Thông tin

Tác giả Olivier Bonaventure
Hạn chót Không có hạn chót
Giới hạn nộp bài Không có giới hạn

Tags

Đăng nhập

Analyzing a packet trace

Network engineers often need to analyze packet traces. Here is a 2 minutes long packet trace that was collected on a Linux host that used Chrome, Firefox, thunderbird and the brave browser. By analyzing the trace with wireshark, can you answer the following questions ?

https://inginious.org/course/cnp3/q-tcpdump-trace/tcpdump-long.pcap


Câu hỏi 1: Number of packets

How many packets does this trace contains ?

Câu hỏi 2: Connection on port 5228

The trace contains a connection on an unusual port number, 5228. Looking at this this connection, it appears that it uses TLS. What is the name of the server that was contacted ?

Câu hỏi 3: The IPv4 address of the captured host

The packets in this trace were captured from a single host. What is the IPv4 address of this host ? Note that you will find many addresses in the trace, look for DNS requests or establishments of TCP connections (SYN packets) to find the client address.

Câu hỏi 4: The IPv6 address of the captured host

The packets in this trace were captured from a single host. What is the IPv6 address of this host ? Note that you will find many addresses in the trace, look for DNS requests or establishments of TCP connections (SYN packets) to find the client address.

Câu hỏi 5: TCP ports

What is the most frequent TCP destination port used in this trace ? (Hint: the "Conversations" tool in the "Statistics" tab can be helpful)

Câu hỏi 6: The DNS resolver

What is the IPv6 address of the DNS resolver used by this host ?

Câu hỏi 7: TCP connections on port 80

How many connections were established on port 80 ?

Câu hỏi 8: Mailserver

This trace contains one connection on port 587, which is used by a client to send an email to a mailserver. What is the name of the server contacted by this client ?

Câu hỏi 9: Connections on port 993

The trace contains four connections on port 993. What is the name of the server that was contacted ?

Câu hỏi 10: Connections to IPv6 servers on TCP port 80

The trace contains four connections to an IPv6 server on TCP port 80. By looking at the content of the packets, can you infer the application that created those connections ?