b Click the icon to the left of the Transmission Control Protocol in the packet

B click the icon to the left of the transmission

This preview shows page 4 - 8 out of 31 pages.

b. Click the + icon to the left of the Transmission Control Protocol in the packet details pane to expand the view of the TCP information. c. Click the + icon to the left of the Flags. Look at the source and destination ports and the flags that are set. Note : You may have to adjust the top and middle windows sizes within Wireshark to display the necessary information.
Image of page 4
Lab - Using Wireshark to Observe the TCP 3-Way Handshake What is the TCP source port number? __________________________ How would you classify the source port? ________________________ What is the TCP destination port number? _______________________ How would you classify the destination port? _____________________ Which flag (or flags) is set? ________________________ What is the relative sequence number set to? ____________________ d. To select the next frame in the three-way handshake, select Goon the Wireshark menu and select Next Packet In Conversation. In this example, this is frame 16. This is the Google web server reply to the initial request to start a session. What are the values of the source and destination ports? ______________________________________ © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 6
Image of page 5
Lab - Using Wireshark to Observe the TCP 3-Way Handshake Which flags are set? ___________________________________________________________________ What are the relative sequence and acknowledgement numbers set to? ____________________________________________________________________________________ e. Finally, examine the third packet of the three-way handshake in the example. Clicking frame 17 in the top window displays the following information in this example: Examine the third and final packet of the handshake. Which flag (or flags) is set? _____________________________________________________________ The relative sequence and acknowledgement numbers are set to 1 as a starting point. The TCP connection is now established, and communication between the source computer and the web server can begin. f. Close the Wireshark program. Reflection 1. There are hundreds of filters available in Wireshark. A large network could have numerous filters and many different types of traffic. Which three filters in the list might be the most useful to a network administrator? © 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 6 _______________________________________________________________________________________ 2. What other ways could Wireshark be used in a production network? _______________________________________________________________________________________ _______________________________________________________________________________________
Image of page 6
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 6 Lab - Using Wireshark to Examine a UDP DNS Capture Topology Objectives Part 1: Record a PC’s IP Configuration Information Part 2: Use Wireshark to Capture DNS Queries and Responses Part 3: Analyze Captured DNS or UDP Packets Background / Scenario If you have ever used the Internet, you have used the Domain Name System (DNS). DNS is a distributed network of servers that translates user-friendly domain names like to an IP address. When you type a website URL into your browser, your PC performs a DNS query to the DNS server’s IP address. Your PC’s DNS server query and the DNS server’s response make use of the User Datagram Protocol (UDP) as the transport layer protocol. UDP is connectionless and does not require a session setup as does TCP.
Image of page 7
Image of page 8

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture