Using Wireshark, analyze your TCP or UDP traffic on your machine. Run Wireshark for at least 10 minutes or give it enough time to capture some traffic. Do research the protocol selected (TCP or UDP) and talk about what it does and the trends regarding encryption. Use the TCP or UDP traffic capture and analyze it providing information on what is happening. Compared your traffic to what you researched about the protocol.
Research and understand the following:
- Transport Layer
- Trasnport Layer Protocols (specific for those on the capture)
- Port Numbers
- Netstat, tasklist
- What field does indicate if it TCP vs UDP?
- Is that on the network layer or the transport layer?
- Explain the different options for UDP or TCP.
- Perform the “netstat” and “tasklist” commands.
- Can these commands be found on the capture?
- As much as possible, associate the data provided by the command and the data provided on the capture.
- Are there any TCP or UDP segments fragmented on the capture?
- Demonstrate them.
- At what layer they be fragmented? (Network, Transport, etc)
- Why fragmented? Assumptions? Facts?
- What application protocols use TCP and what application protocols use UDP on the capture.
- Identify few TCP handshakes from your capture.