Final Project: Wireshark AnalysisIS3220 IT Infrastructure Security

3/6/2014Name?

Mr. ?

Final Project Name?Wireshark Analysis 06 Mar 2014

IS3220

IP Header (Network Layer L3) – Fandango Website

Version: 4 – Ipv4 protocolHeader Length: 20 bytes –

Multiplied by 4, in bit area at bottom the 45 bits/ 4 = version 4 – Ipv4 (first 4 bits)5 = 4(version) x 5 (the second number) gives you 20 bytes (Header length)

Differentiated Services Field: 0x00Services for Network Traffic

ECN – Early Congestion NotificationECN-CE – Early Congestion Notification-Congestion ExperienceIf these are set to 1 then the node can handle congestion and if CE is 1 then it is

already experiencing congestion.Total Length: 2751

20 Byte Header and 2731 Bytes of data and other headers

Identification: This is unique for each packet

Flags0 = Security Flag: not evil

1 = Don’t Fragment: set0 = More Fragments: not set

If more Fragments are to come this would be set to 1.Fragment Offset: 0

If fragmented this tells you how to reassemble them. 8 Byte increments if the number is 2 then it would be placed 16 Bytes into the packet.

Time to Live: 128After it gets past the first router it will be down to 127 and if all fragmented

packets if there are any don’t make it to the destination before it reaches 0 then it is dropped.

Protocol: TCP (6)Just means TCP header is next.

Any IP’s starting with 224 – 237 represent a multicast

Final Project Name?Wireshark Analysis 06 Mar 2014

IS3220

TCP Header (Transport Layer L4) – Fandango Website

Source port: 50682 (50682)Destination port: http (80) [Stream Index: 3]<TCP Segment Len: 2711>Sequence number: 1 (relative sequence number)[Next sequence number: 2712 (Relative sequence number)]Acknowledgment number: 1 (relative ack number)Header Length: 20 BytesFlags: 0x018 (PSH, ACK)

000. …. …. = Reserved: Not set…0 …. …. = Nonce: Not set…. 0… …. = Congestion Window Reduced (CWR): Not set…. .0.. …. = ECN-Echo: Not set…. ..0.. …. = Urgent: Not set…. …1. …. = Acknowledgment: Set (Means that you acknowledge information)…. …. 1… = Push: Set (Data that cannot sit in the TCP buffer it must go out immediately, time critical)…. …. .0.. = Reset: Not set…. …. ..0. = Syn: Not set…. …. …0 = Fin: Not set

Window size value: 16425 (This means you have this much in receive buffer space available)

[Calculated window size: 65700] (This is the window size value x 4)[Window size scaling factor: 4] (used to calculate window size, 4 bits)

Final Project Name?Wireshark Analysis 06 Mar 2014

IS3220

Checksum: 0x9275 [validation disabled]

[Good Checksum: False][Bad Checksum: False]

[SEQ/ACK analysis][Bytes in flight: 2711] (The number of Bytes including headers that are headed

for the destination.)

UDP Header (Transport Layer L4) – Fandango WebsiteSource port: domain (53)Destination port: 49857 (49857) Length: 133 Bytes<Checksum coverage: 133> (Basically saying the size of the packet that Checksum is

looking at)Checksum: 0x229f [validation disabled]

[Good Checksum: False][Bad Checksum: False]