username and
password for the password.
- Assessment Description This Assessment Is A Group Assignment For This Assessment You Will Work In Groups Of Five Stud 2 (62.38 KiB) Viewed 86 times
to the pub folder then to
examples folder and save one of the image files in
it on your computer folder.
- Assessment Description This Assessment Is A Group Assignment For This Assessment You Will Work In Groups Of Five Stud 3 (73.7 KiB) Viewed 86 times
computer in step 3) in Wireshark. Apply tcp filter
and click Apply (enter). Look for the first TCP packet that started
the 3-way handshake with ftp://test.rebex.net/.
The destination IP address is the IP address you should use for
further filtering. Thus, you will filter as follows: tcp and
ip.add==104.83.206.150 (you may find a different IP address in your
experiment).
- Assessment Description This Assessment Is A Group Assignment For This Assessment You Will Work In Groups Of Five Stud 4 (280.94 KiB) Viewed 86 times
Description
Wireshark Results
Source IP address
Destination IP address
Source port number
Destination port number
Sequence number
Acknowledgment number
Header length
Window size
Table.2
Description
Wireshark Results
Source IP address
Destination IP address
Source port number
Destination port number
Sequence number
Acknowledgment number
Header length
Window size
Part 2: Identify UDP Header Fields and Operation in Wireshark
using DNS
The other type of
traffic looked at (and this may be of some interest when
troubleshooting network issues) is DNS traffic. DNS uses port 35
and uses UDP for the transport layer. To complete this part, you
need to take the following steps:
Now, using the first UDP datagram put
the requested information in Table.3.
Table.3
Description
Wireshark Results
Source IP address
Destination IP address
Source port number
Destination port number
UDP message length
UDP checksum
Then, answer the following
questions:
Open to select interface @ 9 9 1 Current Wi-Fe eno po Wireshark Capture Options rout Output Options Link-Layer Header themet Raw Ethemet Ethemet BSD loopback BSD loopback BSD loopback BSD lopteck BSD loopback Ethemet Ethemet Promiso Sragen M M Motor default 2 de 2 default 2 detast 2 SOS uno tunt una delaut 2 delet 2 Loopback: 100 Thunderbolt Bridge bridge Thunderbolt 1: ent Enable promiscuous mode on all interfaces defaut 2 defaut 2 det 2 Manage Interfaces Capture fier for selected interfaces Enter a capture fier Comples Close Star ds) se 3a b448 00 45 77 te 7 a5 se 10 2030 3 12 tao wir W-FMA Puckats 10 Displayed 1000000
Log on as X Either the server does not allow anonymous log-ins or the email address was not accepte FTP server: test.rebex.net Username: demo Password: After you've logged on, you can add this server to your Favourites and return to it easily. FTP does not encrypt or encode passwords or data before sending them to the server. To protect the security of your passwords and data, use WebDAV instead. Log on anonymously Save password Log On Cancel
> The Internet > test.rebex.net pub readme.txt 5 S Internet > testrebe.net > pub ▸ example Search example imap-console-cient.png KeyGenerator.png Key GeneratorSmall pre mail-editor.png mail-send-winforms.png mime-explorer.png pocketftp.png pocketftpSmall.png pop3-browser.png pop3-console-cient.png readme.it Resumable Transfer.png wincedient.png winceclentSmallong WirformClient.png WeformchentSmall.png
DO tep Ne Time Source Destination Protocol Length 1 0.00 52.98.0.2 192.168.0.11 TLSW. 19 Application Data 2 8.000007 52.98.6.2 192.168.0.11 TLS 1145 Application Data 3 8.2009 52.98.0.2 192.168.0.11 TUSVL 89 Application Data 4 8.000135 192.168.0.11 52.98.8.2 TOP 54 37001 - 463 [OKSegel Ack-36 Vide9 Lenne 5 8.608135 192.168.0.11 52.98.6.2 TOP 54 57801 - 443 AOK] Segel Ack-1127 Wi-4078 Lena G 8.000135 192.168.0.11 52.98.2.2 TOP 56 57001 - 443 TACK Segel Ack 1162 W4077 Lena 78.489192 52.98.14.11 192.168.0.11 TLSW. 170 Application Data 8 8.489395 192.168.0.11 52.98.14.13 TOP 54 57838 - 443 AK Sequl Ack-117 Win4094 Lene 9 8.500528 52.98.14.130 192.168.0.11 TLS 1. 170 Application Data 10 8.500636 192.168.0.11 52.98.14.230 TOP 54 57830 - 43 CACK) Sel Ack117 Win4094 Le 14 5.125779 192.168.0.1 1.83.205.150 TOP 78 57973-443 SYN) Segee wan65535 Len 55-2460 564 TSVal57532 15 5.134276 184.83.200.150 192.168.0.10 TOP 7843-57973 SYN, ARIS Act Win 85160 Lene S1460 SAKI 16 5.134327 192.168.0.11 10.8.206.150 TOP 66 57978 - 443 (ADK] Sol Ackel Win131712 Lens Sval-575326501 Tser 17 5.134760 192.168.0.11 10.03.200.150 TLSW. 500 client Hello 18 5.143476 184.83.206.158 192.168.0.11 TOP 66443-57978 CACK] Set Ack 518 Win 768 Lena Tsval-220852886 T! 19 5.143795 104.83.206.150 192.168.0.11 TLSV1 218 Server Hello, Change Cipher Spec, Encrypted Handshake Message 20 5.143485 192.168.0.11 104.83.200.150 TOP 66 57978 - 443 AOKI Sequ518 Act 153 Win131584 Lene Sval37532610 21 5.144321 192.168.0.11 104.83.206.150 TLS 117 Change Cipher See, Encrypted Handshake Message 22 5.140603 192.168.0.11 104.03.205.15 TLSV1 928 Application Data 23 5.153670 184.83.200.158 192.168.0.11 TOP 66 443-57978 CACK] Seq153 A 509 Win64768 Lens Sval-220402896 24 5.154161 164.83.206.150 192.168.0.11 TOP 66443 - 57078 AOKI S-153 A-3431 Win-64128 Lene Sval-220488280 25 5.520285 184.83.206.150 192.168.0.11 TLS. 368 Application Data 26 5.529292 184.83.200.150 192.168.2.11 TLSV1. 226 Application Data 27 5.5293 226 TOP Retransmission) 44357973 IPSH, AK Seq-155 Ack3031 Wine 192.168.0.11 66 3978 - 413 AGRI Seg1431 A455 van 131264 Lena Tsva 57532639 29 5.529424 192.168.0.11 10.03.206.15 TOP 66 57978 -43 ACK] Seg1431 Ack615 Win131136 Lena Tsval-57532689 30 5.20 192.168.0.1 73 1 BUDAK230.23.23 AS18 AC 615 1335 Lt Frame 14: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface ene, id 0908 64 66 24 31 Bf da 14 70 da 13 3a 488 88 45 df$? 2018 88 48 BD 48 8 40 86 43 lb ca BD BD 68 53 CS 2020 ce 96 e2 7a 01 bb 20 od 1b ees Bebe 2 2038 11 11 57 86 88 ee 82 84 85 b4 01 83 83 86 1 81 1040 88 a 22 4 9 id 0 0 0 0 4 2 0 88 3 07 Transmission Control Protest Proto Pockets 229 Displayed: 143 (62.44 PD