router into the ISP,we'll collect a second trace file at a PC(not shown)tapping into the link from the home router into the ISP network,as shown in Figure 1.(The hub device shown on the ISP side of the router is used to tap into the link between the NAT router and the first hop router in the ISP).Client-to-server packets captured by Wireshark at this point will have undergone NAT translation.The Wireshark trace file captured on the ISP side of the home router is called NAT ISP side. Open the NAT home side file and answer the following questions.You might find it useful to use a Wireshark filter so that only frames containing HTTP messas ges are displayed from the trace file. Whenever possible,when ansv a printout of the pack vithin the trace tha A tat printout et,us mnt,cho ose mary line,and select the minimum amount of packet What is the IP address of the client? 2.The client actually communicates with several different Google servers in order to implement"safe browsing."(See extra credit section at the end of this lab).The main Google server that will serve up the main Google web page has IP address 64.233.169.104.In order to display only those frames containing HTTP messages that are sent to/from this Google,server,enter the expression"http &ip.addr- 64.233.169.104"(without quotes)into the Filter:field in Wireshark. Consider now the HTTP GET sent from the client to the Google server (whose Ip address is IP address 64.233.169.104)at time 7.109267.What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrving this HTTP GET? At what time4 is the co onding 200 OK HTTP messag e received from the and des and TCPs and des the IP dat source port gram g this HTTP 200 OK 5. an HTT mu first set up a c onnection u hree way S hake hat time erve that sets up the GET sent 7.109267 ment sent are th ource and c nation IP and source and destination ports for the TCP SYN segment? What are the source and destination IP addresses and source and destination ports of the ACK sent in response to the SYN.At what time is this ACK received at the client?(Note:to find these segments you will need to clear the Filter expression you entered above in step 2.If you enter the filter"tcp",only TCP segments will be displayed by Wireshark) n th you 've highlight.If you hand in an electronic copy,it would be great if you could also highlight and time using the time since the beginning of the trace (rather than absolute,wall-clock time)router into the ISP, we’ll collect a second trace file at a PC (not shown) tapping into the link from the home router into the ISP network, as shown in Figure 1. (The hub device shown on the ISP side of the router is used to tap into the link between the NAT router and the first hop router in the ISP). Client-to-server packets captured by Wireshark at this point will have undergone NAT translation. The Wireshark trace file captured on the ISP side of the home router is called NAT_ISP_side. Open the NAT_home_side file and answer the following questions. You might find it useful to use a Wireshark filter so that only frames containing HTTP messages are displayed from the trace file. Whenever possible, when answering a question below, you should hand in a printout of the packet(s) within the trace that you used to answer the question asked. Annotate the printout3 to explain your answer. To print a packet, use File->Print, choose Selected packet only, choose Packet summary line, and select the minimum amount of packet detail that you need to answer the question 1. What is the IP address of the client? 2. The client actually communicates with several different Google servers in order to implement “safe browsing.” (See extra credit section at the end of this lab). The main Google server that will serve up the main Google web page has IP address 64.233.169.104. In order to display only those frames containing HTTP messages that are sent to/from this Google, server, enter the expression “http && ip.addr == 64.233.169.104” (without quotes) into the Filter: field in Wireshark . 3. Consider now the HTTP GET sent from the client to the Google server (whose IP address is IP address 64.233.169.104) at time 7.109267. What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP GET? 4. At what time4 is the corresponding 200 OK HTTP message received from the Google server? What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP 200 OK message? 5. Recall that before a GET command can be sent to an HTTP server, TCP must first set up a connection using the three-way SYN/ACK handshake. At what time is the client-to-server TCP SYN segment sent that sets up the connection used by the GET sent at time 7.109267? What are the source and destination IP addresses and source and destination ports for the TCP SYN segment? What are the source and destination IP addresses and source and destination ports of the ACK sent in response to the SYN. At what time is this ACK received at the client? (Note: to find these segments you will need to clear the Filter expression you entered above in step 2. If you enter the filter “tcp”, only TCP segments will be displayed by Wireshark). 3 What do we mean by “annotate”? If you hand in a paper copy, please highlight where in the printout you’ve found the answer and add some text (preferably with a colored pen) noting what you found in what you ‘ve highlight. If you hand in an electronic copy, it would be great if you could also highlight and annotate. 4 Specify time using the time since the beginning of the trace (rather than absolute, wall-clock time)