|
frame # |
# data bytes carried |
number labeled in uppercase/blue |
number labeled in lowercase/red |
| 1 | |||
| 2 | |||
| 3 | |||
| 4 | |||
| 5 | |||
| 6 |
tcp interactive data exchange, tracking the dataflow
You will use Wireshark to capture a couple of keystrokes under telnet.
VirtualBox platform users - you will not need to perform the
capture, which will be done instead as a demonstration during class.
(It will be done between the VirtualBox CLIENT and SERVER from
the "sniffing" exercise, if you would like to experiment with it.)
The resulting capture file will be made available to you. (It's here.) You can then perform these instructions beyond the point below where the capture is terminated, from the paragraph, "You should have 6 frames...."
The exercise for you to perform:
Start Wireshark (but don't start capturing anything yet). Wireshark has a TCP checksum validation feature that can throw a lot of checksum errors in normal circumstances. To learn about and avoid this, disable checksum validation.
In a terminal window run a telnet client and log in to a telnet server indicated by your instructor. (In the fedora VMs you can initiate the telnet server program with the command systemctl start telnet.socket . You can then log in to it using a telnet client from some machine. The command "telnet" is a telnet client; give it as argument the IP address of the machine on which the telnet server is running.)
In Wireshark, start capturing on the appropriate interface, applying capture filter "host <your address>"
In telnet, type exactly and only A followed by B-- no period, no enter, no nonsense-- 2 keystrokes.
In Wireshark, terminate the capture.
You should have 6 frames, corresponding to the diagram below. Highlight the first frame in the packet list pane. Open/expand its TCP segment in the packet details pane. There, highlight the sequence number field. Note the value of the sequence number shown. Also, note the 4 bytes highlighted in the packet bytes pane, which is the raw sequence number. Does their value match the one shown in the packet details? Read about Wireshark's relative sequence numbers. Turn off relative numbering. Note the displayed numbers change to the large, absolute ones.
The questions for you to answer and submit:
Print out this page. On your printout above the 6 arrows fill in the 12 blank values (i.e., the sequence number and acknowledgement number of each frame) with the last 3 digits of the displayed sequence/acknowledgement numbers. Then fill in the table at right.
|
|
The numbers labeled with uppercase in blue all belong together as a series, as do those labeled with lowercase in red. They're another series. Each series is counting something. ("data bytes" means application data, not looking for frame size.)
The series of numbers labeled with uppercase in blue: what is it counting?
______________________________________________________________
The series of numbers labeled with lowercase in red: what is it counting?
______________________________________________________________
After you have labeled the 6 arrows, filled in the 12 blank table cells, and answered the 2 questions on this page, submit a screenshot or photo of it to your assignments directory on the remote server. Use filename "tcp-inertactive.jpg" (or .png).