Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Wireshark Lab: ICMP and Traceroute

Verified

Added on 2023/04/24

AI Summary

This document explains the Wireshark Lab on ICMP and Traceroute. It includes the packet capture of Ping Command, ICMP packet brief, Replay Ping Packets, and ICMP and Traceroute.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

MITS4004 Research Study : Networking
[Student Name]
[University Name]

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Table of Contents
Wireshark Lab: ICMP v6.0........................................................................................................3
ICMP and Ping.......................................................................................................................3
ICMP and Traceroute...........................................................................................................11
Wireshark Lab: IP v6.0............................................................................................................17

Wireshark Lab: ICMP v6.0
ICMP and Ping
Run Ping Command in command prompt
C:\Windows\System32>ping -n 10 www.ece.ust.hk
Pinging www.ece.ust.hk [143.89.44.246] with 32 bytes of data:
Reply from 143.89.44.246: bytes=32 time=104ms TTL=44
Reply from 143.89.44.246: bytes=32 time=104ms TTL=44
Reply from 143.89.44.246: bytes=32 time=104ms TTL=44
Reply from 143.89.44.246: bytes=32 time=104ms TTL=44
Reply from 143.89.44.246: bytes=32 time=104ms TTL=44
Reply from 143.89.44.246: bytes=32 time=103ms TTL=44
Reply from 143.89.44.246: bytes=32 time=104ms TTL=44
Reply from 143.89.44.246: bytes=32 time=104ms TTL=44

Reply from 143.89.44.246: bytes=32 time=104ms TTL=44
Reply from 143.89.44.246: bytes=32 time=104ms TTL=44
Ping statistics for 143.89.44.246:
Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 103ms, Maximum = 104ms, Average = 103ms
C:\Windows\System32>
Wireshark Packet Capture of Ping Command
Answers

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

1. IP address of the host is 10.10.30.148. IP address of the destination host is
143.89.44.246
2. ICMP packet communicate network layer information between hosts and routers.
Therefore, ICMP packets does not have the source and destination port number.
3. ICMP packet brief
Frame 27: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
Interface id: 0 (\Device\NPF_{57C7D7B6-27B9-4DA4-A941-901908A75822})
Encapsulation type: Ethernet (1)
Arrival Time: Jan 24, 2019 16:25:54.025442000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1548327354.025442000 seconds
[Time delta from previous captured frame: 0.017423000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 2.824314000 seconds]
Frame Number: 27
Frame Length: 74 bytes (592 bits)
Capture Length: 74 bytes (592 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: 58:8a:5a:40:59:64 (58:8a:5a:40:59:64), Dst: Sophos_49:1c:a8

(7c:5a:1c:49:1c:a8)
Destination: Sophos_49:1c:a8 (7c:5a:1c:49:1c:a8)
Address: Sophos_49:1c:a8 (7c:5a:1c:49:1c:a8)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 58:8a:5a:40:59:64 (58:8a:5a:40:59:64)
Address: 58:8a:5a:40:59:64 (58:8a:5a:40:59:64)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.10.30.148, Dst: 143.89.44.246
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 60
Identification: 0x385a (14426)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: ICMP (1)

Header checksum: 0x0000 [validation disabled]
[Header checksum status: Unverified]
Source: 10.10.30.148
Destination: 143.89.44.246
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x4030 [correct]
[Checksum Status: Good]
Identifier (BE): 1 (0x0001)
Identifier (LE): 256 (0x0100)
Sequence number (BE): 3371 (0x0d2b)
Sequence number (LE): 11021 (0x2b0d)
[Response frame: 28]
Data (32 bytes)
Data: 6162636465666768696a6b6c6d6e6f707172737475767761...
[Length: 32]
Data (32 bytes)
Data: 6162636465666768696a6b6c6d6e6f707172737475767761...
[Length: 32]
ICMP type is 8 and code number is 0. checksum, sequence number and identifier fields
are present except from the type and code number. They all are 2 bytes each.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

4. Replay Ping Packets
Frame 28: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
Interface id: 0 (\Device\NPF_{57C7D7B6-27B9-4DA4-A941-901908A75822})
Encapsulation type: Ethernet (1)
Arrival Time: Jan 24, 2019 16:25:54.129591000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1548327354.129591000 seconds
[Time delta from previous captured frame: 0.104149000 seconds]
[Time delta from previous displayed frame: 0.104149000 seconds]
[Time since reference or first frame: 2.928463000 seconds]
Frame Number: 28
Frame Length: 74 bytes (592 bits)
Capture Length: 74 bytes (592 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: Sophos_49:1c:a8 (7c:5a:1c:49:1c:a8), Dst: 58:8a:5a:40:59:64
(58:8a:5a:40:59:64)
Destination: 58:8a:5a:40:59:64 (58:8a:5a:40:59:64)
Address: 58:8a:5a:40:59:64 (58:8a:5a:40:59:64)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Sophos_49:1c:a8 (7c:5a:1c:49:1c:a8)
Address: Sophos_49:1c:a8 (7c:5a:1c:49:1c:a8)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 143.89.44.246, Dst: 10.10.30.148
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 60
Identification: 0x8bd4 (35796)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 44
Protocol: ICMP (1)
Header checksum: 0x1e00 [validation disabled]
[Header checksum status: Unverified]
Source: 143.89.44.246
Destination: 10.10.30.148

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0x4830 [correct]
[Checksum Status: Good]
Identifier (BE): 1 (0x0001)
Identifier (LE): 256 (0x0100)
Sequence number (BE): 3371 (0x0d2b)
Sequence number (LE): 11021 (0x2b0d)
[Request frame: 27]
[Response time: 104.149 ms]
Data (32 bytes)
Data: 6162636465666768696a6b6c6d6e6f707172737475767761...
[Length: 32]
Data (32 bytes)
Data: 6162636465666768696a6b6c6d6e6f707172737475767761...
[Length: 32]
ICMP type is 0 and code number is 0. checksum, sequence number and identifier
fields are present except from the type and code number. They all are 2 bytes each.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

ICMP and Traceroute
C:\Windows\System32>tracert www.inria.fr
Tracing route to ezp3.inria.fr [128.93.162.84]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.10.30.1
2 2 ms 2 ms 2 ms Kol-223.29.204.241.PMPL-Broadband.net [223.29.204.241]
3 2 ms 1 ms 1 ms 10.2.5.1
4 1 ms 1 ms 1 ms 22.22.22.1
5 2 ms 2 ms 2 ms 10.100.100.61
6 1 ms 1 ms 1 ms 10.200.30.2
7 * * * Request timed out.

8 * * * Request timed out.
9 1 ms 1 ms 1 ms 10.200.10.1
10 3 ms 3 ms 3 ms 220.225.118.117
11 30 ms 30 ms 30 ms sriperumbudur-eg-173.232.249.45.powergrid.in
[45.249.232.173]
12 29 ms 30 ms 30 ms chennai-igw-172.232.249.45.powergrid.in [45.249.232.172]
13 31 ms 31 ms 31 ms 115.249.226.130
14 56 ms 56 ms 56 ms 115.255.253.146
15 72 ms 66 ms 111 ms 62.216.147.45
16 183 ms 177 ms 175 ms xe-3-1-0.0.cjr01.prs001.flagtel.com [85.95.25.114]
17 175 ms 175 ms 183 ms ge-5-0-0.0.ejr02.prs002.flagtel.com [62.216.128.198]
18 * * * Request timed out.
19 184 ms 186 ms 184 ms 193.51.180.44
20 187 ms 188 ms 188 ms te1-1-inria-rtr-021.noc.renater.fr [193.51.177.107]
21 188 ms 192 ms 186 ms inria-rocquencourt-te1-4-inria-rtr-021.noc.renater.fr
[193.51.184.177]
22 185 ms 187 ms 190 ms unit240-reth1-vfw-ext-dc1.inria.fr [192.93.122.19]
23 183 ms 182 ms 182 ms ezp3.inria.fr [128.93.162.84]
Trace complete.
C:\Windows\System32>

Frame 76: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) on interface 0
Interface id: 0 (\Device\NPF_{57C7D7B6-27B9-4DA4-A941-901908A75822})
Encapsulation type: Ethernet (1)
Arrival Time: Jan 24, 2019 16:34:39.368029000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1548327879.368029000 seconds
[Time delta from previous captured frame: 0.000418000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 6.083916000 seconds]
Frame Number: 76
Frame Length: 106 bytes (848 bits)
Capture Length: 106 bytes (848 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:icmp:data]

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: 58:8a:5a:40:59:64 (58:8a:5a:40:59:64), Dst: Sophos_49:1c:a8
(7c:5a:1c:49:1c:a8)
Destination: Sophos_49:1c:a8 (7c:5a:1c:49:1c:a8)
Address: Sophos_49:1c:a8 (7c:5a:1c:49:1c:a8)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: 58:8a:5a:40:59:64 (58:8a:5a:40:59:64)
Address: 58:8a:5a:40:59:64 (58:8a:5a:40:59:64)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 10.10.30.148, Dst: 128.93.162.84
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 92
Identification: 0x7882 (30850)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set

Fragment offset: 0
Time to live: 1
[Expert Info (Note/Sequence): "Time To Live" only 1]
["Time To Live" only 1]
[Severity level: Note]
[Group: Sequence]
Protocol: ICMP (1)
Header checksum: 0x0000 [validation disabled]
[Header checksum status: Unverified]
Source: 10.10.30.148
Destination: 128.93.162.84
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xeac9 [correct]
[Checksum Status: Good]
Identifier (BE): 1 (0x0001)
Identifier (LE): 256 (0x0100)
Sequence number (BE): 3381 (0x0d35)
Sequence number (LE): 13581 (0x350d)
[No response seen]
[Expert Info (Warning/Sequence): No response seen to ICMP request]
[No response seen to ICMP request]

[Severity level: Warning]
[Group: Sequence]
Data (64 bytes)
Data: 000000000000000000000000000000000000000000000000...
[Length: 64]
5. 10.10.30.148 is host IP address and 128.93.162.84 is destination host address.
6. No. If ICMP sent UDP packets instead, the IP protocol number should be 0x11
7. They are not different they are same.
8.
No it is not possible to same ICMP packet like the first one. They have different
header value.
9. The message number of last three ICMP packet is 0. Because their TTL are expired.
10. There is the link between the 14 to 15 is significantly delay then other links. In figure
4 from the lab, the link between the New York to Pastourelle is delay then other links.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Wireshark Lab: IP v6.0
Internet Protocol Version 4, Src: 10.10.30.148, Dst: 128.119.245.12
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 56
Identification: 0x63a2 (25506)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 255
Protocol: ICMP (1)
Header checksum: 0x0000 [validation disabled]
[Header checksum status: Unverified]
Source: 10.10.30.148
Destination: 128.119.245.12
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
1. My computer IP address is 10.10.30.148

2. Upper layer protocol field value is ICMP (1).
3. Length of the header is 20 bytes, so, the payload of the IP datagram is 36 bytes.
4. Offset for the fragment is 0 so, it can be concluded that the IP datagram is not
fragmented.
5. Identification, Time to live and Header checksum always change.
6. Fields
Constant fields in IP datagrams are :
 Version (protocol version is always same because here IPv4 is used in all
ICMP packets)
 Header length (length of the header is not changed because all packets are
ICMP packets)
 Source and destination IP address (this is the default address for the all
network packets)
 Upper layer Protocol (all are ICMP packets)
The Fields that must be stay constant:
 Version (protocol version is always same because here IPv4 is used in all
ICMP packets)
 Header length (length of the header is not changed because all packets are
ICMP packets)
 Source and destination IP address (this is the default address for the all
network packets)
 Upper layer Protocol (all are ICMP packets)
Upper layer Protocol (all packets are ICMP packets)
 Identification (packets have different identity)

 Time to live (it is depend on the packets)
 Header checksum (it is also depend for the checksum)
7. ICMP Echo (ping) request
8. Identification Value is 25506 and TTL Value is 255
9. Identification value is unique for all the ICMP packets therefore, it is changing for all
packets. Value of TTL is unchanged for all ICMP packets, because the first hop router
TTL value is always same.
10. Yes, IP datagram is fragmented.
Internet Protocol Version 4, Src: 10.10.30.148, Dst: 128.119.245.12
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 1500

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Identification: 0x652f (25903)
Flags: 0x01 (More Fragments)
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..1. .... = More fragments: Set
Fragment offset: 0
Time to live: 255
Protocol: ICMP (1)
Header checksum: 0x0000 [validation disabled]
[Header checksum status: Unverified]
Source: 10.10.30.148
Destination: 128.119.245.12
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Reassembled IPv4 in frame: 1369
11. The flag bit value is “more fragment” is set. This thing is indicating the IP datagram is
segmented.
Internet Protocol Version 4, Src: 10.10.30.148, Dst: 128.119.245.12
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 1500
Identification: 0x6751 (26449)

Flags: 0x01 (More Fragments)
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..1. .... = More fragments: Set
Fragment offset: 1480
Time to live: 255
Protocol: ICMP (1)
Header checksum: 0x0000 [validation disabled]
[Header checksum status: Unverified]
Source: 10.10.30.148
Destination: 128.119.245.12
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Reassembled IPv4 in frame: 3553
12. Value of fragment offset is 1480 which is determine that this is not the first IP
datagram fragment.
13. Total length, flags, fragment offset, and checksum is present.
14. Three ICMP packets are created from the original datagram.
15. Fragment offset, and checksum are present.

1 out of 21

+13062052269

info@desklib.com

Wireshark Lab: ICMP and Traceroute

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

MITS4004 Research Study: Networking

Networking and Communication