How to determine which packet is containing data

In module 6 I was able to specify the packet number denoting a TLS handshake at our Qbox server port,
however the next thing is to determine how much time its taking for file to transfer, but after the tls handshake i can see application data packets, some acknowledgments and then another handshake, how can i determine which packet is containing the data being transferred.

Hey one idea to get the packet containing the data would be the packet which has the maximum length.
If you go through wireshark and if you are able to search for this, there will be probably be 1-2 packets depending upon the size of the text file you transferred

2 Likes

You need check from which packet the transfer starts and ends. You can either check the pcap file manually or search for the filters which can be applied in wireshark to identify. Once you identify the packets, you can easily determine the time difference.

1 Like

I have found out the 2 packets which denote the start and end of the file transfer, but there are no packets between them that have any file contents.

Well I passed my testcases. I made use of the acknowledgement made from server and machine which they made to tell that they have received the data.
Thanks for the support :slightly_smiling_face: