Professional Documents
Culture Documents
Aim: Packet Capture Using Wireshark Software Filters. Theory
Aim: Packet Capture Using Wireshark Software Filters. Theory
Class: CS-A3
Lab-4
Aim: Packet Capture using Wireshark software filters.
Theory:
Packets to be captured are:
1. TCP
2. UDP
3. ARP
• TCP
The Transmission Control Protocol (TCP) is a communications standard that enables
application programs and computing devices to exchange messages over a network.
It is designed to send packets across the internet and ensure the successful delivery
of data and messages over networks.
• UDP
UDP divides messages into packets, called datagrams, which can then be forwarded by
the devices in the network –switches, routers, security gateways–to the destination
application/server.
• ARP
The Address Resolution Protocol (ARP) is a communication protocol used for
discovering the link layer address, such as a MAC address, associated with a given
internet layer address, typically an IPv4 address.
Observations:
Answer the following questions after observing the Wireshark filter for TCP, UDP and ARP
protocols.
TCP provides reliable communication with something called Positive Acknowledgement with Re-
transmission(PAR). The Protocol Data Unit(PDU) of the transport layer is called a segment. Now a
device using PAR resend the data unit until it receives an acknowledgement. If the data unit
received at the receiver’s end is damaged (It checks the data with checksum functionality of the
transport layer that is used for Error Detection), the receiver discards the segment. The sender has
to resend the data unit for which positive acknowledgement is not received. You can realize from
the above mechanism that three segments are exchanged between sender(client) and
receiver(server) for a reliable TCP connection to get established.
TCP
Q5) Define ARP protocol and observe messages in ARP protocol using Wireshark
Address Resolution Protocol (ARP) is an important protocol of the network layer in the OSI model, which
helps find the MAC (Media Access Control) address given the system's IP address. The ARP's main task is to
convert the 32-bit IP address (for IPv4) to a 48-bit MAC address.