Question

Assume a client uses TCP to send data to a server. The TCP header has 12 bytes of options and 99 bytes of data. [Please don't forget Ethernet Type/Len field is 2 bytes in size.]

1. Calculate the total number of bytes passed to the IP layer by the TCP layer.

2. Calculate the total number of bytes passed to the network layer by the IP layer, assuming the IP layer has no options.

3. Calculate the total number of bytes transmitted on the Ethernet cable (not including the preamble, the start frame delimiter, or the frame check sequence).

4. What is the percentage of overhead for the packet being transmitted on Ethernet (i.e. the ratio of non-user data to total protocol data)?

Answer 1

1.Calculate the total number of bytes passed to the IP layer by the TCP layer

Ans: Open the capture file and use filters to left only tcp packets from sender - you can use following string "ip.src=X.X.X.X&&tcp.len>0" where X.X.X.X your server(sender) ip address

2) Save filtered file: save as -> check checkbox "Displayed" -> save

3) Check the size of resulting Wireshark file

If you are interested in only in clear payload size, than

4) Open resulting file

5) Check the total number of frames in it (just scroll down the file and check values in the first column)

6) Calculate total size of headers - multiply number of frames in capture by 54 (14 byte Ether header + 20 byte Ip header + 20 byte TCP header)**

7) Subtract from the total size of resulting file total size of headers the result will be payload size

0

Apply a display filter to show only packets from the sender, for example "ip.src==192.168.1.1". If there is more than one TCP conversation in the trace, add the stream index to the display filter so that you're seeing only packets from the sender on the conversation of interest, so something like: "ip.src==192.168.1.1 and tcp.stream==5".

To see total bytes transmitted, bring up the Summary dialog (Statistics > Summary). Near the bottom, read the value for "Bytes" in the "Displayed" column. This is the total number of bytes transferred. It includes the Ethernet, IP, and TCP headers, and also the Ethernet Frame Check Sequence, if it is present in the trace. Not all systems pass the Frame Check Sequence to Wireshark, so it is often not present in the trace.

2.Calculate the total number of bytes passed to the network layer by the IP layer, assuming the IP layer has no options.

3. Calculate the total number of bytes transmitted on the Ethernet cable (not including the preamble, the start frame delimiter, or the frame check sequence).

4. What is the percentage of overhead for the packet being transmitted on Ethernet (i.e. the ratio of non-user data to total protocol data)?