All Kinds

All Kinds


Final Project: Wireshark Analysis
IS3220 IT Infrastructure Security



Name?
Mr. ?



IP Header (Network Layer L3) – Fandango Website
Version: 4 – Ipv4 protocol
Header Length: 20 bytes –
Multiplied by 4, in bit area at bottom the 45 bits/ 4 = version 4 – Ipv4 (first 4 bits)
5 = 4(version) x 5 (the second number) gives you 20 bytes (Header length)
Differentiated Services Field: 0x00
Services for Network Traffic
ECN – Early Congestion Notification
ECN-CE – Early Congestion Notification-Congestion Experience
If these are set to 1 then the node can handle congestion and if CE is 1 then it is already experiencing congestion.
Total Length: 2751
20 Byte Header and 2731 Bytes of data and other headers
Identification: This is unique for each packet
Flags
0 = Security Flag: not evil
1 = Don’t Fragment: set
0 = More Fragments: not set
If more Fragments are to come this would be set to 1.
Fragment Offset: 0
If fragmented this tells you how to reassemble them. 8 Byte increments if the number is 2 then it would be placed 16 Bytes into the packet.
Time to Live: 128
After it gets past the first router it will be down to 127 and if all fragmented packets if there are any don’t make it to the destination before it reaches 0 then it is dropped.
Protocol: TCP (6)
Just means TCP header is next.
Any IP’s starting with 224 – 237 represent a multicast

TCP Header (Transport Layer L4) – Fandango Website
Source port: 50682 (50682)
Destination port: http (80)
[Stream Index: 3]

Sequence number: 1 (relative sequence number)
[Next sequence number: 2712 (Relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header Length: 20 Bytes
Flags: 0x018 (PSH, ACK)
000. …. …. = Reserved: Not set
…0 …. …. = Nonce: Not set
…. 0… …. = Congestion Window Reduced (CWR): Not set
…. .0.. …. = ECN-Echo: Not set
…. ..0.. …. = Urgent: Not set
…. …1. …. = Acknowledgment: Set (Means that you acknowledge...

Similar Essays