Wireshark

After downloading and installing the Wireshark software the first website I went to was Google since it is a relatively simple interface. The first thing I notice was the source/destination back and forth listed. One was 74.124.155.103 which I was able to confirm was Google's by pinging their website and the other one I assumed was used by Buffalo Wild Wings probably through cable vision.

After looking around a bit I noticed ACK in one of the packets and looked into the packet and noticed that "Acknowledgment was set.



This prompted me to look at one of the red entries and noticed that it had the RST designation and the reset flag was set.



Two other designations that I noticed were the SYN and FIN flags:



and



Here's a good summery of all the TCP flags.

One other thing I looked at was the protocol column. The DNS entries had an interesting IP of 4.2.2.?. After a WHOIS search I found out the name of the provider and what I found was of interest to me personally. Not only did I live withing a few miles of the DNS's headquarters years ago but I recently live within a few blogs of their controlling company.

I visited a few other sites with similar results but more clutter and then it dawned on me that I had an old installer .exe on my desktop and ran that. The results were predictable but interesting.



The output was massive even though I stopped it about a quarter of the way through. It pretty much connected with the destination and started swapping packets after that with random blocks of resets.

Overall, I think Wireshark is a useful tool even though I don't understand much of what is going on with it. But that is why I signed up for this course so I hope to be able to make better use of it as we progress through the semester.