Laboration 1

Course DT151G
Table of Contents

Environment & Tools……………………………………………….3

Introduction………………………………………………………….3
Purpose……………………………………………………………...3
Part 1………………………………………………………………...4
Part 2………………………………………………………………...14

2
Environment & Tools

Ubuntu 21.10, Wireshark 3.4.7, default Ubuntu terminal.

Introduction

The importance of understanding how the network is functioning is more important as the
network is getting big and complicated. To have a good hand-on practice is necessary to obtain
understanding in network communication. We will understand how the internet and local
network is built by protocol and components.

Purpose

The assignment aims so that the students understand Application and Transport Layers. For the
application layer the assignment is about the DNS system and how they translate hostnames
into IP addresses. For the transport layer the assignment looks into UDP and TCP messages.
How they are built up and what they can contain. For TCP it also looks into ACK of received
messages and congestion control.

3
Part 1 nslookup

Task 1:
● Methodology
We use the nslookup on the terminal to access www.miun.se and miun.se

● Results
The IP address is 104.18.0.138

Task 2

4
 ● Methodology
We use the nslookup on the terminal to access www.miun.se (see task 1)
● Results
From Ubuntu VirtualBox 127.0.0.53
● You can use nslookup www.miun.se with your standard DNS server or choose another DNS server as a
second argument in the terminal.

Task 3
● Methodology
We use the nslookup on the terminal to access www.miun.se (see task 1)
● Results
non-authoritative.
● Non-authoritative answer means the answer is not fetched from the authoritative DNS server.

Task 4
a.
● Methodology

● Results
Authoritative servers return ns1-cloudflare.net
b. We will use nslookup by the dns server’s name.

5
Task 5
● Reverse DNS lookup means that we find the host name by its IP address and find the domain name
associated with that IP address.

Task 1
● Methodology
We clear the cache in the terminal by using “sudo systemd-resolve --flush-caches”, clear the cache in
the web browser, open wireshark and enter ip.addr == 192.168.0.12 where the ip address is our own.
Then we start packet capture in Wireshark and in the browser visit
http://gaia.cs.umass.edu/kurose_ross/ and stop packet capture.
● Results
Packet number 37 shows a DNS query message resolving the name gaia.cs.umass.edu and it is sent
over UDP.
● Discussion
The trace packet number shows differently on every member’s computer because it depends on the
user’s system.

Task 2
● The corresponding DNS response is located on packet number 38 and it is also sent over UDP

6
Task 3
● Destination port for the DNS query message is 53 and the source port of the DNS response message is
53. (see pictures on task 1 and 2)

Task 4
● Result: Destination IP address for the DNS query message is 83.255.255.2 (see picture on task 1)
● Discussion:
The DNS IP address shows differently on every member’s computer because we have different default
DNS servers.

Task 5

● 1 question and 0 answer

Task 6

● 1 question and 0 answer

7
Task 7

By inspection of the trace file provided with the assignment the following results can be extracted. Relevant
parts of the trace file in pictures above.

● Packet number for the initial HTTP GET request is 763.

● Packet number for DNS query is 755
● Packet of received DNS response 756
● Packet number for the HTTP GET of the image file is 870.
● Packet number for DNS for HTTP GET for image is still 755 since the IP is cached from the last query
and no new request is needed.
● If the IP address from the first DNS request has been stored in the cache memory, there is no need for
a second DNS request, because we already have the answer in the cache.

Task 8

8
 ● By inspection of the trace shown in pictures above the destination port for the DNS query message is
53 and the source port of the DNS response message is 53.

Task 9
● By inspection of the same trace as in task 8 the DNS query is sent to 198.168.1.1 which is the IP
address to my local DNS server. Also IP for my home router.

Task 10

● Type A and contains no answer.

9
Task 11

● 1 question and 1 answer.

Task 12

● The IP address is 8.8.8.8 and it is the current default local DNS server.

Task 13
● 1 question and 0 answers.

10
Task 14

● The response have three answers

● The response contains the name for the name servers.

● One additional RR
● An OPT type with a payload of 512 bytes.

Task 1

11
 ● Packet number 1.
● A DNS query is in this UDP message.
● 4 header fields: Source port, Destination port, Length and Checksum.

Task 2
● They are 2 bytes each. The four header fields are highlighted in the screenshot above.
Task 3
● The number of bytes for the header and data fields of the UDP message. 8 bytes highlighted for the
header and 38 bytes for the UDP payload. Sums to 46 as in the length field.
Task 4
● Maximum number in the length field is 2^16-1 (max number for 2 bytes). Since the header field takes
up 8 bytes there are 2^16-9 bytes left for the UDP payload.
Task 5
● The largest possible source port number is 2^16-1 = 65535
Task 6

12
 ● The UDP protocol number is 17. See highlights in the screenshot above.

Task 7

● In this case the packet numbers are 1 and 2. The source and destination port is switched between the
packets since the second is a response to the sender of the first packet.

13
Part 2

Task 1

The IP address is 192.168.86.68 and source port is 55639

Task 2
The IP address is 128.119.245.12 and destination port is 80

Task 3

14
 ● Raw sequence number 4236649187
● It’s a SYN since the SYN flag is set to 1
● Selective acknowledgement is permitted. See TCP option.

Task 4

● Raw sequence number: 1068969752

● ACK and SYN flag set to 1
● Acknowledgement number 4236649188 since it is the last received segment sequence number + 1
which is the next requested raw sequence number.

Task 5

15
 ● Sequence number of TCP segment is 4236649188
● Amount of data that is contained in the payload is 1448 bytes
● The alice.txt does not fit in this single assignment because the file itself is 152 Kb which is larger than
the payload size.

Task 6

● The first segment(containing the HTTP POST) in the data transfer part of the TCP connection sent at
0.024047 (package 4)
● The first segment(ACK) in the data transfer part of the TCP connection sent at 0.052671 (package 7)
● The RTT for this first data-containing segment is 0.052671 - 0.024047 = 0.028624
● The second segment(containing the HTTP POST) in the data transfer part of the TCP connection sent
at 0.024048 (package 5)
● The second segment(ACK) in the data transfer part of the TCP connection sent at0.052676 (package
8)
● The RTT for this second data-containing segment is 0.052676 - 0.024048 = 0.028628

16
 ● We used the following formula to calculate the EstimatedRTT after the second segment.
● EstimatedRTT (after second segment) = (1 - 0.125) * EstimatedRTT (after first segment) + 0.125 *
SampleRTT
● The answer is EstimatedRTT = 0.875 * 0.028624 + 0.125 * 0.028628 = 0.0286245

Task 7

● The header is 32 bytes and the payload is 1448 bytes, with a total of 1480 bytes for each segment.

Task 8

● In packet 2 the given calculated window size is 28960.

● The lack of receiver buffer space does not ever throttle the sender.

17
Task 9

● There are no retransmitted segments. We can tell this by checking the sequence numbers of the TCP
segments.

Task 10

● In the first ten data-carrying segments, the receiver always acknowledged 1448 bytes of data.
● In the twelfth ACK the receiver acknowledges 2896 bytes of data.

Task 11

● The total amount of data transferred divided by the total time it took gives us the speed of the data
transfer. The last relative sequence number indicates that 153426 bytes were transferred during
0.192732 seconds.
● 153426 bytes / 0.192732 seconds = 796 KB/s

18
Task 12

● At first three, 0,025s, 0,053s and 0,082s it looks like a slow start phase since the packets sent are
doubling. At 1s congestion avoidance begins.
Task 13
● The observed periodicity is similar to the calculated RTT values.
Task 14
● The questions are answered.

19