SYMBIOSIS INTERNATIONAL (DEEMED UNIVERSITY)

(Established under section 3 of the UGC Act 1956)

Re - accredited by NAAC with ‘A’ Grade
Founder: Prof. Dr. S. B. Mujumdar, M.Sc.,Ph.D. (Awarded Padma Bhushan and
Padma Shri by President of India)

Name: Jasmeet Singh Bhatia PRN 20070122059 Date: 03-08-2022

Class: CS-A3

Lab-4
Aim: Packet Capture using Wireshark software filters.

Theory:
Packets to be captured are:
1. TCP
2. UDP
3. ARP

• TCP
The Transmission Control Protocol (TCP) is a communications standard that enables
application programs and computing devices to exchange messages over a network.
It is designed to send packets across the internet and ensure the successful delivery
of data and messages over networks.
• UDP
UDP divides messages into packets, called datagrams, which can then be forwarded by
the devices in the network –switches, routers, security gateways–to the destination
application/server.

• ARP
The Address Resolution Protocol (ARP) is a communication protocol used for
discovering the link layer address, such as a MAC address, associated with a given
internet layer address, typically an IPv4 address.
 Observations:
Answer the following questions after observing the Wireshark filter for TCP, UDP and ARP
protocols.

Q1)Differences in the color coding in wireshark.

 Color In Wireshark Packet Type

Light Purple TCP

Light Blue UDP

Black Packets with errors

Light Green HTTP Traffic

Light Yellow Windows Specififc Traffic

Dark Yellow Routing

Dark Gray TCP,SYN,FIN and ACK Traffic

Q2) Observations between UPD and TCP protocol using Wireshark.

Q3) What is 3-way handshaking in TCP protocol?
A)

TCP provides reliable communication with something called Positive Acknowledgement with Re-
transmission(PAR). The Protocol Data Unit(PDU) of the transport layer is called a segment. Now a
device using PAR resend the data unit until it receives an acknowledgement. If the data unit
received at the receiver’s end is damaged (It checks the data with checksum functionality of the
transport layer that is used for Error Detection), the receiver discards the segment. The sender has
to resend the data unit for which positive acknowledgement is not received. You can realize from
the above mechanism that three segments are exchanged between sender(client) and
receiver(server) for a reliable TCP connection to get established.

Q4) Port addresses of TCP and UDP control.

SSDP utilising UDP

TCP
Q5) Define ARP protocol and observe messages in ARP protocol using Wireshark
Address Resolution Protocol (ARP) is an important protocol of the network layer in the OSI model, which
helps find the MAC (Media Access Control) address given the system's IP address. The ARP's main task is to
convert the 32-bit IP address (for IPv4) to a 48-bit MAC address.

Conclusion: : Packet Captured using Wireshark software filters