Skip to main content

A look at network traffic

Lets take a quick look into the network traffic that is generated when an activity occurs such as a file download via an HTTP request. We will also look further into the TCP protocol handshake, sequence numbers, and their values. We will examine their significance resulting from the HTTP request.
  1. What role does TCP play during HTTP requests? Is TCP a connection-oriented protocol? Explain in details. A TCP header has Flags field. Describe the meaning of flags "SYN", "SYN ACK" and "FIN".
    2. Transmission Control Protocol is, as its name states, controls the transmission of an application between end points. HTTP is the application layer in this case, TCP provides for the reliable delivery of HTTP requests. It passes over to the network layer. A user initiates an HTTP request by opening a browser and requesting a web page via a URL. The server will then deliver the request, and any objects such as images, movies, PDF files etc that the web page may have embedded into it. From a high level TCP accomplishes this task by initiating a handshake, more specifically a three-way handshake to establish the parameters before transmission can begin. Error detection, retransmissions, cumulative acknowledgments, timers, and header fields are some of the principals of TCP. Yes, TCP is a connection-oriented protocol that provides this service to the application layer. As mentioned, a handshake must be established. The client will send a special TCP segment with no payload, the receiver or server will respond with a special segment in acknowledgment. The handshake is then established.
    In TCP connection management, "SYN", "SYNACK" and "FIN" are flag bits in the special segments. The SYN segment will contain a sequence number for the initial connection. The client will send this to the server. The server will then know via the SYN that it has received the initial packet and sequence number and can now begin. As a result, the client will get back the acknowledgement via the SYNACK segment from the server. The client will then send another segment that acknowledges the servers connection. This is the three way handshake.
    A FIN segment is sent by the client when it wishes to close the session. The server receives the FIN segment and responds accordingly.
  2. What is the IP address and TCP port number used by your computer that is receiving the file from the website? What is the IP address and the port number of the Penn State server. Do the port numbers have any significance?
    3. My PC: 192.168.21.101, on port 52512
    Penn State: 130.203.135.84, on port 80
    Port 52512 is used for TCP/UDP traffic. The port range 49152–65535 are above the registered ports. These are known as Ephemeral ports. "An ephemeral port is a short-lived transport protocol port for Internet Protocol (IP) communications allocated automatically from a predefined range by the TCP/IP software. It is used by the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), or the Stream Control Transmission Protocol (SCTP) as the port assignment for the client end of a client–server communication to a well known port on a server." (Wikipedia, 2012) Port 80 is the standard http port used by web servers.
  3. What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between your computer and Penn State server?
    The sequence number is 0, the SYN flag is value 1.
  4. Carefully inspect the TCP header. What flags are set? Describe their significance.
    Reserved: Not set For future use.
    Nonce: not set Concealment protection.
    Congestion window recued: Not set Set by sending host to indicate it received TCP segment.
    ECN-echo: Not set Indicates if the TCP peer is ECN capable.
    Urgent: Not set Urgent pointer field.
    Acknowledgement: Not set Indicates if the acknowledgement was sent or not.
    Push: not set Push the buffered data to the application.
    Reset: not set Reset the connection
    SYN: set (value of 1) Flag
  5. What is it in the segment that identifies the segment as a SYN segment? What is the value of maximum segment size (MSS)? (You need to expand the Option, for this)
    In this screen shot it clearly states (SYN, ACK) and we can also see the SYN and SYN-ACK set to a value of 1
  6. What is the sequence number of the SYN-ACK segment sent to your computer by the server in reply to the SYN? What is the value of the Acknowledgement field in the SYN-ACK segment? How did your computer determine that value? What is it in the segment that identifies the segment as a SYN-ACK segment?
    Sequence number of 0, acknowledgement field value is 1. The computer determined the value by adding 1 to the first sequence number of SYN segment. In the Flags > Acknowledgment identifies it a SYNACK segment, both have a value of 1.
  7. What is the sequence number of the TCP segment containing the HTTP GET command? Note that in order to find the GET command; you’ll need to dig into the info field of the Wireshark window.
    Sequence number is 1 and is the Push segment flag with a value of 1. The Push flag in the TCP header tells the receiver that the data (in this case the PDF file) should be sent immediately.
  8. For the above packet, check the Ethernet header. Record the source and destination physical addresses. Is the destination address the address of your computer? [Use ipconfig /all to find the information from the command prompt.]
    Source: IntelCor_67:7a:18 (00:23:14:67:7a:18). Destination: Cisco-Li_31:87:9c (00:0f:66:31:87:9c)
    Yes, it is the physical address of my PC, my Wireless LAN adapter, and Wireless LAN adapter Wireless Network Connection, which is 00-23-14-67-7A-18. (ASCII translated)
    My IPconfig output:
    Windows IP Configuration: Host Name . . . . . . . . . . . . : Zapps_laptop
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Mixed
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : juniper.com barclaycardus.com
    Ethernet adapter Local Area Connection* 9:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Check Point Virtual Network Adapter For SSL Network Extender
    Physical Address. . . . . . . . . : 54-BB-BD-78-D5-12
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Wireless LAN adapter Wireless Network Connection 3:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
    Physical Address. . . . . . . . . : 00-23-14-67-7A-19
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Wireless LAN adapter Wireless Network Connection 2:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
    Physical Address. . . . . . . . . : 00-23-14-67-7A-19
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Wireless LAN adapter Wireless Network Connection:
    Connection-specific DNS Suffix . : linux.bzap.com
    Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6200 AGN
    Physical Address. . . . . . . . . : 00-23-14-67-7A-18
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::65d9:ca23:efad:119f%11(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.2.101(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Saturday, September 29, 2012 5:28:01 AM
    Lease Expires . . . . . . . . . . : Sunday, September 30, 2012 5:28:02 AM
    Default Gateway . . . . . . . . . : 192.168.2.1
    DHCP Server . . . . . . . . . . . : 192.168.2.1
    DHCPv6 IAID . . . . . . . . . . . : 184558356
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-42-92-49-00-26-B9-BA-49-DC
    DNS Servers . . . . . . . . . . . : 71.242.0.12 71.250.0.12
    NetBIOS over Tcpip. . . . . . . . : Enabled
    Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
    Physical Address. . . . . . . . . : 00-26-B9-BA-49-DCv DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.linux.bzap.com: Connection-specific DNS Suffix . : linux.bzap.com
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::5efe:192.168.2.101%36(Preferred)
    Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 71.242.0.12 71.250.0.12
    NetBIOS over Tcpip. . . . . . . . : Disabled
    Tunnel adapter Local Area Connection* 11:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . :
    2001:0:9d38:953c:857:1c3e:b850:8141(Preferred)
    Link-local IPv6 Address . . . . . : fe80::857:1c3e:b850:8141%15(Preferred)
    Default Gateway . . . . . . . . . : ::
    NetBIOS over Tcpip. . . . . . . . : Disabled
    Tunnel adapter isatap.{C62D7E00-1843-42B7-8045-BCAA441EE9A7}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #11
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.{A5FDE21F-8B9C-4FE1-B3F6-588560BC32B4}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #12
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

Labels:

Comments

Post a Comment

Popular posts from this blog

:nth-child structural pseudo-class selectors

There are 4 pseudo-class expressions that are part of the :nth-child pseudo-class. Structural pseudo-class selectors target HTML elements based on the DOM tree. Basically, elements that cannot easily be targeted by simple selectors or combinations of selectors. What makes pseudo-classes so handy is the ability style elements dynamically based on its position in the DOM. :nth-of-type(N) :nth-last-child(N) :nth-child(N) :nth-last-of-type(N) :nth-of-type(N) selector My favorite of the 4 is the :nth-of-type(N) selector. The nth-of-type selector allows you to select child elements of a parent based on the particular type of the element, for example every 5th "li" element in a list. You can select even or odd elements, or the nth (order number) child in the group of elements. The class accepts the argument "n" which can can be a keyword, a number, or strings "odd", "even", or an expression "-n+3". Let's look at a simple but ef
Post a Comment
Read more

The ICMP protocol

Let's look into the ICMP protocol. Specifically, ping and traceroute. ICMP is the Internet Control Message Protocol and is a component of the IP Layer. Basically, used by hosts to communicate diagnostic network layer information that is carried in the IP payload. It communicates error messages which are acted on by the IP layer or the UDP or TCP protocols. All of the exercises were carried out using the open source network protocol analyzer "Wireshark". www.wireshark.org Describe in detail the protocols ARP and ICMP. ARP is the Address Resolution Protocol is similar to that of DNS. Where DNS resolves IP addresses to domain names, ARP resolves network layer IP addresses to link layer MAC addresses. In order to send a datagram the source must give the adaptor the IP address and the MAC address. For example, host A wants to send a packet to host B. Host A uses a cached ARP table to look up the IP address for any existing records of host B's MAC address. If the MA
1 comment
Read more

Creating triggers

Triggers are SQL statements which are stored with the intention of being activated or fired when an event associated with a database table occurs. This could be any event including an INSERT, UPDATE and DELETE. Lets begin by creating a few simple insert triggers CREATE a trigger on the ORDERLINE table for the insert event. The trigger will update the corresponding PRODUCT record QTY_ORDERED by adding the value of QTY to QTY_ORDERED. CREATE TRIGGER tr_qty_ordered_value_insert ON Orderline FOR INSERT AS BEGIN UPDATE product SET QTY_ORDERED = QTY_ORDERED + ((SELECT qty from INSERTED) * (SELECT unitprice from INSERTED)) WHERE product.ProductID = (SELECT ProductID from INSERTED); END; Command(s) completed successfully. CREATE a trigger on the ORDERLINE table for the delete event. The trigger will update the corresponding PRODUCT record QTY_ORDERED by subtracting the value of QTY FROM QTY_ORDERED. CREATE TRIGGER tr_qty_ordered_value_delete ON Orde
Post a Comment
Read more