Principles of Cybersecurity, 1st Edition page 269

Copyright Goodheart-Willcox Co., Inc. Chapter 8 Overview of Network Security and Network Threats 269 Quick Look 8.1.5 Continued 7. In the main Wireshark window, fi nd the third part of the handshake. This should be the ACK packet. What do you expect the sequence and acknowledgement numbers to be? Which fl ags will be set to on (1)? Open the ACK transaction, and see if you were correct. 8. Choose Edit Preferences… from the menu in the main Wireshark window. In the Preferences dialog box that is displayed, double-click Protocols on the left-hand side to expand it. Wireshark makes it easier to view the sequence and acknowledgement numbers since they can be quite large. You can change the default view to show the actual numbers, not the relative numbers. 9. Scroll down to fi nd TCP, and click it. Note the default setting is to use relative numbers, as shown. 10. Uncheck the Relative sequence numbers check box, and then click the OK button to save and close preferences. 11. Return to the fi rst frame you identifi ed (the SYN). What is the sequence number now? 12. Change to the SYN/ACK option. What are the sequence and acknowledgement numbers? 13. What do you believe the numbers will be for the ACK transaction? Open the ACK transaction to see if you were correct. 14. In the details window for the ACK transaction, scroll down further under Transmission Control Protocol. Notice the SYN/ACK sequence of events is displayed. RTT stands for round-trip time. Close the details window. 15. Select the fi rst frame (SYN) in the main Wireshark window, but do not open it. Then, click Statistics Flow Graph in the menu. A window is displayed that shows the entire conversation exchanged in this network request. It includes the transfer of data and possibly other transactions such as encryption. The top shows the IP addresses involved in the transaction the left side indicates the times of each transaction. You can view this in other ways as well. If you see a FIN packet, that indicates the fi nal transmission in the sequence. 16. At the bottom of the window, click the Flow type: drop-down arrow, and click TCP Flows in the drop- down list. This view makes it easier to see the sequence and acknowledgement numbers in the far right Comment column. Do you understand now why Wireshark shows relative numbers? 17. Click the Save As… button at the bottom of the graph window. A standard save-type dialog box is displayed that allows the graph to be saved as a PDF, PNG, BMP, JPEG, or TXT fi le. Save the graph as a PDF using your name as the fi le name. 18. Applying what you have learned, reset the TCP display to relative numbers. 19. Close Wireshark. Uncheck Select the protocol

Previous Page Next Page

Principles of Cybersecurity, 1st Edition Page 269 (281 of 634)

Resources and Downloads

Help