I`ll use TCPDump instead of Wireshark
In order to launch it with appropriate info, start command is:
sudo tcpdump -i lo -X -vv 'tcp port <port>'
Starting of with HW2 and HW3 analysis, lets break-up them to 3 parts:
1. Connection when client starts
2. Message swap between client and server
3. Disconnect
Our connection part of communication is quite simple, over here on screenshot we can see the SYN-SYNACK sequence, when client initiates an
connection and server accepts it. Interesting parts of this is MSS, which is maximum TCP segment size which our server can receive in single packet,
the TCP protocol itself, and 0 payload since we dont send anything to server at this moment
Then basically any transfered message as functionality of server and client on this level will be PUSH-ACK sequence, where initiator pushes data and remote host accepts it with acknowledge.
Screenshots for connection to room and message to room from client
And connection close happens at the end, where with normal conditions when client closes and server confirms closure it can be observed like that (grateful close in tcp is client FIN,ACK -> server FIN,ACK):
On TCP (L4) level, our client-server functionality such as connect,rejoin,send message is nothing else as PSH,ACK, because only software on server and client knows for what this instructions are needed and their flow. Only different things we can observe is connection open, connection close, message transfer and message transfer truncation, when either client or server is sending big chunk of data which they cant process as single payload
#1 and #3 parts of this assignment will be absolutely the same as with hw3, so screenshots given before are still actual but will have different payload if we are talking about message transfer, files in assignment are created from an raw payload which is name of file and its contents, so file generation happens on server with capabilities of software.
To understand clearly how tcpdump and wireshark works, the main thing is generally knowledge about OSI model, so that programmer can understand that TCP part is then encapsulated in IP and then in Ethernet frame. tcpdump as well as wireshark provides huge possibilites in terms of traffic analysis, so covering them up on such tasks isnt going to show something really interesting, but what helped me to understand more when doing this assignment and programming stuff like that is OSI model reference, L4 headers structure (in our case TCP) and how it can be accessed using software