tcp interactive data exchange, tracking the dataflow
You will use Wireshark to capture a couple of keystrokes under telnet.
The exercise for you to perform:
Start Wireshark (but don't start capturing anything yet). Wireshark has a TCP checksum validation feature that can throw a lot of checksum errors in normal circumstances. To learn about and avoid this, disable checksum validation.
In a terminal window log in to a telnet server indicated by your instructor.
In Wireshark, start capturing on the appropriate interface, applying capture filter "host <your address>" (Capture/Interfaces/Options/CaptureFilter).
In telnet, type exactly and only A followed by B-- no period, no enter, no nonsense-- 2 keystrokes.
In Wireshark, terminate the capture.
You should have 6 frames, corresponding to the diagram below. Highlight the first frame in the packet list pane. Open/expand its TCP segment in the packet details pane. There, highlight the sequence number field. Note the value of the sequence number shown. Also, note the 4 bytes highlighted in the packet bytes pane, which is the raw sequence number. Does their value match the one shown in the packet details? Read about Wireshark's relative sequence numbers. Turn off relative numbering. Note the displayed numbers change to the large, absolute ones.
The questions for you to answer and submit:
Print out this page. On your printout above the 6 arrows fill in the 12 blank values (i.e., the sequence number and acknowledgement number of each frame) with the last 3 digits of the displayed sequence/acknowledgement numbers. Then fill in the table at right.
The numbers labeled with uppercase in blue all belong together as a series, as do those labeled with lowercase in red. They're another series. Each series is counting something. ("data bytes" means application data, not looking for frame size.)
The series of numbers labeled with uppercase in blue: what is it counting?
The series of numbers labeled with lowercase in red: what is it counting?