The client sends an http request, packet 4, requesting a GET / http/1.1 (this is the root document). You can see also that although the tcp length is 0, the client and the server increase the sequence number by 1. The server responds with a SYN-ACK with window size 29200 (hex 7210), scaling factor 8 (hex 08, multiply by 2^8=256) Len=0, MSS=1452 and SACK permitted.
It supports an MSS of 1460, a window size of 8192 (hex 2000) with a scaling factor of 2 (hex 02) (multiply by 2^2=4) and selective acks. The important this to note is the options section. In the beginning the client sends a SYN request. If we captured somewhere in between, the RTT would be (ACK - SYN) / 2 SYN, SYN-ACK, ACK Othwerwise I would look at the time between SYN-ACK and ACK. In order to see the time or delta between displayed packets you have to go to View, Time Display Format, Seconds since previous displayed packetīecause we are capturing at the source the RTT is the time between SYN and SYN-ACK which is 0.214. So the capture is obviously at the source. This is very obvious because I have as source an internal IP address, but I could have figured it out from the time interval between SYN, SYN-ACK and ACK.
If you want to download the pcap file click here you can do right click, open in a new tab, to see full size image. In this post we will use wireshark to analyze an http connection, where a client requests a single webpage from a server.
0 kommentar(er)
