Scribd
Upload
57 views

Wireshark Assignment 05

The document is a Wireshark assignment containing questions about IP and ICMP protocols. It asks the student to examine packets captured by Wireshark and answer questions about fields in the IP and ICMP headers. Some of the questions ask the student to identify IP addresses, protocol numbers, checksum sizes, and how fields change between packets. Other questions ask the student to analyze fragmentation, determine if packets are errors or responses, and look for patterns in changing fields.

Uploaded by

Jiya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
57 views

Wireshark Assignment 05

The document is a Wireshark assignment containing questions about IP and ICMP protocols. It asks the student to examine packets captured by Wireshark and answer questions about fields in the IP and ICMP headers. Some of the questions ask the student to identify IP addresses, protocol numbers, checksum sizes, and how fields change between packets. Other questions ask the student to analyze fragmentation, determine if packets are errors or responses, and look for patterns in changing fields.

Uploaded by

Jiya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

WIRESHARK ASSIGNMENT 05

NED University of engineering and technology


DEPARTMENT OF COMPUTER SCIENCE AND INFORMATION TECHNOLOGY

STUDENT NAME: Jaweria Niaz Mughal


ROLL NUMBER: CT-033
COURSE TITLE: Computer Communication Networks - CCN
COURCE CODE: CS-351
ASSIGNMENT: Wireshark Assignment (IP and ICMP)
INTERNET PROTOCOL (IP)
Q NO-01
Select the first ICMP Echo Request message sent by your computer, and expand the Internet
Protocol part of the packet in the packet details window. What is the IP address of your
computer?

Q NO-02
Within the IP packet header, what is the value in the upper layer protocol field?
Q NO-03
How many bytes are in the IP header? How many bytes are in the payload of the IP
datagram? Explain how you determined the number of payload bytes.

Bytes in IP header: 20 Bytes

Bytes of payload: 36 Bytes

How did payload bytes determine?

Payload length = Total length – Header length

Payload length = 56 – 20

Payload length = 36 Bytes

Q NO-04
Has this IP datagram been fragmented? Explain how you determined whether or not the
datagram has been fragmented?

As shown in the snip below, all flag bytes are 0 and fragment offset is also 0. These
information indicate that packet has not been fragmented.
Q NO-05
Which fields in the IP datagram always change from one datagram to the next within this
series of ICMP messages sent by your computer?

Snips below represent that following are the main fields in the IP datagram that always changes from on
datagram to the next in the series of ICMP messages:

 Identification
 Time-to-Live
 Header checksum
 Checksum
 Identifier
 Sequence number
Q NO-06
Which fields stay constant? Which of the fields must stay constant? Which fields must
change? Why?

Which fields stay constant? Why?

Above snips show that, following are the field that stay constant:

 Header length
 Version
 Source IP address
 Destination IP address

Because IP has standard length of 20 bytes (exclusive of options field). Same system is
sending packets to same destination that’s why source and destination IP addresses are
same.

Which fields must stay constant? Why?

 Version
 Source IP

Must stays constant because router of source (my system) is using IP version 4 (i.e. IPv4)
and IP of source (my system) stays same.
Which field must change? Why?

 Identification
 Time-to-Live
 Header checksum
 Checksum
 Identifier
 Sequence number

Above mentioned field must be change for each packet send by my system to targetted destinatio
because:

 Each packet has distinct identication.


 Every packet can have different TTL value depend on the fact that how many routers have
already processed the given data field.
 Header checksum and checksum will be different for different packets depending on the da
contained in the packet.
 Each packet has distinct seqeunce number.

Q NO-07
Describe the pattern you see in the values in the Identification field of the IP datagram?

Identification of first three ICMP message sent by my system is listed below:

1. 0x66b9 (26297)
2. 0x66ba (26298)
3. 0x66bb (26299)

The above reading shows the difference of single value in each identification number of
ICMP message sent through my system to the targeted destination.

Q NO-08
What is the value in the Identification field and the TTL field?

Identification: 0x0000 (0)

TTL: 240
Q NO-09
Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your
computer by the nearest (first hop) router? Why?
Q NO-10
Find the first ICMP Echo Request message that was sent by your computer after you
changed the Packet Size in pingplotter to be 2000. Has that message been fragmented
across more than one IP datagram?

Yes, the packet has been fragmented into more than one IP datagram as shown in the figure below,
Where More fragments flag is enable indicating that there are more fragments for the same IP datagr

Q NO-11
Print out the first fragment of the fragmented IP datagram. What information in the IP
header indicates that the datagram been fragmented? What information in the IP header
indicates whether this is the first fragment versus a latter fragment? How long is this IP
datagram?

Following information indicate that datagram has been fragmented and this is the first
fragment of the IP datagram:
 Fragment offset: 0
 More fragments: set
Total length of fragment = 1500 Bytes
Q NO-12
Print out the second fragment of the fragmented IP datagram. What information in the IP
header indicates that this is not the first datagram fragment? Are the more fragments? How
can you tell?

Fragment offset has value of 1480 which indicate that this is the second fragment of the IP datagram

Q NO-13
What fields change in the IP header between the first and second fragment?
Following are the header that have been change from first segment to the second
segments:

 Fragment offset
 Flag value (only, More Fragments)

Q NO-14
How many fragments were created from the original datagram?

Seven fragments were created for the packet size of 3500. Each segment is of approx. 520
length

Q NO-15
What fields change in the IP header among the fragments?

Following are the main header that change among different fragments of IP datagram:
 Fragment offset
 Identification
 More fragment flag value for the last segment.
INTERNET CONTROL MESSAGE
PROTOCOL (ICMP)
Q NO-01
What is the IP address of your host? What is the IP address of the destination host?

IP Address of my host: 192.168.1.101

IP Address of destination host: 143.89.14.34

Q NO-02
Why is it that an ICMP packet does not have source and destination port numbers?

REASON:
ICMP packet does not have source and destination port number because it was designed to
communicate network layer information between hosts and routers. And not between an
application layer processes. Moreover, no port number are needed to direct the ICMP
message to an application layer process.
Q NO-03
Examine one of the ping request packets sent by your host. What are the ICMP type and
code numbers? What other fields does this ICMP packet have? How many bytes are the
checksum, sequence number and identifier fields?

ICMP type: 8

ICMP code: 0

Checksum bytes: 2 bytes

Sequence number bytes: 2 bytes

Identifier field bytes: 2 bytes

Q NO-04
Examine the corresponding ping reply packet. What are the ICMP type and code numbers?
What other fields does this ICMP packet have? How many bytes are the checksum,
sequence number and identifier fields?

ICMP type: 0

ICMP code: 0

Checksum bytes: 2 bytes

Sequence number bytes: 2 bytes


Identifier field bytes: 2 bytes

Q NO-05
What is the IP address of your host? What is the IP address of the target destination host?

IP Address of my host: 192.168.1.101

IP Address of destination host: 138.96.146.2


Q NO-06
If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01
for the probe packets? If not, what would it be?

No, If ICMP sent UDP packets instead, then IP protocol number should be 0x11

Q NO-07
Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping
query packets in the first half of this lab? If yes, how so?

ICMP echo packet has same fields to that of ICMP ping query packet as shown below:

ICMP Echo Packet:


Q NO-08
Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo
packet. What is included in those fields?

Following are the fields that has been added in the ICMP error packet and were not present
in ICMP echo packet:
 ICMP Error packet
 IP datagram

ICMP Error Packet:

Q NO-09
Examine the last three ICMP packets received by the source host. How are these packets
different from the ICMP error packets? Why are they different?
Last three ICMP packets received by the source host are different from ICMP error message
packet because ICMP error message packets are type 11 while last three packets of ICMP
received by the host are type 0 packets.

Q NO-10
Within the tracert measurements, is there a link whose delay is significantly longer than
others? Refer to the screenshot in Figure 4, is there a link whose delay is significantly longer
than others? On the basis of the router names, can you guess the location of the two
routers on the end of this link?

Snip below shows that there is a link between step 11 and 12 that has a significantly longer
delay. This is a transatlantic link from New York to Aubervilliers, France.
As shown in the figure 4 of question manual, the link is from New York to Pastourelle,
France.

You might also like