Question

The goal of this first lab was primarily to introduce you to Wireshark. The following questions will demonstrate that you’ve been able to get Wireshark up and running, and have explored some of its capabilities. Answer the following questions, based on your Wireshark experimentation:

1. List up to 10 different protocols that appear in the protocol column in the unfiltered packet-listing window in step 7

Step 7: After your browser has displayed the INTRO-wireshark-file1.html page, stop Wireshark packet capture by selecting stop in the Wireshark capture window. This will cause the Wireshark capture window to disappear and the main Wireshark window to display all packets captured since you began packet capture. The main Wireshark window should now look similar to Figure 2. You now have live packet data that contains all protocol messages exchanged between your computer and other network entities! The HTTP message exchanges with the gaia.cs.umass.edu web server should appear somewhere in the listing of packets captured. But there will be many other types of packets displayed as well (see, e.g., the many different protocol types shown in the Protocol column in Figure 2). Even though the only action you took was to download a web page, there were evidently many other protocols running on your computer that are unseen by the user. We’ll learn much more about these protocols as we progress through the text! For now, you should just be aware that there is often much more going on than “meet’s the eye”!.

2. How long did it take from when the HTTP GET message was sent until the HTTP OK reply was received? (By default, the value of the Time column in the packetlisting window is the amount of time, in seconds, since Wireshark tracing began. To display the Time field in time-of-day format, select the Wireshark View pull down menu, then select Time Display Format, then select Time-of-day.)

3. What is the Internet address of the gaia.cs.umass.edu (also known as wwwnet.cs.umass.edu)? What is the Internet address of your computer?

4. Print the two HTTP messages displayed in step 9 above. To do so, select Print from the Wireshark File command menu, and select “Selected Packet Only” and “Print as displayed” and then click OK.

Answer 1

1)Three of the protocols that were in the list of unfiltered results were TCP, DNS, and HTTP.According to above screenshot, for this webpage downloading process, at first, the DNS protocol was used to translate the URL to IP address, and then the TCP (transport layer) connection was established between the client and the server. Finally, the HTTP (application layer) connection was established based on the TCP connection which established in step 2.

2)It took .058408 seconds for the OK reply to be received.According to above screenshot, the HTTP OK is arrived at Jan 26, 2014 17:43:14.846936000 Therefore, the time took from HTTP GET to HTTP OK is .846936000 ‐ .75265700 0= 0.094279 Seconds

3)The Internet address of gaia.cs.umass.edu is 128.119.245.12. The Internet address of my laptop is 192.168.0.134.Above screenshot is the HTTP GET. This datagram is supposed to be sent form my computer to the web server. Thus, my computer’s IP address is 192.168.1.11, the web server’s IP address is 128.119.245.12

4)Instead of printing the two GET and OK messages I decided to use screen captures of the two messages. They are below