In this assignment, you are required to analyse network packets using Wireshark. You need to get your copy of the PCAP which contains captured packets. You will then load this PCAP file in Wireshark to analyse the packets and answer the questions here.
Please note the following important points regarding the answers.
1. Find the last ARP packet in the file. What IP address was it asking about?
2. Find the first DNS request. What is its Transaction ID in hexadecimal?
3. What domain name was it requesting?
4. What type of DNS resource record (RR) was requested?
5. Find the response to that DNS request. What was the first IP address that it returned?
6. What is the source address of the first IPv6 TCP SYN packet?
7. Find the first IPv4 TCP packet. What is its source IP address?
Find the first TCP (IPv4 or IPv6) three-way handshake.
8a: What is the source IP address in its opening SYN packet?
8b: What is the destination IP address in its opening SYN packet?
9. What is the (absolute) Sequence number sent in response to question 8's opening SYN packet?
Find the last TCP packet in the file that has its FIN flag on.
10a: What is its source port number?
10b: What is its destination port number?
11. Now find the Opening SYN+ACK packet that began the TCP session ending with that FIN packet. What is its sequence number?
12. Look again at the FIN packet you found for questions 10a and 10b. What was its
"end byte" number?
if source_port NOT (80 or 443): end_byte = ack_number
else: end_byte = seq_number
13. How many bytes were sent from the responder to the initiator of that TCP session?