From the captured information, answer the following questions in the Lab Assignment 1: Part 1 Lab Report Sheet.

1. Using the hexdump, determine:

a. IP version.

b. Header length and number of bytes in the header.

c. Service type.

d. Total length.

e. Identification.

f. Set flags.

g. Fragmentation offset.

h. TTL value.

i. Upper-layer protocol.

j. Checksum.

k. Source IP address.

l. Destination IP address.

2. Are answers to question 1 verified by information in packet detail pane?

3. If the checksum field in the packet detail pane is marked correct, can we conclude that the IP payload is not corrupted? Explain.

4. Is the datagram fragmented? Explain.

5. Does the source or destination address belong to 1 of the special addresses? If yes, which one?

6. How many bytes of data are in IP payload?

Documents to Turn in

1. A copy of the Lab Assignment 1: Part 1 Lab Report Sheet that contains answered questions.

2. A screenshot of the supporting captured information.

 

Part 2: Lab 1.2

The Internet Control Message Protocol (ICMP) is an auxiliary protocol at the network layer. It is designed for 2 purposes. It reports errors (unexpected conditions) about IP,

UDP, and TCP. It can also be used to check the liveliness of the hosts or routers or to find the route followed by an IP datagram. Although we can see 2 versions of this protocol 

(ICMPv4 and ICMPv6) in use today, the focus will be ICMPv4, which is more common.

ICMPv4 uses 2 categories of packets: error-reporting and query.

In this assignment, your goal is to capture and analyze ICMPv4 packets (both error-reporting and query types). You can easily create ICMPv4 query messages using a program called ping . Creating error-reporting packets is trickier. These packets are created automatically when there is an error in the path. You cannot wait for an error to occur in the path, but you can artificially force a condition to make IP create an error-reporting ICMP packet. This can be done using a program called traceroute (in a Unix-like environment) or a tracert (in a Windows environment) . Use the ping and tracert in this document to capture ICMP packets.

19.2.3 Using the Ping Utility

In this section of the assignment, you will use the ping utility to capture ICMPv4 query packets: echo request and echo reply (see the extra materials for Chapter 19 at the book website for more information). The ping utility is, in fact, a client-server program. The client program, which needs to be invoked at the command prompt, triggers an echo request packet; the server program, which is running at the background all the time, waits for a signal from an echo request message, and triggers an echo reply message.

The ping program, however, does not insert a message in the ICMPv4 packets; it simply triggers its creation and provides the values for identification and for the sequence number fields.

This section is divided into 2 parts: Section A and Section B. In Section A, you must see the messages exchanged at the ping level. In Section B, you must capture frames carrying ICMPv4 packets, which are encapsulated in an IPv4 packet.

Section A. Analyzing Ping

·        Open the Wireshark and start packet capturing. Although, you are not using these frames in Part I, you will use them in Part II of the assignment section.

·        Open the Command Prompt window and type the ping hostname. The hostname can be the domain name or the IP address of a site you know (be sure that there is no firewall to filter out the packets). 

·        Return to the Wireshark window, stop packet capturing, and save the captured file.

Questions

Using the result of the ping command in the Command Prompt window, answer the following questions on the Lab Assignment 1: Part 2 Lab Report Sheet.

1. What is the destination IP address?

2. How many ping messages were sent?

3. How many bytes of data are in each ping message?

4. What is the round-trip time for each packet?

5. What are the minimum, average, and maximum round-trip times?

Section B: Wireshark Capture of Ping Commands

·        Open the file you captured in Part I.

·        In the Filter field of the Wireshark window, type icmp (lower case) and click Apply.

Questions

Using the result of the information in the captured file, answer the following questions in your lab-report sheet.

1. What is the destination IP address of echo request ICMP messages? Does the result agree with the information in Part I of the lab?

2. How many echo request ICMP packets are in the packet list pane? How many echo reply ICMP packets are in the packet list pane? Does the result agree with the information in Part I of the lab?

3. How many bytes of data are carried by each ICMP packet? Does the result agree with the information in Part I of the lab?

4. Evaluate the difference between the time the first echo message was sent and the time the first reply message was received. Does the result agree with the information in Part I of the lab?

5. Comparing echo request ICMP messages with echo reply ICMP messages, and determine:

a. What fields are the same? Explain the reason.

b. What fields are different? Explain the reason.

6. Comparing all echo request ICMP messages, determine:

a. What fields are the same? Explain the reason.

b. What fields are different? Explain the reason.

 

19.2.4 Using Traceroute or Tracert Utility

To capture some ICMPv4 error-reporting packets, you may use either the traceroute utility (in a Unix-like environment) or the tracert utility (in the Windows environment). The traceroute utility is a client-server at the application layer that uses the services of

UDP; the tracert utility is a client-server program that uses the services of IP. In this assignment, we use tracert, but the assignment can be easily changed to use traceroute if a Unix-like environment is available.

The tracert utility in Windows is different from the traceroute utility in Unix. In this case, instead of sending UDP with an unavailable port number, tracert sends ( n +1) ICMP echo messages encapsulated in IP datagrams with TTL values 1, 2, 3, and so on.

When a router receives 1 of these packets, it decrements the value of the TTL field and sends a time-exceeded message when the TTL value becomes 0. When an undropped echo message reaches the destination host, an echo response message is sent back to the source host.

This section is divided into 2 parts: Section C and Section D. In Section C, you must see the messages exchanged at the tracert level. In Section D, you must capture frames carrying ICMPv4 packets, which are encapsulated in an IPv4 packet.

Section C. Analyzing Tracert

·        Open the Wireshark and start packet capturing. Although we are not using the captured frames in Part III, we will use them in Part IV.

·        Open the Command Prompt window and type "tracert -d hostname". The hostname can be the domain name or the IP address of a site you know. The −d option prevents tracert from resolving the IP addresses to their names and slowing down the process of displaying information. An example of the result of the tracert command in the Command Prompt window 

·        Return to the Wireshark window, stop packet capturing, and save the captured file.

Questions

Using the result of the traceroute command, answer the following questions on the Lab Assignment 1: Part 2 Lab Report Sheet.

1. How many probe packets are sent from the source to the destination for each TTL value?

2. What is the first IP address in the list? This is the IP address of the default router, the host on the local subnet that provides the physical connection to remote networks.

3. How many routers are between the source and the destination?

4. What is the IP address of the destination?

Section D. Wireshark Capture of Tracert

Open the file you captured in Part III, type icmp (lower case) in the Filter field, and click

Apply.

 

Questions

Using the result of the capture, answer the following questions in your lab report.

1. How many ICMP packets are in the packet list pane?

2. How is the number of the ICMP packets related to the number of networks visited in Part III of the lab?

3. Except for the last few ICMP packets, every echo request ICMP packet in the packet list pane is followed by a time-to-live exceeded ICMP packet. In the packet detail pane, open an echo request ICMP packet and the time-to-live exceeded ICMP packet that follows it. Describe the content of the 2 packets. How is the content of the time-to-live exceeded ICMP packet related to the content of the corresponding echo request ICMP packet?

4. The last few echo-request ICMP packets are followed by the echo-reply ICMP packets. What are the TTL values of these packets? Using the TTL values, find the number of routers visited between the source host and destination host.

5. What is the source IP address of the echo reply messages? Which entity does this address define?

Documents to Turn in

1. A copy of the Lab Assignment 1: Part 2 Lab Report Sheet that contains answered questions.

2. A screenshot of supporting captured information.