MITS4004 Research Study 1: Comprehensive ICMP and IP Wireshark Lab

Verified

Added on 2023/04/20

AI Summary

This document presents a detailed analysis of ICMP and IP protocols using Wireshark, based on the MITS4004 Research Study 1. The lab report includes experiments with ping and traceroute, examining packet structures, IP addresses, and ICMP types. It covers topics such as ICMP echo requests and replies, IP header analysis, fragmentation, and TTL values. The study provides insights into network communication, packet behavior, and protocol characteristics, supported by captured data and screenshots. The report also answers specific questions related to the observed network traffic and protocol functionalities. Desklib offers a range of similar solved assignments for students.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: DATA COMMUNICATION
Data Communication
Name of the Student:
Name of the University:
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
DATA COMMUNICATION
ICMP and Ping
Starting wireshark
Ping on command prompt

2
DATA COMMUNICATION
1. What is the IP address of your host? What is the IP address of the destination
host?
The host IP address is 192.168.43.247 and the destination IP address is 143.89.44.246.
2. Why is it that an ICMP packet does not have source and destination port
numbers?
ICMP is a protocol which is designed so that the communication can take place in
between the routers and the hosts with the information gained from the network-layer.
However, this does not interfere with the processes in the application layer. Hence, the ICMP
packet does not have source and destination port numbers.

3
DATA COMMUNICATION
3. Examine one of the ping request packets sent by your host. What are the
ICMP type and code numbers? What other fields does this ICMP packet have?
How many bytes are the checksum, sequence number and identifier fields?
The ICMP type is 8 and the code number is 0. The other fields that the ICMP packet
have are checksum, checksum status, identifier (BE), identifier (LE), sequence number (BE),
sequence number (LE) and data. The checksum is 2 bytes, sequence number is 2 bytes and an
identifier field is of 2 bytes.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
DATA COMMUNICATION
4. Examine the corresponding ping reply packet. What are the ICMP type and
code numbers? What other fields does this ICMP packet have? How many bytes
are the checksum, sequence number and identifier fields?
The ICMP type is 0 and the code number is 0. The other fields that the ICMP packet
have are checksum, checksum status, identifier (BE), identifier (LE), sequence number (BE),
sequence number (LE) and data. The checksum is 2 bytes, sequence number is 2 bytes and an
identifier field is of 2 bytes.

5
DATA COMMUNICATION
ICMP and Traceroute

6
DATA COMMUNICATION

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
DATA COMMUNICATION
5. What is the IP address of your host? What is the IP address of the target
destination host?
The IP address of the host is 192.168.43.247. The IP address of the destination host is
128.93.162.84.
6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol
number still be 01 for the probe packets? If not, what would it be?
The IP protocol number would be 0x11 instead of 01 if ICMP sent UDP packets
instead.
7. Examine the ICMP echo packet in your screenshot. Is this different from the
ICMP ping query packets in the first half of this lab? If yes, how so?
It has been found that the ICMP echo packets are similar to the ICMP ping query
packets which were obtained in the first half of the lab. All the fields identified at the first
half of the lab are same to that of the ICMP echo packets.

8
DATA COMMUNICATION
8. Examine the ICMP error packet in your screenshot. It has more fields than the
ICMP echo packet. What is included in those fields?
The additional fields in the error packets are the differentiated services field, the time
to live field, flag fields and the header filed. It contains 4 bytes of the error packets.
9. Examine the last three ICMP packets received by the source host. How are
these packets different from the ICMP error packets? Why are they different?
The last three ICMP packets received by the source host are type 0 while the error
packets are of type 8. In addition to this, the ICMP packets received by the host has time to
live 49, however the error packets have a time to live 1.

9
DATA COMMUNICATION
10. Within the tracert measurements, is there a link whose delay is significantly
longer than others? Refer to the screenshot in Figure 4, is there a link whose
delay is significantly longer than others? On the basis of the router names, can
you guess the location of the two routers on the end of this link?
Yes, there is link in between hop 12 and 13, whose delay is significantly longer than
others. No router names can-not help in determining their locations.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
DATA COMMUNICATION
A look at the captured trace

11
DATA COMMUNICATION

12
DATA COMMUNICATION
1. Select the first ICMP Echo Request message sent by your computer, and
expand the Internet Protocol part of the packet in the packet details window.
What is the IP address of your computer?
The IP address in the computer is 192.168.43.27.
2. Within the IP packet header, what is the value in the upper layer protocol
field?
The value in the upper layer protocol field is ICMP (1).
3. How many bytes are in the IP header? How many bytes are in the payload of
the IP datagram? Explain how you determined the number of payload bytes.
The IP header is 20 bytes.
[Payload length = total length – IP header length].
Therefore the length of the payload of the IP datagram is 56 – 20 bytes = 30 bytes.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13
DATA COMMUNICATION
4. Has this IP datagram been fragmented? Explain how you determined whether
or not the datagram has been fragmented.
It has been observed that the fragmented bit is equal to 0 and this concludes that the
IP datagram has not been fragmented.
5. Which fields in the IP datagram always change from one datagram to the next
within this series of ICMP messages sent by your computer?
The time to live field and the identification fields in the IP datagram always change
from one datagram to the next within this series of ICMP messages sent by your computer
6. Which fields stay constant? Which of the fields must stay constant? Which
fields must change? Why?
The constant field in the ICMP messages are the header length, destination, source IP,
Upper layer protocol and versions.
The variable fields in the ICMP messages are the time to live field, the identification
field and the header checksum field. This happens as all the packets have their unique id and
the header checksum changes as the headers change.
7. Describe the pattern you see in the values in the Identification field of the IP
datagram
It has been observed that IP header field is incremented as each of the ICMP echo is
requested.
8. What is the value in the Identification field and the TTL field?
The value in the identification field is 19952 and the value in the TTL field is 255.

14
DATA COMMUNICATION
9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies
sent to your computer by the nearest (first hop) router? Why?
The identification value for each of the ICMP is different and hence there is a change
in the value every time there is ping request for the identification fields. In case there are
more than two datagram which has the same identification, it can be concluded that the IP
datagram are the fragments of the same IP datagram.
Fragmentation
10. Find the first ICMP Echo Request message that was sent by your computer
after you changed the Packet Size in pingplotterto be 2000. Has that message been
fragmented across more than one IP datagram?
Yes the message has been fragmented as the fragment offset is 1480.

15
DATA COMMUNICATION
11. Print out the first fragment of the fragmented IP datagram. What
information in the IP header indicates that the datagram been fragmented?
What information in the IP header indicates whether this is the first fragment
versus a latter fragment? How long is this IP datagram?
There is no fragmentation as there is fragments is not set. The first fragment is of a total
length of 0.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

16
DATA COMMUNICATION
12. Print out the second fragment of the fragmented IP datagram. What
information in the IP header indicates that this is not the first datagram
fragment? Are the more fragments? How can you tell?
It has been noted that there is a change in the fragment as the fragment offset and the
length of the fragment has changed in the next datagram. The fragment offset is 1416 and the
total length is 584.
13. What fields change in the IP header between the first and second fragment?
The IP header files which changed in the between the first and the second fragment is
fragment offset and checksum.
14. How many fragments were created from the original datagram?
3 fragments were created from the original datagram.
15. What fields change in the IP header among the fragments?
The flag changes in the IP header among the fragments.

17
DATA COMMUNICATION
Bibliography
Nakibly, G., Schcolnik, J., & Rubin, Y. (2016, August). Website-Targeted False Content
Injection by Network Operators. In USENIX Security Symposium (pp. 227-244).
Taylor, A., Leblanc, S., &Japkowicz, N. (2016, October). Anomaly detection in automobile
control network data with long short-term memory networks. In Data Science and
Advanced Analytics (DSAA), 2016 IEEE International Conference on (pp. 130-139).
IEEE.