מידע

יוצרים Olivier Bonaventure
מועד הגשה אין מועד הגשה
מגבלת הגשות אין הגבלה

תגיות

כניסה

Analyzing a packet trace

Network engineers often need to analyze packet traces. Here is a 2 minutes long packet trace that was collected on a Linux host that used Chrome, Firefox, thunderbird and the brave browser. By analyzing the trace with wireshark, can you answer the following questions ?

https://inginious.org/course/cnp3/q-tcpdump-trace/tcpdump-long.pcap


שאלה 1: Number of packets

How many packets does this trace contains ?

שאלה 2: Connection on port 5228

The trace contains a connection on an unusual port number, 5228. Looking at this this connection, it appears that it uses TLS. What is the name of the server that was contacted ?

שאלה 3: The IPv4 address of the captured host

The packets in this trace were captured from a single host. What is the IPv4 address of this host ? Note that you will find many addresses in the trace, look for DNS requests or establishments of TCP connections (SYN packets) to find the client address.

שאלה 4: The IPv6 address of the captured host

The packets in this trace were captured from a single host. What is the IPv6 address of this host ? Note that you will find many addresses in the trace, look for DNS requests or establishments of TCP connections (SYN packets) to find the client address.

שאלה 5: TCP ports

What is the most frequent TCP destination port used in this trace ? (Hint: the "Conversations" tool in the "Statistics" tab can be helpful)

שאלה 6: The DNS resolver

What is the IPv6 address of the DNS resolver used by this host ?

שאלה 7: TCP connections on port 80

How many connections were established on port 80 ?

שאלה 8: Mailserver

This trace contains one connection on port 587, which is used by a client to send an email to a mailserver. What is the name of the server contacted by this client ?

שאלה 9: Connections on port 993

The trace contains four connections on port 993. What is the name of the server that was contacted ?

שאלה 10: Connections to IPv6 servers on TCP port 80

The trace contains four connections to an IPv6 server on TCP port 80. By looking at the content of the packets, can you infer the application that created those connections ?