User:Saikotsu

From MCIS Wiki

Jump to: navigation, search

Wireshark Results:


feel free to ignore this section, it is full of my thoughts on the traffic, but it wasn't exactly what you wanted.


the first things I noticed was that much of the information I was given I could not understand. However, there seemed to be a pattern. every time my host machine sent out information, it would display some kind of command like SYN or RST (I think that represents reset. it seems important because any line containing that was highlighted in red). The next line would be from the other machine sending a reply, with the first command showing up again followed by ACK: [SYN, ACK] I believe this represented an acknowledgement that the command was received or the package made it. Afterwards, my machine would move on. (the ip addresses for source and destination would alternate between a class C address belonging to this computer and another address belonging to the server.) After every line with an ACK in it the pattern would reset with the computer that last sent something (the source/destination wouldn't change)

what puzzled me was that the destination wasn't always the same. I managed to see Class A, B, and C addresses for the destination, but one of the ip addresses was always the class c address of my computer.

the system seems to work very much like pinging a computer: you send out a signal, it receives it, and sends an acknowledgement back. once that happens, the users computer then moves on to the next instruction.

The high usage of TCP kinda alarmed me. Transmission control protocol is used to transmit file data back and forth. I assume that whenever communication occurs, http piggy backs on it. for instance, anytime I see TCP, somewhere in the information line is an http. the only exception is when the info displays segment of a reassembled PDU.

simply logging out of yahoo created 176 interactions as well, which seems like a lot!

I worked with wireshark twice, and I think I followed the requirements better the second time.

it is interesting to see that as I logged on, the computer seemed to be requesting information on a gif file. I believe this was the advertisement on the side, and the computer was requesting the file from the server. it sent it and then my computer sent the confirmation that it received it.


this section contains better results.

Personal tools