Part 2: Capturing a TCP 3-way handshake

1. 
   Clear the filter of part 1 (clear “http” filter)
   
2. 
   Click the ‘Start’ button.
   
3. 
   Again, browse to http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html
   
4. 
   Click ‘Stop’ capture.
   
5. 
   You may want to set the Capture Filters to ‘not arp and not icmp and not port 53 and not port 443 and not udp’ to reduce the amount of data generated.
   
   1. 
      Note: the filters might be already setup, however if any of those filters are missing, add the missing filter by:
      
      1. 
         Click on “Capture”>Capture Filters
         
      2. 
         Click on the ‘+’ sign at the bottom
         
6. 
   Find the 3-way handshake based on the source and destination IP Address, take screenshots showing:
   

• 
  A screen shot showing the three-way handshake and highlight each handshake.
  
• 
  In GET HTTP confirm which webpage this packet is getting. Take a screenshot and highlight the host.
  

7. 
   Insert your screenshots in the report template
   
8. 
   Clear the filter and look up 3 different protocols that appear in the protocol column in the unfiltered packet-listing window and write them down in your report.
   

Your report must contain the following:

1. 
   Your name & student number
   
2. 
   Screenshots as requested above
   
3. 
   Each screen shot must show:
   
   1. 
      System date & time
      
   2. 
      Your customized background
      
   3. 
      Caption describing what the screenshot is about
      

• 
  Labs submitted one week late, will lose 50% of the grade automatically, and if later than that, it will be assigned a grade of ‘F’.
  
• 
  Late labs still need to be satisfactorily completed and submitted by Study Week to meet SEC220’s Promotion Requirements.