Analysis of ICMP Packet Captures and Traceroute in Network Analysis

Verified

Added on 2025/04/09

AI Summary

Desklib provides past papers and solved assignments for students. This report analyzes ICMP packets and traceroute.

MITS4004
Research Study

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

ICMP Packet Captures:

1.
The IP address of my host is 192.168.8.100 and the IP address of the destination is
216.58.199.132.
2.
ICMP works on network layer of OSI model, and ICMP is having protocol number 1 that’s why
it is not using source port and destination port.
3.
As per the above capture, ICMP Type is 8 which is echo request packet and code is 0.
ICMP packets are having a sequence number (BE), a Sequence number (LE), Checksum,
Identifier (BE), Identifier (LE) packets. Checksum is 2-byte, Identifier is 2 Byte, Sequence
number is 2 Byte.
4.

As per the above output in ICMP reply packet, Type is 0 and code is 0. The other fields of ICMP
reply packets are Checksum, Identifier, Sequence number, Request frame, Response frame, Data,
Header length. Each of the Identifier, Sequence number, Checksum containing 2-Byte of packet.
ICMP & TRACEROUTE:
5.
The IP address of the host is 192.160.0.106, and target IP address is 216.58.200.132.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

6.
If we use UNIX platform, then the protocol would be UDP and the protocol number is 17
because UDP works on protocol number 17 and it will send 3 UDP packets each time instead of
ICMP.
7.
It is same as like the first half of the lab however the source IP and the destination IP has
changed.
8

The extra field it contains Source GeoIP,Destination GeoIP fields.
9.
The last three packets are having TTL Values are like 32,54,128 which is the only difference in
between ICMP error packet.
10.
We can observe there is a delay in between router IP address 192.205.32.138 and
193.251.241.133 and the delay is 96-25=71 ms. The location of the two routers is in UK.

Packet size is 2000.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Packet size 3500:

1. The IP address of the host is 192.168.0.103.
2. The value in upper layer header is Protocol number 1.

3. IP header is 20 Bytes, 3472 bytes are in the payload of IP datagram.It is determined with
the help of IP 3500-20 (IP header)-8 ( ICMP header)=3472
4. Yes it is fragmented, we determined as per the capture, Packets are 1480,1480,520
5. The fragmented packets are changing at each time.
6. The source IP, destination IP is always constant however TTL value and source and
destination mac address are always changing.
7. The pattern in identification field is in a hexadecimal format which is of 2 bytes for both
BE,LE.
8.
The value in identification field is 1, and TTL field is 1.
9.
Yes, it is remained unchanged due to TTL Value becomes zero.
10.
Yes, it is fragmented to more than one packet. Packets are 1480,520.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

11.
We can see it from the IPV4 fragments packets are fragmented. We can see it from #644
(1480),#634(500).It is of 1972 bytes long.
12.

We can see it from the TTL value 2 which means it is a second packet. We can tell it from the
TTL Value that it reached to next hop.
13.
The TTL value is changed between first and second fragment.
14.
Three fragments were created after changing it to 3500 size packets.
15.
The fragment size of the packet changed as like 1480,1480,520 on each field.