Exercise 4

In this exercise, you are going to capture live traffic from your computer. Open up Wireshark and use the “Capture” menu to save live traffic. The Wireshark “QuickStart” guide distributed with these exercises contains more instructions on using Wireshark.

Start capturing data, visit a live web site using your standard Internet browser, and stop capturing data.

The above image shows captured data of www.cnn.com.
The device used in above capture was a part of a private network with IP address 10.1.1.4. The router is working as an initial Server in this network, with IP address 10.1.1.1.
The first packet, 26, is a query sent by Client to the initial DNS for address www.cnn.com.
Packet 28 is an acknowledge sent to client in response to packet 26.
Packet 29 is the connection-establish request sent to server, 157.166.255.18.
Packet 32 is the connection-establish acknowledge from www.cnn.com to the client.
Packet 33 responses to the acknowledge of packet 32.
Packets 34 and 35 are the actions of query and responses, as in frames 26 and 28.
Frame 36 is the request for the URI to server 157.166.255.18.
Server sends the acknowledge to client in frame 37.
Frames 38 and 39 contain TCP segment to client that is to be reassembled in up-coming frames.
Frame 40 is sent by client as response to frame 39. But there is no acknowledgement to frame 38. This happened because frame 38 might not have well received by client, or lost.

The frames 41 to 79 are similar processes of sending TCP packets and replying to the server.
In frame 80, the final packet is sent by server to be reassembled in frame 81.
Frame 81 is the main HTTP packet requested by client in frame 36.

This process continues from frame 82 to frame 429 till the client get all files required by the requested URI.
Frame 448 sends final acknowledge to the server and the connection is closed.
Frame 451 acknowledges to the final acknowledge in frame 448.