In this lab you will learn about Transmission Control Protocol (TCP), one of the two major transport layer protocols.

computer science



Sheridan College



Ida Leung


Analysing TCP 3 way handshake








·         Use applications that rely on TCP for carrying packet to observe TCP 3 way handshake

·         Learn about TCP PDU format

·         Socket and connection

·         TCP three-way handshaking (connection establishment)

·         TCP FIN (connection termination)




·         PC

·         Wireshark











In this lab you will learn about Transmission Control Protocol (TCP), one of the two major transport layer protocols. TCP connection establishment (Three-way handshaking), data flow, and connection termination will be investigated.


Pick one application layer protocol that use TCP in transport layer.  Call out the application from your laptop and use Wireshark to capture the 3 way handshake.


Please fill in the blanks and answer the questions


Part A: Investigate TCP using corresponding Application


Task 1: Start the Wireshark capture in the right interface

(1)     In command prompt window, type ipconfig /all and the capture the info of the interface you plan to use

(2)     Write down the IP and MAC address with the Ethernet adapter.  So, you can use that as source address to look for the captured packets.


Laptop NIC IP address: _____________________________________



Laptop NIC MAC address: ___________________________________


Start the capture before proceed to task 2.

Task 2: Establish session use the application of your choice


Make sure the application you pick do use TCP as transport layer.   


What is the application of your choice?


How do you establish the session with the application of your choice?


 Task 3: Capture, Locate and Examine the Wiresharks Packets

You can locate the related packet by how you initiate the application from your choice.  Make sure to terminate the session to capture the “FIN Ack” as well.  Example, if you choose DNS, then look for DNS domain name you are going.  If you choose HTTP, then look for the website you are going.

Once you find all the captures you need, stop the Wireshark capture.


You also can use filter to display only “TCP” packets and locate the related one.  Please make sure you have the complete set of 3 way handshake.  Below is an example use “FTP” to observe 3 way handshake.  All these diagrams are just for your reference as your Wireshark version may different than the displayed one.

Related Questions in computer science category