Post

Wireshark Lab: Getting Started v8.1

Computer Networking: A Top-Down Approach

Posted
By 송기종
views 2 min read

Questions

  1. Which of the following protocols are shown as appearing (i.e., are listed in the Wireshark “protocol” column) in your trace file: TCP, QUIC, HTTP, DNS, UDP, TLSv1.2?
    • TCP
    • HTTP
    • TLSv1.2

    Figure 1. “Protocol” column


  2. How long did it take from when the HTTP GET message was sent until the HTTP OK reply was received? (By default, the value of the Time column in the packet-listing window is the amount of time, in seconds, since Wireshark tracing began. (If you want to display the Time field in time-of-day format, select the Wireshark View pull down menu, then select Time Display Format, then select Time of Day.)
    • $8.501613 - 8.472728 = 0.028885 \ \mathrm{s}$

    Figure 2. “Time” column


  3. What is the Internet address of the gaia.cs.umass.edu (also known as www-net.cs.umass.edu)? What is the Internet address of your computer or (if you are using the trace file) the computer that sent the HTTP GET message?
    • 128.119.245.12
    • 10.0.0.44

    Figure 3. IP addresses


  4. Expand the information on the HTTP message in the Wireshark “Details of selected packet” window (see Figure 3 above) so you can see the fields in the HTTP GET request message. What type of Web browser issued the HTTP request? The answer is shown at the right end of the information following the “User-Agent:” field in the expanded HTTP message display. [This field value in the HTTP message is how a web server learns what type of browser you are using.]
    • Firefox

    Figure 4. User-Agent header


  5. Expand the information on the Transmission Control Protocol for this packet in the Wireshark “Details of selected packet” window (see Figure 3 in the lab writeup) so you can see the fields in the TCP segment carrying the HTTP message. What is the destination port number (the number following “Dest Port:” for the TCP segment containing the HTTP request) to which this HTTP request is being sent?
    • Destination Port: 80

    Figure 5. Destination port


  6. Print the two HTTP messages (GET and OK) referred to in question 2 above. To do so, select Print from the Wireshark File command menu, and select the “Selected packets only” and “As displayed” radial buttons, and then click OK.

    Figure 6. HTTP messages


References

Computer Science, Computer Networking
wireshark
이 글은 저작자의 CC BY-SA 4.0 라이선스를 따릅니다.