Professional Documents
Culture Documents
A. All systems jam the network, and then all begin transmitting again.
B. Hosts involved in a collision send an RTS signal indicating a time frame in
which to retransmit.
C. Hosts involved in the collision send a jam signal, and then run an algorithm
before retransmitting.
D. Collisions do not occur on CSMA/CD.
5. Which of the following are true when comparing TCP/IP to the OSI Reference
Model? (Choose two.)
A. The TCP/IP model has seven layers while the OSI model has only four layers.
B. The TCP/IP model has four layers while the OSI model has seven layers.
C. The TCP/IP Application layer maps to the Application, Session, and Presentation
layers of
the OSI Reference Model.
D. The TCP/IP Application layer is virtually identical to the OSI Application layer.
A. flow control
B. windowing
C. TCP handshake
D. reliable delivery
12. Which of the following is NOT a benefit of using a reference model?
A. divides the network communication process into smaller and simpler
components
B. encourages industry standardization
C. enforces consistency across vendors
D. allows various types of network hardware and software to communicate
IP Address
192.168.0.101
192.168.0.102
192.168.0.103
192.168.0.104
Subnet Mask
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
Default Gateway
192.168.0.1
192.168.0.1
192.168.0.1
192.168.0.1
c. Please save your configuration file and submit it with this weeks lab
activities.
Objectives
Part 1: Prepare Wireshark to Capture Packets
Select an appropriate NIC interface to capture packets.
Part 2: Capture, Locate, and Examine Packets
Capture a web session to www.google.com.
Locate appropriate packets for a web session.
Examine information within packets, including IP addresses, TCP port
numbers, and TCP control flags.
Background / Scenario
In this lab, you will use Wireshark to capture and examine packets generated
between the PC browser using the HyperText Transfer Protocol (HTTP) and a
web server, such as www.google.com. When an application, such as HTTP or
File Transfer Protocol (FTP) first starts on a host, TCP uses the three-way
handshake to establish a reliable TCP session between the two hosts. For
example, when a PC uses a web browser to surf the Internet, a three-way
handshake is initiated and a session is established between the PC host and
web server. A PC can have multiple, simultaneous, active TCP sessions with
various web sites.
Note
This lab cannot be completed using Packet Tracer. This lab assumes that
you have Internet access.
Using a packet sniffer such as Wireshark may be considered as a threat by
your security application. If using Wireshark is an issue, please let me
know.
Part 1: Prepare Wireshark to Capture Packets
b. Write down the IP and MAC addresses associated with the selected
Ethernet adapter, because that is the source address to look for when
examining captured packets.
Q 2.2.1 The PC host IP address:
________________________________________________
Q 2.2.2 The PC host MAC address:
______________________________________________
Step 2: Start Wireshark and select the appropriate interface.
a. Click the Windows Start button and on the pop-up menu, double-click
Wireshark.
b. After Wireshark starts, click Interface List.
c. In the Wireshark: Capture Interfaces window, click the check the box next
to the interface connected to your LAN.
Note:
If multiple interfaces are listed and you are unsure which interface to check,
click Details. Click the 802.3 (Ethernet) tab, and verify that the MAC address
matches what you wrote down in Step 1b. Close the Interface Details window
after verification.
Q. 2.2.9 What are the values of the source and destination ports?
______________________________________
Q. 2.2.10 Which flags are set?
___________________________________________________________________
Q. 2.2.11 What are the relative sequence and acknowledgement numbers set
to?
___________________________________________________________________
e. Finally, examine the third packet of the three-way handshake in the
example. Clicking frame 17 (your number might be different) in the top
window displays the information similar to the screen shot below: