Scribd
Upload
244 views10 pages

Analyzing Application Layer Protocol Using Wireshark

The document describes capturing various network packet types using Wireshark including ICMP, HTTP, and DNS packets. It then provides steps to analyze DNS query responses and TCP handshake packets in an FTP session capture. Specifically, it has the user open a YouTube site to trigger DNS queries, select DNS response rows to analyze source/destination ports and queries, and examine the SYN, SYN-ACK, and ACK packets between client and server including IP addresses, port numbers, sequence numbers, and header fields.

Uploaded by

Basyirah Mohd Zawawi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
244 views10 pages

Analyzing Application Layer Protocol Using Wireshark

The document describes capturing various network packet types using Wireshark including ICMP, HTTP, and DNS packets. It then provides steps to analyze DNS query responses and TCP handshake packets in an FTP session capture. Specifically, it has the user open a YouTube site to trigger DNS queries, select DNS response rows to analyze source/destination ports and queries, and examine the SYN, SYN-ACK, and ACK packets between client and server including IP addresses, port numbers, sequence numbers, and header fields.

Uploaded by

Basyirah Mohd Zawawi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

Capture ICMP Packets

Capture HTTP Packets

Capture DNS Packets


Open CMD, run ipconfig/flushdnsStart capture and open www.youtube.com

Question
Select the first row Standard Query A www.youtube.com
On User Datagram Protocol, write:
•Source Port- 51082
•Destination Port- 53

On Domain Name System (query), write:


•Queries- www.youtube.com: type A, class IN
Select the second row Standard Query AAAA www.youtube.com
On User Datagram Protocol, write:
•Source Port- 57731
•Destination Port-53

On Domain Name System (query), write:


•Queries- www.youtube.com: type AAAA, class IN

•What is different with first column before?


-First column has a different source port with second row Standard Query
AAAA. Source port for the first column is 51082 while the second row Standard
Query AAAA is 57731.
Select the third row Standard Query response On User Datagram Protocol,
write:
•Source Port- 53
•Destination Port- 51082
•What is different between previous two question before?
- The destination port for both rows is 53, while the destination port for
the third row is 51082.

On Domain Name System (query), write:


•Answers -> Select first row (www.youtube.com), write Name, Type, and Time
to Live
Identify TCP Header Fields and Operation Using a Wireshark FTP Session
Capture
Fill in the following information regarding the SYN message.

Source IP Address: 192.168.0.127


Destination IP Address: 198.246.117.106
Source port number: 63832
Destination port number: 21
Sequence number: 774493881
Acknowledgement number 0
Header length: 32 bytes
Window size: 8192
Fill in the following information regarding the SYN-ACK message.

Source IP Address: 198.246.117.106


Destination IP Address: 192.168.0.127
Source port number: 21
Destination port number: 63832
Sequence number: 0
Acknowledgement number 774493882
Header length: 32 bytes
Window size: 8192

Fill in the following information regarding the ACK message.


Source IP Address: 192.168.0.127
Destination IP Address: 198.246.117.106
Source port number: 63832
Destination port number: 21
Sequence number: 774493882
Acknowledgement number 254784854
Header length: 20 bytes
Window size: 8192

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy