TCP UDP - Nifalnasar/Fundamentals-of-Network GitHub Wiki

1.Open the pcap file “tcp” in Wireshark to answer the following questions.

A. What is the IP address and TCP port number used by the client computer (source) that is transferring the file to gaia.cs.umass.edu?

IP address is 192.168.1.102, TPC port number is 1161

B. What is the IP address of gaia.cs.umass.edu? On what port number is it sending and receiving TCP segments for this connection?

Port number is 80. IP address is 192.168.1.102

C. What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu? What is it in the segment that identifies the segment as a SYN segment?

TCP SYN segment is 0 he segment as a SYN segmen in flag is set to 1

D. What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN? What is the value of the Acknowledgement field in the SYNACK segment? How did gaia.cs.umass.edu determine that value? What is it in the segment that identifies the segment as a SYNACK segment?

TCP SYN segment is 0 The acknowledgement field in the SYNACK segment is 1.

E. What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command, you’ll need to dig into the packet content field at the bottom of the Wireshark window, looking for a segment with a “POST” within its DATA field.

The segment No.4 contains the HTTP POST command, the sequence number of this segment is 1.

F. Plot the RTT graph using Wireshark.

Round Trip Time Graph

G. What is the length of each of the first six TCP segments (HTTP POST)?

H. Are there any retransmitted segments in the trace file? What did you check for (in the trace)in order to answer this question?

NO retransmitted segments, For checking the retransmission status we check the iRTT Feild since they there is no change in the iRTT feild of any packet so we can say that there no packet retransmission.

I. What is the throughput (bytes transferred per unit time) for the TCP connection? Explain
how you calculated this value.

[Throughput= Time Duration/Total Bytes Transferred]​

  1. Open the pcap file “udp” in Wireshark to answer the following questions

J. Select one UDP packet from your trace. From this packet, determine how many fields the are in the UDP header. Name these fields.

  1. source port; 2. destination port; 3. length; 4. checksum

K. By consulting the displayed information in Wireshark’s packet content field for this packet, determine the length (in bytes) of each of the UDP header fields.

The UDP header has a fixed length of 8 bytes. Each of these 4 header fields is 2 bytes long

L. The value in the Length field is the length of what? Verify your claim with your captured UDP packet.

The length field specifies the number of bytes in the UDP segment (header plus data).

M. What is the protocol number for UDP? Give your answer in both hexadecimal and decimal notation.

The ip protocol number for UDP is 11 in hex and 17 in decimal value.

N. Examine a pair of UDP packets in which your host sends the first UDP packet and the second UDP packet is a reply to this first UDP packet. (Hint: for a second packet to be sent in response to a first packet, the sender of the first packet should be the destination of the second packet). Describe the relationship between the port numbers in the two packets.

The source port of the UDP packet sent by the host is the same as the destination port of the reply packet, and conversely the destination port of the UDP packet sent by the host is the same as the source port of the reply packet.