Confusion in what packet number to use [Milestone 3]

What packet to choose from the identified handshakes ?
i have 3 handshakes identified. now do i include the packet number of the SYN,the SYN,ACK, or following ACK?
and if i have multiple handshakes how do i calculate the time? sum of all 3 handshakes or CSV of time of each handshake?

This will help you :slight_smile:

i know what packet to filter for in wireshark. that is not the issue. plus i have no issue in name resolution. what i am asking is, after identified a succesful tcp 3 way handshake, which of the three packets i put in the answer file. also for multiple handshakes,in what way i put the time, because it is written very vaguely in the milestone to just put the time. what if i have multiple handshakes? what time to use then?

Hey @Lav-Hinsu, Thats 3-way :handshake: so thats the required packets.
Also time difference of 1st and 3rd packet in milliseconds.

all three packets then? and the time diff of the first and the third packet, right?

1 Like

Correct. Pick one handshake and use that.

thanks, also i have one more question.
in the module after this one, it says
"Use a previously connected pcap file for a normal connection termination between your laptop and the QBox host. Paste the packets that show a normal connection termination.
so from which pcap do i paste the packet? also, how do i paste the packet? copy as string from the whireshark, or just put in the packet number, or something else?

@Lav-Hinsu Correct !

did exactly that. still says test failure. could someone look into please?

can you share unittesting log file

What does the test log says?

Okay
2020-02-15 17:51:38,949 unitTesting INFO Running command_runner
2020-02-15 17:51:39,003 unitTesting INFO Running setup.sh…
2020-02-15 17:51:41,002 unitTesting INFO Module setup complete!
2020-02-15 17:51:41,003 unitTesting INFO Starting assessment…
2020-02-15 17:51:41,003 unitTesting INFO Assessing pcap_check_icmp.py
2020-02-15 17:51:42,209 unitTesting INFO File: pcap_check_icmp.py | Status: TEST_STATUS_SUCCESS
2020-02-15 17:51:42,211 unitTesting INFO Assessing pcap_check_name_resolution.py
2020-02-15 17:51:42,903 unitTesting INFO File: pcap_check_name_resolution.py | Status: TEST_STATUS_SUCCESS
2020-02-15 17:51:42,904 unitTesting INFO Assessing pcap_check_tcp_handshake.py
2020-02-15 17:51:43,663 unitTesting ERROR python3 /hinsulav105-ME_QBOX-cd872eca-501b-11ea-9794-ef912e32fedf/ME_QBOX_MODULE_ANALYZING_PROTOCOL_SOLUTION/analyzing_protocol/pcap_check_tcp_handshake.py /hinsulav105-ME_QBOX-cd872eca-501b-11ea-9794-ef912e32fedf/hinsulav105-ME_QBOX/analyzing_protocol/client_connection_file_transfer.pcap /hinsulav105-ME_QBOX-cd872eca-501b-11ea-9794-ef912e32fedf/hinsulav105-ME_QBOX/analyzing_protocol/packet_numbers_for_tcp_connection_setup returncode > 0! Check your code.
2020-02-15 17:51:43,664 unitTesting INFO File: pcap_check_tcp_handshake.py | Status: TEST_STATUS_FAILURE
2020-02-15 17:51:43,664 unitTesting INFO Assessing pcap_check_zero_window.py
2020-02-15 17:51:43,845 unitTesting INFO File: pcap_check_zero_window.py | Status: TEST_STATUS_SUCCESS
2020-02-15 17:51:43,846 unitTesting INFO Assessing pcap_check_connection_termination.py
2020-02-15 17:51:44,047 unitTesting ERROR python3 /hinsulav105-ME_QBOX-cd872eca-501b-11ea-9794-ef912e32fedf/ME_QBOX_MODULE_ANALYZING_PROTOCOL_SOLUTION/analyzing_protocol/pcap_check_connection_termination.py /hinsulav105-ME_QBOX-cd872eca-501b-11ea-9794-ef912e32fedf/hinsulav105-ME_QBOX/analyzing_protocol/abnormal_connection_termination_details returncode > 0! Check your code.
2020-02-15 17:51:44,049 unitTesting INFO File: pcap_check_connection_termination.py | Status: TEST_STATUS_FAILURE
2020-02-15 17:51:44,049 unitTesting INFO Assessment finished!
2020-02-15 17:51:44,049 unitTesting INFO Starting cleanup…
2020-02-15 17:51:44,090 unitTesting INFO Running cleanup.sh…

2020-02-15 17:51:38,949 unitTesting INFO Running command_runner
2020-02-15 17:51:39,003 unitTesting INFO Running setup.sh…
2020-02-15 17:51:41,002 unitTesting INFO Module setup complete!
2020-02-15 17:51:41,003 unitTesting INFO Starting assessment…
2020-02-15 17:51:41,003 unitTesting INFO Assessing pcap_check_icmp.py
2020-02-15 17:51:42,209 unitTesting INFO File: pcap_check_icmp.py | Status: TEST_STATUS_SUCCESS
2020-02-15 17:51:42,211 unitTesting INFO Assessing pcap_check_name_resolution.py
2020-02-15 17:51:42,903 unitTesting INFO File: pcap_check_name_resolution.py | Status: TEST_STATUS_SUCCESS
2020-02-15 17:51:42,904 unitTesting INFO Assessing pcap_check_tcp_handshake.py
2020-02-15 17:51:43,663 unitTesting ERROR python3 /hinsulav105-ME_QBOX-cd872eca-501b-11ea-9794-ef912e32fedf/ME_QBOX_MODULE_ANALYZING_PROTOCOL_SOLUTION/analyzing_protocol/pcap_check_tcp_handshake.py /hinsulav105-ME_QBOX-cd872eca-501b-11ea-9794-ef912e32fedf/hinsulav105-ME_QBOX/analyzing_protocol/client_connection_file_transfer.pcap /hinsulav105-ME_QBOX-cd872eca-501b-11ea-9794-ef912e32fedf/hinsulav105-ME_QBOX/analyzing_protocol/packet_numbers_for_tcp_connection_setup returncode > 0! Check your code.
2020-02-15 17:51:43,664 unitTesting INFO File: pcap_check_tcp_handshake.py | Status: TEST_STATUS_FAILURE
2020-02-15 17:51:43,664 unitTesting INFO Assessing pcap_check_zero_window.py
2020-02-15 17:51:43,845 unitTesting INFO File: pcap_check_zero_window.py | Status: TEST_STATUS_SUCCESS
2020-02-15 17:51:43,846 unitTesting INFO Assessing pcap_check_connection_termination.py
2020-02-15 17:51:44,047 unitTesting ERROR python3 /hinsulav105-ME_QBOX-cd872eca-501b-11ea-9794-ef912e32fedf/ME_QBOX_MODULE_ANALYZING_PROTOCOL_SOLUTION/analyzing_protocol/pcap_check_connection_termination.py /hinsulav105-ME_QBOX-cd872eca-501b-11ea-9794-ef912e32fedf/hinsulav105-ME_QBOX/analyzing_protocol/abnormal_connection_termination_details returncode > 0! Check your code.
2020-02-15 17:51:44,049 unitTesting INFO File: pcap_check_connection_termination.py | Status: TEST_STATUS_FAILURE
2020-02-15 17:51:44,049 unitTesting INFO Assessment finished!
2020-02-15 17:51:44,049 unitTesting INFO Starting cleanup…
2020-02-15 17:51:44,090 unitTesting INFO Running cleanup.sh…

can you look into this if you have time please? have been stuck here all day.

packet_numbers_for_tcp_connection_setup check this file
here you have to write the time in milisecond
and also verify the packets.
if you have checked all of this then please check the file name for extra space

i did verify the packets. that’s why i said that i wrote the packet numbers of all three packets, ie the SYN, [SYN,ACK] , ACK. then i subtracted the time from the ACK to the SYN. i did also check for namespaces. do you have to multiply the subbed time or something? also if you have done module 6, how did you paste the FIN from milestone for? copy as printable text or something else?

see you don;t have to paste the packet instead you have to mention the packet number

have you multiplied the time by 1000
you have to write the time in milisecond and only integer value not the decimal value

Let me check this. Your responses look ok.

yes. i have multiplied by 1000