Scribd
Upload
4 views

exp_4_ccn

This document outlines an experiment studying TCP and UDP protocols using Wireshark for network traffic analysis. It details the characteristics, packet structures, and processes involved in TCP's reliable connection establishment and termination, as well as UDP's fast, connectionless communication. The experiment highlights the practical differences between the two protocols and their applications in real-time scenarios.

Uploaded by

Mit Shah
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
4 views

exp_4_ccn

This document outlines an experiment studying TCP and UDP protocols using Wireshark for network traffic analysis. It details the characteristics, packet structures, and processes involved in TCP's reliable connection establishment and termination, as well as UDP's fast, connectionless communication. The experiment highlights the practical differences between the two protocols and their applications in real-time scenarios.

Uploaded by

Mit Shah
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Experiment No.

–4
EXPERIMENT TITLE: Study of TCP and UDP using Wireshark

BRIEF THEORY:

TCP and UDP in Computer Networks:-


In computer networks, devices communicate using various protocols, with Transmission Control
Protocol (TCP) and User Datagram Protocol (UDP) being the most commonly used at the transport
layer of the OSI model. These protocols facilitate data exchange between applications, ensuring
efficient transmission based on their specific characteristics.
Analyzing Network Traffic with Wireshark
Wireshark is a powerful network analysis tool used to capture, inspect, and interpret real-time
network traffic. It helps in understanding how TCP and UDP packets are transmitted, the process
of connection establishment, and the flow of data between devices.

Transmission Control Protocol (TCP):-


TCP is a connection-oriented protocol that guarantees reliable and sequential delivery of data. It
incorporates error-checking mechanisms to ensure data integrity and efficient communication.
Key Features of TCP:
1. Establishes a connection through a three-way handshake (SYN, SYN-ACK, ACK).
2. Ensures ordered and error-free data transmission with flow and congestion control
mechanisms.
3. Supports retransmission in case of lost packets.
4. Commonly used in applications such as web browsing (HTTP/HTTPS), email (SMTP,
IMAP, POP3), and file transfers (FTP, SFTP).

27
TCP Packet Structure:-

A TCP segment consists of a header (20–60 bytes) and a data payload.


1. TCP Header (20–60 bytes)
• Source Port (2 bytes): Identifies the sender’s port.
• Destination Port (2 bytes): Identifies the recipient’s port.
• Sequence Number (4 bytes): Keeps track of data sequence.
• Acknowledgment Number (4 bytes): Confirms receipt of data.
• Header Length (4 bits): Defines the header size.
• Flags (9 bits): Used for connection control (e.g., SYN, ACK, FIN, RST, PSH, URG).
• Window Size (2 bytes): Regulates flow control.
• Checksum (2 bytes): Validates data integrity.
• Urgent Pointer (2 bytes): Used when the URG flag is set (rarely utilized).
• Options (0–40 bytes, optional): Provides additional features like window scaling.
2. Data Segment (Variable Size)
• Contains the actual payload being transmitted.
• The size depends on the Maximum Transmission Unit (MTU) and TCP segment size.

User Datagram Protocol (UDP):-


UDP is a connectionless, lightweight protocol designed for fast and efficient communication.
Unlike TCP, it does not establish a connection before data transmission and does not guarantee
packet delivery or order.
Key Features of UDP:
1. Does not require a handshake process, reducing transmission delays.
2. Lacks built-in mechanisms for error correction, making it faster but less reliable.
3. Frequently used in real-time applications such as:
o Video streaming
o Voice over IP (VoIP)
o DNS queries
o Online gaming

28
STEPS FOR THE TCP PROTOCOL
1. Given that Wireshark is running, upload a text file on the given website to catch packets.

Fig 1: Add text file on this website (http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark-


file1.html)

2. Search TCP on Wireshark, followed by IP address of sender (your PC) and receiver (server).
You should see the following results.

Fig 2: All captured TCP packets


The highlighted ones are SYN, SYN_ACK and ACK, which are part of TCP 3-Way
Handshake process used to establish a reliable connection between two devices.
i. The process begins with a device sending a SYN message to initiate a connection.
ii. The receiving device responds with a SYN-ACK message, acknowledging the receipt of
the SYN request.
iii. Finally, the initiating device sends an ACK message back to confirm the connection is
established.

29
3. Analyze SYN-ACK message.

Fig 3: Details of SYN-ACK message.


Three-Way Handshake Process
i. Client sends SYN:
• Flags: SYN=1, ACK=0
ii. Server responds with SYN-ACK:
• Flags: SYN=1, ACK=1
iii. Client sends ACK:
• Flags: ACK=1

4. Analyzing FIN-ACK message.

30
Fig 4: Details of FIN-ACK message
TCP Connection Termination Process
TCP uses a four-step termination process:
i. Client sends FIN:
• Flags: FIN=1, ACK=0
• The client signals that it has finished sending data.
ii. Server responds with FIN-ACK:
• Flags: FIN=1, ACK=1
• The server acknowledges the client's FIN and also indicates that it will close the
connection soon.
iii. Client sends ACK:
• Flags: ACK=1
• The client acknowledges the server's FIN.
iv. Connection closes:
• The connection is terminated, but the system may wait for a timeout period
(TIME_WAIT state) to ensure all packets have been received.

5. Analyzing PSH-ACK message.

Fig 5: Details of PSH-ACK message.


A PSH-ACK (Push-Acknowledgment) message in TCP refers to a packet with the PSH (Push)
and ACK (Acknowledgment) flags set. It indicates that the sender is pushing data to the
receiving application immediately without waiting for the buffer to fill up.

31
6. Analyzing throughput.

Fig 6: Throughput of the connection.


Throughput in networking refers to the actual amount of data successfully transmitted over a
network in a given period, typically measured in bits per second (bps), kilobits per second
(Kbps), or megabits per second (Mbps). It represents the effective data transfer rate after
accounting for network conditions such as latency, packet loss, and congestion.

STEPS FOR THE UDP PROTOCOL


1. Open the command terminal and search for nslookup www.google.com

2. Find the IP address using the UDP protocol and find the message in the datagram.

Fig 7: Details of UDP packet.


A UDP packet consists of a header (8 bytes) followed by the data (payload).
i. UDP Header (8 bytes total)
• Source Port (2 b

32
• ytes): Identifies the sender's port.
• Destination Port (2 bytes): Identifies the recipient's port.
• Length (2 bytes): Specifies the total size of the UDP packet (header + data).
• Checksum (2 bytes): Used for error detection (optional in IPv4, mandatory in IPv6).
ii. Data (Variable Size)
• Contains the actual payload sent over the network.
• Size depends on the UDP length field and the MTU (Maximum Transmission Unit).

DISCUSSION:
• TCP establishes a reliable connection through a three-way handshake and terminates using
the FIN-ACK process.
• It ensures sequential and error-free data transmission by utilizing acknowledgments and
sequence numbers.
• UDP, being connectionless, is significantly faster but does not guarantee packet delivery or
order.
• TCP is ideal for applications requiring reliability (e.g., web browsing, emails), whereas UDP
is preferred for low-latency applications such as streaming and gaming.
• Wireshark analysis demonstrated TCP’s structured control mechanisms through various
flags, while UDP’s minimalistic approach enables rapid data transmission.

CONCLUSION:
This experiment provides insight into the core differences between TCP and UDP by examining
real-time network traffic. TCP is chosen for applications requiring reliability, whereas UDP is
favoured for high-speed, low-latency communication.

33

You might also like