Network Analysis Lab: ICMP and IP Protocol Examination (MITS4004)

Verified

Added on 2022/12/15

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: RESEARCH AND ANALYSIS OF NETWORKS
Research and Analysis of Networks
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
RESEARCH AND ANALYSIS OF NETWORKS
Part A – Pinging website beyond the continent
Wireshark is launched, ‘Ethernet’ network interface is selected and clicked on Start.
A website hosted in Europe is pinged since the activity is conducted from Asia.

2
RESEARCH AND ANALYSIS OF NETWORKS
1. What is the IP address of your host? What is the IP address of the destination
host?
IP address of source host is 10.10.63.7
IP address of destination host is 62.146.120.97
2. Why is it that an ICMP packet does not have source and destination port
numbers?
There are no port numbers for source or destination of ICMP packets as they are
designed to communicate using information that resides in the network layer among the
routers and hosts as against between processes like in application layer.

3
RESEARCH AND ANALYSIS OF NETWORKS
3. Examine one of the ping request packets sent by your host. What are the
ICMP type and code numbers? What other fields does this ICMP packet have?
How many bytes are the checksum, sequence number and identifier fields?
For the first ICMP echo request packet, the field values are: Type – 8, Code – 0, other
fields are checksum, identifiers and sequence numbers and have byte size of 2.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
RESEARCH AND ANALYSIS OF NETWORKS
4. Examine the corresponding ping reply packet. What are the ICMP type and
code numbers? What other fields does this ICMP packet have? How many bytes
are the checksum, sequence number and identifier fields?
For the first ICMP echo reply packet, the field values are: Type – 0, Code – 0, other
fields are checksum, identifiers and sequence numbers and have byte size of 2.

5
RESEARCH AND ANALYSIS OF NETWORKS
Part B – Traceroute of website beyond the continent
Wireshark is launched, ‘Ethernet’ network interface is selected and clicked on Start.
Trace route of www.inria.fr hosted in France is done using native windows command.

6
RESEARCH AND ANALYSIS OF NETWORKS
5. What is the IP address of your host? What is the IP address of the target
destination host?
IP address of source host is 10.10.63.7
IP address of destination host is 128.93.162.84
6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol
number still be 01 for the probe packets? If not, what would it be?
IP protocol number becomes 0x11 if UDP packets are sent by ICMP for Linux or
UNIX systems.
7. Examine the ICMP echo packet in your screenshot. Is this different from the
ICMP ping query packets in the first half of this lab? If yes, how so?
ICMP fields of echo packets for both trace route and ping are the same.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
RESEARCH AND ANALYSIS OF NETWORKS
8. Examine the ICMP error packet in your screenshot. It has more fields than the
ICMP echo packet. What is included in those fields?
The ICMP error packets for TTL exceeded have Type value 11 and contain IP header
plus 8 bytes of ICMP packet that causes the error.

8
RESEARCH AND ANALYSIS OF NETWORKS
9. Examine the last three ICMP packets received by the source host. How are
these packets different from the ICMP error packets? Why are they different?
The last three packets are reply and request packets and hence different from error
packets. The type value is 8 or 0 instead of 11 in error packets.

9
RESEARCH AND ANALYSIS OF NETWORKS
10. Within the tracert measurements, is there a link whose delay is significantly
longer than others? Refer to the screenshot in Figure 4, is there a link whose
delay is significantly longer than others? On the basis of the router names, can
you guess the location of the two routers on the end of this link?
Link among step 7 and step 8 for communication with routers located in Mumbai and
Marseille witness longest delay and the latency jumps from 38ms to 142ms.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
RESEARCH AND ANALYSIS OF NETWORKS
Part C – PingPlotter Trace with Latency Graph
Wireshark is launched, ‘Ethernet’ network interface is selected and clicked on Start.
Packet size is set to 56 bytes.

11
RESEARCH AND ANALYSIS OF NETWORKS
Trace of website gaia.cs.umass.edu is run till count = 3
Packet size is changed to 2000 bytes.

12
RESEARCH AND ANALYSIS OF NETWORKS
Trace of website gaia.cs.umass.edu is run till count = 6
Packet size is changed to 3500 bytes.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13
RESEARCH AND ANALYSIS OF NETWORKS
Trace of website gaia.cs.umass.edu is run till count = 9
1. Select the first ICMP Echo Request message sent by your computer, and
expand the Internet Protocol part of the packet in the packet details window.
What is the IP address of your computer?

14
RESEARCH AND ANALYSIS OF NETWORKS
IP address of computer is 10.10.63.7
2. Within the IP packet header, what is the value in the upper layer protocol
field?
Upper layer Protocol – ICMP (1)
3. How many bytes are in the IP header? How many bytes are in the payload of
the IP datagram? Explain how you determined the number of payload bytes.
IP header – 20 bytes
Total length – 56 bytes
Payload – 56 - 20 = 36 bytes

15
RESEARCH AND ANALYSIS OF NETWORKS
4. Has this IP datagram been fragmented? Explain how you determined whether
or not the datagram has been fragmented.
Flags and fragmentation offset values are 0 for first ICMP echo request packet, Info
tab also does not use the word fragmented and hence the packet is not fragmented.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

16
RESEARCH AND ANALYSIS OF NETWORKS
5. Which fields in the IP datagram always change from one datagram to the next
within this series of ICMP messages sent by your computer?
Packets are sorted according to Source IP address in descending order.
Changing fields – Identification, Time to live
6. Which fields stay constant? Which of the fields must stay constant? Which
fields must change? Why?
Fields that must not change:
Header length – because IP version IPv4 does not change
Source – because system tracing the website do not change
Destination – because website being traced is same
Protocol – Protocol is ICMP and do not change
Differentiated Services field – because all packets are of ICMP protocol

17
RESEARCH AND ANALYSIS OF NETWORKS
Fields that change:
Identification – because it identifies different packets
Time to live – because it is typical for packets to have different TTL values in tracing
activities
7. Describe the pattern you see in the values in the Identification field of the IP
datagram
Among changing fields, identification number decreases with every next packet.
8. What is the value in the Identification field and the TTL field?
TTL exceeded packets from nearest first hop router is identified.
Values of identification and TTL fields are 22316 and 255 respectively.

18
RESEARCH AND ANALYSIS OF NETWORKS
9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies
sent to your computer by the nearest (first hop) router? Why?
Identification field value decreases but TTL field value remains unchanged.
10. Find the first ICMP Echo Request message that was sent by your computer after
you changed the Packet Size in pingplotter to be 2000. Has that message been
fragmented across more than one IP datagram?
First ICMP echo packet after packet size change to 2000 bytes. Yes the packet is
fragmented as fragment offset value is 185.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

19
RESEARCH AND ANALYSIS OF NETWORKS
11. Print out the first fragment of the fragmented IP datagram. What
information in the IP header indicates that the datagram been fragmented?
What information in the IP header indicates whether this is the first fragment
versus a latter fragment? How long is this IP datagram?
Total length is 1500, more fragments is set in flags. This suggests that the IP datagram
is fragmented.

20
RESEARCH AND ANALYSIS OF NETWORKS
12. Print out the second fragment of the fragmented IP datagram. What
information in the IP header indicates that this is not the first datagram
fragment? Are the more fragments? How can you tell?
The identification field changes by 1 suggesting this is the next packet. More
fragments is set in flags, so packet is fragmented. More fragments value is 1 so there is one
more fragment.
13. What fields change in the IP header between the first and second fragment?
The fields, identification (20222 to 20221) and TTL (255 to 1) change between the
first and second fragmented IP datagram.
14. How many fragments were created from the original datagram?
Only 1 fragment was created from original IP datagram.

21
RESEARCH AND ANALYSIS OF NETWORKS
15. What fields change in the IP header among the fragments?
Field values changing between original IP datagram and the fragment are Total length
and Flags (flag value, more fragments and fragment offset).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

22
RESEARCH AND ANALYSIS OF NETWORKS
Bibliography
[1] D. Glasser, Longitudinal study of large-scale traceroute results. Naval Postgraduate
School Monterey United States., 2018.
[2] J. Ramon and D. Williams, Downtime Tracker. iCascade, 1(1)., 2017.
[3] T. Anderson and S. Steffann. Stateless IP/ICMP Translation for IPv6 Internet Data
Center Environments (SIIT-DC): Dual Translation Mode. No. RFC 7756. 2016.