Main Lab

Overview

For this lab we familiarized ourselves with the TCP handshake and connection termination process by analyzing packets with Wireshark.

Part 01 - Capturing the handshake

To begin the lab I had to capture the a packet with Wireshark. In order to do this I started a capture on the ethernet, and then inside and incognito window I attempted to connect to 95.216.26.30. After this I stopped my capture and used the filter ip.addr==95.216.26.30 to filter for the captured packets relating to this connection.

Part 02 - Analyzing the TCP handshake

After this we first analyzed the SYN packet noting the source and destination ports.

After this we analyzed the sequence number for the SYN packet. In order to do this I had to turn off relative sequence number by right clicking my packet > Protocol Preference > Transmission Control Protocol > Uncheck Relative Sequence Numbers.

After this we looked at the SYN, ACK packet noting the Sequence and Acknowledgement numbers.

Finally we looked at the ACK packet.

Part 03 - Analyzing the TCP Connection Termination

To analyze the TCP connection termination process I had to repeat similar steps to before, with the difference of making sure I capture packets after closing my connection to 95.216.26.30. After capturing my packet I took a screenshot of the 3 or four packets showing the termination process.

I then reenabled relative sequence numbers.

I then analyzed the bytes sent between the server and the browser.