Scribd Logo
Upload

Welcome to Scribd!

  • Actividad B

    Uploaded by

    Arnold
    0 views3 pages
    The document summarizes the analysis of 5 TCP streams in a pcapng capture file. It identifies that the streams are carrying FTP traffic. It provides details on the 3-way handshake frames for streams 0 and 1. It also describes how the sequence and acknowledgement numbers change for the first 5 packets of each stream. Finally, it notes that stream 3 is transferring a 2760 byte file using FTP.

    Original Description:

    Original Title

    ACTIVIDAD B

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document summarizes the analysis of 5 TCP streams in a pcapng capture file. It identifies that the streams are carrying FTP traffic. It provides details on the 3-way handshake frames for streams 0 and 1. It also describes how the sequence and acknowledgement numbers change for the first 5 packets of each stream. Finally, it notes that stream 3 is transferring a 2760 byte file using FTP.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    0 views3 pages

    Actividad B

    Uploaded by

    Arnold
    The document summarizes the analysis of 5 TCP streams in a pcapng capture file. It identifies that the streams are carrying FTP traffic. It provides details on the 3-way handshake frames for streams 0 and 1. It also describes how the sequence and acknowledgement numbers change for the first 5 packets of each stream. Finally, it notes that stream 3 is transferring a 2760 byte file using FTP.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 3

    ACTIVIDAD B

    Answer the following questions based on TCP -> Capture2.pcapng

    1) How many TCP streams are there in the capture? R/. 5 TCP streams

    2) Upon initial assesment, what upper layer protocols are running on them? R/. FTP

    3) For stream 0 and 1 (use "tcp.stream eq #" filter) identify:

    A) The Frames (No) corresponding to the three-way handshake:

    R/. for TCP stream 0: 3 Frames (Frame 1, Frame 2 and Frame 3).

    For TCP stream 1: 3 Frames (Frame 16, Frame 17 and Frame 18).

    B) The initial sequence number for both the client and the server (real sequence numbers):

    R/. Client Initial Sequence #2996858898 - Server Initial Sequence #2800506089

    C) Identify the sequence and acknowledgement number for the first 5 packets in each stream,
    how do they change?

    R/. Stream 0:

    Packet 1: Sequence Number: 3543158236 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 3543158237 / Acknowledgment Number: 0

    Packet 2: Sequence Number: 316820940 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 316820941 / Acknowledgment Number: 3543158237

    Packet 3: Sequence Number: 3543158237 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 3543158237 / Acknowledgment Number: 316820941

    Packet 4: Sequence Number: 316820941 + TCP Segment Length: 143 = Next Sequence Number
    Expected: 316821084/ Acknowledgment Number: 3543158237

    Packet 5: Sequence Number: 3543158237 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 3543158237/ Acknowledgment Number: 316821084
    Stream 1:

    Packet 1: Sequence Number: 3543158236 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 3543158237 / Acknowledgment Number: 0

    Packet 2: Sequence Number: 316820940 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 316820941 / Acknowledgment Number: 3543158237

    Packet 3: Sequence Number: 3543158237 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 3543158237 / Acknowledgment Number: 316820941

    Packet 4: Sequence Number: 316820941 + TCP Segment Length: 143 = Next Sequence Number
    Expected: 316821084/ Acknowledgment Number: 3543158237

    Packet 5: Sequence Number: 3543158237 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 3543158237/ Acknowledgment Number: 316821084

    Stream 2:

    Packet 1: Sequence Number: 2558897099 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 2558897100 / Acknowledgment Number: 0

    Packet 2: Sequence Number: 2800505090 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 2800505091 / Acknowledgment Number: 2558897100

    Packet 3: Sequence Number: 2558897100 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 2558897100 / Acknowledgment Number: 2800505091

    Packet 4: Sequence Number: 2800505091 + TCP Segment Length: 143 = Next Sequence Number
    Expected: 2800505234 / Acknowledgment Number: 2558897100

    Packet 5: Sequence Number: 2558897100 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 2558897100 / Acknowledgment Number: 2800505234

    Stream 3:

    Packet 1: Sequence Number: 1070554043 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 1070554044 / Acknowledgment Number: 0

    Packet 2: Sequence Number: 634554822 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 634554823 / Acknowledgment Number: 1070554044

    Packet 3: Sequence Number: 1070554044 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 1070554044 / Acknowledgment Number: 634554823

    Packet 4: Sequence Number: 634554823 + TCP Segment Length: 2760 = Next Sequence Number
    Expected: 634557583 / Acknowledgment Number: 1070554044
    Packet 5: Sequence Number: 1070554044 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 1070554044 / Acknowledgment Number: 634556203

    Stream 4:

    Packet 1: Sequence Number: 926847298 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 926847299 / Acknowledgment Number: 0

    Packet 2: Sequence Number: 1667092522 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 1667092523 / Acknowledgment Number: 926847299

    Packet 3: Sequence Number: 926847299 + TCP Segment Length: 0 = Next Sequence Number
    Expected: 926847299 / Acknowledgment Number: 1667092523

    Packet 4: Sequence Number: 1667092523 + TCP Segment Length: 143 = Next Sequence Number
    Expected: 1667092666 / Acknowledgment Number: 926847299

    Packet 5: Sequence Number: 926847299 + TCP Segment Length: 6 = Next Sequence Number
    Expected: 926847305 / Acknowledgment Number: 1667092666

    Do they correspond to the amount of bytes transfered? R/. Yes, they do correspond.

    * BONUS: Look at TCP stream 3, what protocol is running in there? R/. FTP

    Can you infer how it's connected to the rest of the capture? R/. FTP is a protocol for transfering
    files and data. As per Stream #3 frame #77, a 2760 bytes stream is noticeable and upon reviewing
    #77 frame`s Line-Based Text Data section, one can see a .bin file ran directly to the switch. Since
    Source Port: 65148 and Destination Port: 60461 are both ephemeral ports, that makes you belief
    you are using your own computer (Source port) as a server in order to download some
    programming or update file to the other device (Destination port), in this case acting as a client.

    You might also like