This document provides answers to questions related to Wireshark Lab: ICMP and Traceroute. It covers topics like ICMP and Ping, ICMP and Traceroute, Capturing packets from an execution of traceroute, A look at the captured trace, etc.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: NETWORKING AND COMMUNICATION Networking and Communication Name of the Student Name of the University Author’s Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1 NETWORKING AND COMMUNICATION Wireshark Lab: ICMP 1. ICMP and Ping Answer to Question 1: Ip address of the host is 10.10.30.142
2 NETWORKING AND COMMUNICATION IP address of the destination host is 143.89.44.246 Answer to Question 2: There is no source and destination port number for the ICMP packet since it is used for communicate the information of the network layer between the router and the host, but not for the process of application layer. The ICMP messages are identified using Type and Code and the network interprets the ICMP messages itself and thus eliminates the need of ports for directing the ICMP messages to the application layer processes. Answer to Question 3: The ICMP type for the selected ping request is 8 and its code number is 0. The selected ICMP packet have checksum, identifier, sequence number and each of them are of 2 bytes.
3 NETWORKING AND COMMUNICATION Answer to Question 4: An examination is done for the corresponding ping reply and here the ICMP type is 0 and the code is also 0. It also have checksum, identifier, sequence number and each of them are of 2 bytes. 2. ICMP and Traceroute Answer to Question 5:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4 NETWORKING AND COMMUNICATION Ip address of the host and targeted destination host is as follows: Src: 10.10.30.142, Dst: 128.93.162.84 Answer to Question 6: If ICMP sent UDP packet the Ip protocol number would not be 01 it would be 0x11. Answer to Question 7:
5 NETWORKING AND COMMUNICATION After examining the ICMP echo packet it is identified that it has the same fields as the ping querry packets analysed in the first half of the lab. Answer to Question 8: An examination is done on the ICMPerror packet and it is found that it is not same as the ping querry packets. The IP header and the first 8 bytes of the original ICMP packet are contained for the ICMP error packet. Answer to Question 9: The last three ICMP packets received are examined that are received by the source host and it found that it have message type of 0 while the Time-to-live exceeded has 11. It is different as the datagrams made it all ways to destination host before expiry of TTL. Answer to Question 10:
6 NETWORKING AND COMMUNICATION There is a link in between step 7 and 8 where we can see a longer delay and it is a transatlantic link from Mumbai to Marseille to Paris. In the figure 4 of the lab the delay is identified in the link between New York and Pastourelle, France. Wireshark Lab: IP v6.0 1. Capturing packets from an execution of traceroute
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7 NETWORKING AND COMMUNICATION 2. A look at the captured trace Answer to Question 1: The Internet Protocol address of the source address is: 10.10.30.142 Answer to Question 2: The value in the upper layer protocol field is ICMP (1). Answer to Question 3: There are 20 bytes in the header and its total length is 56 bytes and thus the payload is 36 bytes for the IP datagram. The payload is calculated by the formula Payload = total length – IP header. Answer to Question 4: Here the more fragmented bit is equal to 0 and thus the data is not fragmented.
8 NETWORKING AND COMMUNICATION Answer to Question 5: In the IP datagram the identification and Time to live always changes from one datagram to another within the series of ICMP messages. Answer to Question 6: The fields that stay constant within the series of ICMP messages are: • Version (since IPv4 address is used for all packets) • header length (since these are ICMP packets) • source IP (since the packet are sent from same source) • destination IP (since these are sent to same destination) • Differentiated Services (since the packets are ICMP and same Type of Service classis needed to be used) • Upper Layer Protocol (Since the packets are ICMP packets) The fields that must stay constant are:
9 NETWORKING AND COMMUNICATION • Version (Since IPv4 address is used for all packets) • header length (since these are ICMP packets) • source IP (since the packet are sent from same source) • destination IP (since these are sent to same destination) • Differentiated Services (since the packets are ICMP and same Type of Service classis needed to be used) • Upper Layer Protocol (Since the packets are ICMP packets) The fields that must change are: • Identification (IP packets should have unique ids) • Time to live (traceroute causes increments of each subsequent packet) • Header checksum (due to change in header) Answer to Question 7: The header identification field gets incremented with each ICMP echo request. Answer to Question 8: The value in the identification and the TTL filed are given below: 0x000038ae 18 Answer to Question 9: The vales for the identification changes every time a ping request is sent since it is unique and if two datagram have the same value it is marked as a fragment of a large IP datagram.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10 NETWORKING AND COMMUNICATION The TTL is remained unchanged since for the first hop router is always same. Answer to Question 10: The message is not fragmented for more than one datagram and it is identified from the value 0 from more fragments option. Answer to Question 11:
11 NETWORKING AND COMMUNICATION The flag bits for more fragments is not set and it indicates that the data fragments has not been fragmented. The first datagram has a total length of 534 bytes including the header. Answer to Question 12: Since the fragment offset is 185 it is confirmed that it has an offset and it is the last fragment since the value of more fragment size is not set. Answer to Question 13: The field IP header changes between the fragments such as total length, flogs, fragment offset and checksum. Answer to Question 14: 3 fragments are created from the original datagram whenPacket Sizeinpingplottersi set to 3500. Answer to Question 15:
12 NETWORKING AND COMMUNICATION The IP header field changes between all the fragments and the changes are in the following fields: For the first two and the last packet – Change in total length and flag. The first and the second packet has a total length of 1500 bytes and more fragment bit is set to 1 and for the last packet the total length size is 540 and the more fragment bit is set to 0.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
13 NETWORKING AND COMMUNICATION Bibliography Bagyalakshmi, G., Rajkumar, G., Arunkumar, N., Easwaran, M., Narasimhan, K., Elamaran, V., ... & Ramirez-Gonzalez, G. (2018). Network vulnerability analysis on brain signal/image databases using Nmap and Wireshark tools.IEEE Access,6, 57144- 57151. Chappell,L.(2017).Wireshark101:EssentialSkillsforNetworkAnalysis-Wireshark Solution Series. Laura Chappell University. Ndatinya, V., Xiao, Z., Manepalli, V. R., Meng, K., & Xiao, Y. (2015). Network forensics analysis using Wireshark.International Journal of Security and Networks,10(2), 91- 106. Sanders, C. (2017).Practical packet analysis: Using Wireshark to solve real-world network problems. No Starch Press.