Wireshark Lab: Ethernet and ARP

1. 00:24:2b:a4:09:a3

2. bc:77:37:35:b2:b3

3.The value is 0x0800
4. There are 52 bytes.

5.

6.00:24:2b:a4:09:a3

7. bc:77:37:35:b2:b3

8.The value is 0x0800
9. There are 52 bytes.

12. The source address 00:17:fa:f3:f2:11, The destination address is ff:ff:ff:ff:ff:ff.
13. The value is 0x0806.
14a. 20 bytes
14b. 0x0800
14c. Yes
14d. The host's IP address is being queried

15a. 20 bytes

15b. 0x0002

15c. In the sender MAC address field.

16. Source Address: 00:17:fa:f3:f2:11, Destination Address ff:ff:ff:ff:ff:ff

17. There wasnt any replies because the computer didnt send a request. The ARP reply ended up being sent back to the ethernet address of the sender.

Wireshark lab 5 UDP

1. the udp contains four fields, Desination Port, checksum, source port, and length

2. theres a total of 13 header bytes

3. 13 header bytes and 21 data bytes

4.The maximum number of bytes is 65535-13 (header) = 65522

5.The largest possible sourceport would be 65535

6. the protocol number of UDP is 17

7.The checksum can be calculated by the 16 bit headers and data added together and they are checked against the key, 0xffff.

8.The destination port of the host packet is the same as the source port of the reply packet

Wireshark 4 TCP

part 1

part 2

1.source port 80

2.Umass ip address: 128.119.245.12, port: 80
3. was unable to create my own

4. The tcp syn has a value of 0. what identifies it as a syn segment is the value "1 syn:set"
5. The ackknowlegement number is 1. umass website determines this value because it is acknlowleging it as the syn value.
6. The sequence number is 1.

7-8. was confused on what i where i was to find the answers

9. minimum window size 16425. it doesnt throttle the buffer because of its window size is to large and will keep growing.

10. No, because sequence numbers are increasing proportionally.
11. The reciever recieves 16425 bytes of data per packet.
12. 16424/ .82977= 19.79 kb/sec
13. The slow start begins at the beginning of the connection and ends after. In the text examples, too much data is being sent on purpose so the network becomes congested almost imediately. In this example it is being sent in small amounts so there is no congestion

Wireshark Lab: DNS

part 1

part 2

part3

4. tcp

5. port 57

6. they are not the same

7. it is type A and they dont have any answers

8.www.ietf.org, type A, clas inet addr 12.22.58.30

9.it was sent to 128.119.245.12

10. it does not

11. 72435 port 57

12. they are the same

13. its type A and has no answers

14-18 couldnt figure it out

20. has it sent to 10.40.4.44, which is www.bitsy.edu
21. Its a type A query and has no answers.

WireShark HTTP

1. my http is running a 1.1.

2. en-us

3. my computer adress is 149.152.32.60,  website adress 74.125.226.175

4.200

5.mon, 04 Dec 2011 20:19:11 GMT\r\n



6. 126

7. no they are found in the data


pt 2

8. no

9. yes

10. mon, 04 Dec 2011 20:59:11 GMT\r\n

11.HTTP/1.1 304 Not Modified



pt 3

12. i recieved 2 requests

13. 12 were needed to carry it out

14. 200

15. no

wireshark IP

Worked with Bryan Pellitier

1.  216.92.151.75


2. the overall header of the value is ICMP

3.there are 56 toal bytes, 20 of which the bytes go to the IP header, and the other 36 are from the IP datagram.

4. the data can not be fragmented because the fragment line is equal to 0

5.  the amount of Time to live, Identification, and the header always change.

6. constant: header length, version, source IP, desination IP, upper layer protocol, services
has to change: identification, header checksum, time to live.

7. The IP header fields change incremently with each change in field.

8. Identification: 60500
Time to live: 254

9. The identification field will change for all of the ICMP time to live requests, but they will not change with a hop router because they are using the same router.


10. Yes more than one IP datagram was used.

11. The fragment offset is = 0, and therefore this is the first fragment. The length of this is 1500 bytes.

12. It cant be the first fragment, because the offset is not 0.

13. The changes are offset, checksum, flags, total length.

14. 3 packets are created.

15. The fragment offset and checksum will change.

wireshark lab 1

Hello I am tom vear, this is the first youtube video I have created, this is wireshark project 1
enter the URL given and had that page displayed in my browser then stop Wireshark packet  by selecting stop in the Wireshark capture window. it cause the Wireshark capture window to disappear and the main Wireshark window to display all packets captured since the beginning  packet capture. now I have live packet data that contains all protocol messages exchanged between my computer and other network entities.  And then I typed in lower case http and it brought up all web addresses it found and that was lab number 1