We see that the TTL for this packet is 128, but this is in decimal form. Part of the IP Header contains the Time to live (TTL) field for the packet. This section contains the IP Header for the packet. In Packet 8, expand the Internet Protocol section. Looking at the Acknowledgement (ACK) flag, we see that it is Set and its value is 1.
Since each individual flag is only 1 bit in length, when a flag is set, its value will be 1 in binary which is also 1 in decimal.
When an individual flag is set, the bit is set to 1. When you expand this section, you will see that this section contains eight, 1 bit flags. In here you will find the Flags field of the TCP Header. In Packet 4, expand the Transmission Control Protocol section. Notice that we are not using the number 64 because that is the value of the field and not the actual byte (hex) equivalent. If you click on that byte on the bottom frame, you will see that the Time to live field is now highlighted. Counting from the first highlighted byte, we will count until we reach byte eight and we see that it is 40. When counting bytes in a packet, you must start counting with the number zero. These are the bytes (separated by spaces) that make up the IP header. After you click on this line, in the bottom frame in Wireshark, you will notice that a group of numbers is highlighted. This is the line that also shows the source and destination IP addresses.
To find the 8th byte of the IP header for this packet, click on Internet Protocol line. This is the IP Header information for this packet. In Packet 1, expand the Internet Protocol section. To analyze this packet capture, I will be opening this file in Wireshark. The winner of the “Name that Tune” – Packet Challenge is Travis Lee ( on Twitter) Here’s Travis’ solution: Filed under: NetworkMiner, Packet Challenge, pcap, Wireshark | Tags: NetworkMiner, Packet Challenge, pcap, Wireshark
0 kommentar(er)
