The first packet I caught was a TCP packet. Wireshark was able to give all sorts of information on this packet. Below is a few screen shot of the TCP packet I got.
The source IP was 10.40.1.102 (This is the PC I use at school); the destination IP was 64.233.169.105 (I quick search of this IP found it goes to Google). The source port was 49475, a quick search of the internet was unable to show what application was using this port, the destination port was 80 this port is used for HTTP and is on the application layer. The flag for the port was 0x02 (syn), basically the sender (my PC) is requesting a synchronization of the of the sequence number. Another thing listed was the TTL(time to Live) for this packet it was 128. This means that this is the limit on the period of time or number of transmissions that this packet can experience before it will be discarded. The Differentiated services field was (DSCP 0x00: Default; ECN: 0x00) I looked and look on the internet for what this meant, and I was unable find to find out….so I’m still in the dark on what this really means. But I will keep looking and when I find out I will update the blog with what it is. The 4 other values for this was. 0000 00.. = Differentiated Services Codepoint: Default (0x00), .... ..0. = ECN-Capable Transport (ECT): 0,.... ...0 = ECN-CE: 0, Total Length: 52. Ok lets move on..to the protocol field, this packet was set to TCP (0x06), this means it was using a transmission protocol. Onther cool thing listed for this packet was the MAC address of the source (00:16:76:d6:e0:2f) and destination (00:04:c0:ee:9b:ff ) Nodes. A few things I found interesting was that the frame listed the make of the processer and it’s physical address in this case a Intel_d6:e0:2f. Thought that was really neat.
The next packet we had to analyze was a UDP packet.
In this packet the source port was 2457 this is used by “rapido-ip”. The destination port was 53 this is used by the domain name system. The Source IP and Mac was 192.168.1.7 & 00:24:1d:2d:4a:2b both these number identify that my home PC was the source of this packet. The destination IP and MAC was 192.168.1.1 and 00:1b:2f:02:8a:0e.both these number identify my home router as the destination for this packet.
The flag for this packet was list as “standard query”0X0100. The TTL(time to Live) for this packet it was 128. This means that this is the limit on the period of time or number of transmissions that this packet can experience before it will be discarded (this was the same as my last packet).
The framing used was PTR (Domain name pointer). Other things list of interest was
all the Protocols in the frame were listed, eth:ip:udp:dns. The Coloring Rule Name was UDP. The frame number was 3& it’s length was 84 bytes with a capture length of 84 bytes.
I was supposed to find a TCP packet with a three way handshake, my home PC did not show any in the hour and half I used Wireshark.
Next packet was an ARP.
The Source IP and Mac was 192.168.1.1 & 00:1b:2f:02:8a:0e both these number identify that my home network’s router was the source of this packet. The destination IP and MAC was 192.168.1.7 and 00:24:1d:2d:4a:2b both these number identify my home PC as the destination for this packet.
This address was used because it was a packet between my PC and my network’s router. Other stuff the ARP frame had that was cool was it included the date and time of the packet as well as the frame number. I also told me how big it was in this case it was 64 bytes. Another thing that was listed in the frame was the protocols that was used for this packet, for me this was the most useful since I understand that.
Wireshark was kind of neat to use I learned a little bit from it, and each time I study it I seem to pick up just a little bit more. The biggest thing I learned from Wireshark is that networks exchanges A LOT of data very rapidly. I wouldn’t have imaged that some many different packets using different protocols would be going between my PC and the rest of the network. Over all Wireshark was kind of neat to work with but on the other hand it only added to my confusion. I now fell more lost in the word of networking, how will I ever memorize ALL THIS data! I not even sure what I was looking up, most site use some kind of jargon and talked in terms I have yet to understand. To be honest this has me questioning if this is the line of work for me.
I’m sure this program is useful. I kept running into website where people posted the information like we got from Wireshark in hopes of solving a problem they were having. So I sure it is used as a good diagnostic tool.
No comments:
Post a Comment