source = 131.247.95.216
destination=131.47.90.200 or 64.233.161.99
protocol= DNS and TCP
Here from the above information we can find the followings
The ip 131.247.95.216 is the source which sends the packets through DNS protocol to the address which IP is 131.47.90.200 to visit the www.google.com
To get the website name www.google.com initially the IP address 131.247.95.216 sends the information to the IP address 131.47.90.200 through DNS protocol. Once the IP address 131.47.90.200 gets the information sends by the IP address 131.247.95.216 then the destination address reply to the message through DNS protocol. The destination address got the two IP address one is 131.47.90.200 and 64.233.161.99, in this case the source address can send the packets in either 131.47.90.200 or 64.233.161.99. If the IP 131.247.95.216 sends the packets through the TCP protocol then the packets will be received by the IP 64.233.161.99 and it reply the packets to the IP 131.247.95.216 through the TCP protocol. The following screen shots shows the DNS query and TCP, src port informations.
Screen shot of DNS
Screen Shot of TCP
The first two packet which is going to contact the identified server are DNS and TCP packets. The network analyzer detect the TCP and HTTP mostly comparing to the DNS protocol. And the most used IP address to contact with the server is 131.247.95.216 and 64.233.161.99. This two IP address the most active during the network capture. But there is another IP address which also active is 131.247.92.200. Followings are the common name and the most Active IP address:
Common Name: HTTP and TCP
IP Address: 131.247.95.216, 64.233.161.99 and 131.247.92.200
Here
131.247.95.216 is the IP address from where the request is send to the 131.247.92.200 IP address to get the required information from the 131.247.92.200. To send the query from the IP address 131.247.95.216 it uses the DNS protocol to the 131.247.92.200, similarly the IP address 131.247.92.200 use the same protocol DNS to reply the query to the 131.247.95.216 address showing the IP address 64.233.161.99. Once the 131.247.95.216 address is directed to the 64.233.161.99 address by the 131.247.92.200 the IP address 131.247.95.216 sends the request to on the 64.233.161.99 address through TCP protocol. Similarly both the IP address 131.247.95.216 and 64.233.161.99 use the HTTP protocol to continue their conversation. Here in the frame 6 the IP address 131.247.95.216 sends the request to the IP address 64.233.161.99 using the HTTP protocol after getting the error on the Frame 5 while sending the request by using the TCP protocol. But the IP address on 64.233.161.99 on Frame 7 reply to the IP address 131.247.95.216 using the TCP protocol .
No comments:
Post a Comment