Question

here is a more zoomed in pic:

3. Examine the following screen-shot of a short packet capture in Wireshark. Describe the sequence of packets exchanged between the two systems participating in the conversation. What sort of traffic has been captured? What is happening in the sequence shown on the screen? Please provide as much details as possible for each packet. vew Se pt iti Teephon ides o aneson LlActy a dree CH-P sen (S) Sec-a an-4760 Len-a M55-1460 SACK PER- bteon alaco eega 54 168.237 , 223 eoa HtSe130pe secs PER- a o11214 45.254-208.257 63.288.228.223 ITP 145.254.10.227 1434 [TCF segnent g6 Len- 1434 [TCP segnent of a reassenbled 5,298,228-221 1.R126a6 15-254-160.237 TOP Min-9660 n resssentled eu 1434 [rCP segnent 19 2.443313 pagad-gglesyndicat lon.co 1434 e 15 2.010019 021262042 245.254.18.2s 8 STanad qury response eses g ggiesnaiatio.c pagea ogie.co pagead-ggeas ss.59.104 A 45.254.35.237 Ack-8281 i9660 Le- 19 3.8145 65.268.228.223 AK Se af .200.220.223 1434 TCP segnent 22 3.435028 145.234-10.237 TCP ra reassenbled P 5 254 166 a47 23 3.635227 6 2a8 225 12 TOP 1434 TCP segnent . .. Se22 Ack-151 i8768 Le 23he.257 . 4M FE 32 4 356264 TCP m [acx see-4 ack-17 i-30 Le 35 4.030405 140.254.20.237 .200.228.223 CK edel Acke722 win-14O Len-430 1s37180 ACI Scoe722 Ack-1501 Han-0760 Len- 236 237 MTTP/ 478 HTTP/11 2s e 228.2s H 141ck4e uia-432 Len-e 4 17.905747 4337200 LACK Seto Ac L4s.254.26.237 .200.22.222 TCP s 7 m/3 Noet: 43-Dslavad 3(0DN toad te: 8:.4 ote Defat Screen-shot for question 3. http (2).cap X Eile Edit View Go Cepture Analyze Statistics Telephony Wireless Tools Help Apply a deplay fiter Expresson Ctrl-/> No Leng 1372 a a(SYN Seg-0 Win- 876e Len-0 NSS-1460 SACK PERM-1 e 32-223 254 169.237 e.000000 Packet length (bytes) ACK1 Sea-e Ack-1 Win-5848 Len- a MSS-1388 SACK PERM-1 145.254.166.237 2 0.911310 65.208.228.223 TCP 4 33728 [ACK Seq-1 Ack-1 in-9668 Len-e 14525166.25r es.208.226ds 5 1.472116 54 80 3372 [ACK] Seq-1 Ack-480 Win-6432 Len-e 1434 [TCP segnent of a reassembled POu] 145-254.160.237 65.208.228.223 ТCР 145.254.166.237 6 1.682419 65.208.228.223 ТСР in-966e Len- a reassembled POU 81.812606 ES. 208.228.223 145,254,168.237 ТСЕ 1434 [TCP segnent 54 3372 80 [ACK] Seq-480 Ack-2761 Win-9660 Len-e 65.208.228.223 9 2.012094 145,254.160.237 ТСЕ 1434 TCP sPRnent 112 553677 4s 354 168.237 a reassembled POU1 65 288 228 223 ТCР 54 33728e [ACK] Seq-480 Ack-5521 win-966e Lon- 12 2.553672 145.254.160.237 65.208.228.223 ТCР oglesyndication.com 54 16.217 1434 TCP seaant 54 3372 88 [ACK] Seq 480 Ack-6901 win-966e Lens a reassenbled POu 633727 14 TCP 65.288,228.223 15 2.814046 145.254.160.237 ТСР 145, 253, 2, 283 188 5tandard query response Ox0023 A pagead2.googlesyndication.com CNANE pagead2.google.com CNAME pagead.google. akadns . net A 216.239.59.104 A 775 GET /pagead/ads ? client-ca-pub-2309191948673629&randon-108444343028581mt -10824670208 format-468x50_as&output-html8url-http%3A%2FX2 Fuww. ether.. 14E 154 160 237 17 2.914198 DNS 18 2.984291 145,254.160,237 216.239.59.99 кТТР win=9668 Len-e 37 CE 208 238 222 254 14 237 1434 [TCP emant of Faareamblad BOu areassembled POU] 30 3 374852 en 145.254.16e.237 1434 [TCP segnent 21 3.495025 65.208.228.223 ТСР Win-9660 Len-e 3A 23 3 635227 1424 TCR t ofsereahld 54 se3371 [ACK] Seq-1 Ack-722 Win-3146e Len-e mer ТСЕ 24 3.645241 216.239.59.99 145,254,168.237 37 Win-9660 Len-0 E 164 16 237 26 3.915630 216 330 50 o0 wer 214 HTTP/1.1 200 OK (text/h tml) 145.254.160.237 27 3.955688 216.239.59.99 HTTP 3: dn-876e Lon -a 1424 FTCR ot fcasobled cou 29 4 105094 1M 254 160 3 65. 288.228.223 237 54 3372 8e ACK] Seq-480 Ack-13501 Win=9660 Len-e 30 4.216062 145.254.160.237 6s,288,228.223 TCP -gent 65 288 228 223 .. 145 354 16e aa 32 4 356364 54 3372 88 [ACK] Seq-480 Ack-16561 Win-9660 Len -e 1434 I s8 Scka17 3 4.356264 145.254.160.237 65.288.228.223 ТCР win-9660 Len-e 36 4,776868 1484 [TCP Spurious Retransnissionl 88 +3371 [PSH, ACK1 Seg 1 Ack-722 kin-31460 Len 1438 216.239 . 59 .99 145.254.160.237 TCP 37 4,776868 145.254.160.237 216.239.59,99 ТCP 54 [TCP Dup ACK 28#11 3371 8e [ACK1 Seg-722 Acke1591 Win-8760 Len- HTTP/XML 28 a17334 145 254,168.237 ES 288 228 223 54 3172 88 (ACK] Seg-480 Ack-18365 Win-9236 Len-e 54 se3372 (FIN, ACK] Seg-18365 Ack-488e win-6432 Len-e 40 145,254,160.237 7.905747 65.208.228.223 ТСЕ 54 3372 8 LACK seq Ack 2 e.600.28.d2s Len-e

Answer 1

source address 145.254.160.237 which is requesting to the destination address 65.208.228.223 and vice versa communication is established in all packets.

in packet 4 http protocl is demanding to the destination ip to download the download.html page till the packet 35 in between packet 13 and 17 DNS protocol has been triggered to find the ads on the page from /pagead/ folder from the server directory and download.html page is downloaded in fregmentation by sequence number from client and ack number from server.

in packet 27 ads are loaded with html status code 200 OK

in packet 36 adserver 216.239.59.99[ad server] has re transfer the packet due to currpted or for not deliverd properly .

in packet 37 client has replied that packet is duplicate .

in packet 40 three hand shake is clossing the page transfer from FIN ,ACK and FIN ACK.

if you have any doubt then please ask me without any hesitation in the comment section below , if you like my answer then please thumbs up for the answer , before giving thumbs down please discuss the question it may possible that we may understand the question different way and we can edit and change the answers if you argue, thanks :)