[SOLVED] ENGD3103 Communication Networks 1 Coursework Assignment 2023-2024 Study of Protocol Layers Jav

ENGD3103 Communication Networks 1

Coursework Assignment

2023-2024

Study of Protocol Layers

Aim: In this assignment, you will use Wireshark to study TCP/IP layers by capturing and examining packet traces.

What to submit: Your coursework must be submitted as a report. Snapshots of the Wireshark interface showing the details of the captured traces should be included in the report. You must submit the report electronically in Word or PDF format to learning Zone. All references must be in IEEE format.

Presentation: Please note that  [4 marks] will be allocated to the presentation and organisation of your report.

Introduction: Capturing a Trace

The following steps show how to capture a packet trace using Wireshark.

–    Launch Wireshark and start a capture to record standard web traffic

–    Set the display filter to “http”

–    After the capture is started, browse the internet for any given website, e.g. www.dmu.ac.ukorwww.bbc.co.uk

–    Return to Wireshark and stop the trace

You should now have a short trace similar to the one shown in Fig. 1.

If you have visited https websites, then your trace may not be presented under “http” but under “tls” instead where TLS stands for Transport Layer Security.

–     Save the output as you will need it for later steps

If you cannot capture a trace yourself, use the provided traces available in the Lab folder under Learning Materials in Learning Zone.

Task 1: Frame Structure [7 marks]

Find the GET HTTP packet in the trace similar to the snapshot presented in Fig.  1. Examine the details of the Frame presented in the middle panel of the Wireshark graphical interface.

1)  Present the packet you examined showing the size in bytes of the TCP, IP, and Ethernet protocol header fields and their payloads. Show a snapshot of your trace that supports your answer.   [4 marks]

2)  By examining the details of the Ethernet and IP headers in your trace, determine the demultiplexing key in these protocol layers and present their values. Show a snapshot of your trace that supports your answer.

Discuss the importance of the demultiplexing keys.     [3 mark]

Fig. 1: Trace of a traffic showing the details of the captured trace

Task 2: Ethernet [8 marks]

Find a GET HTTP packet in the trace similar to the snapshot presented in Fig. 1. Examine the details of the packet presented in the middle panel of the Wireshark graphical interface.

1)  Sketch a figure of the GET message that shows the position and size in bytes of the Ethernet header fields. Show the range of the Ethernet header and the Ethernet payload. Show a snapshot of your trace that supports your answer.  [3 marks]

2)  Draw a figure that shows the relative positions of your computer, the router, and the remote server. Label your PC/laptop and the router with their Ethernet addresses. Label your PC/laptop and the remote server with their IP addresses. Show a snapshot of your trace that supports your answer.  [3 marks]

Change the display filter to arp, which denotes ‘address resolution protocol ’.

Choose a packet, expand the Ethernet header field (using the “>” expander or icon) and examine the details.

3)  What is the broadcast Ethernet address and which bit of the Ethernet address is used to

determine whether it is unicast or multicast/broadcast?

Show a snapshot of your trace that supports your answer.   [2 mark]

Task 3: IP Packet Structure [15 marks]

Change the display filter to “ip” .

1)  Select any packet in the trace and expand the IP header fields (using the “+” expander or icon) to see the details similar to the snapshot presented in Fig. 2. Examine the details of the IP header  fields presented in the middle panel  of the Wireshark  graphical interface.

By examining the details of the IP packets in your trace, answer the following questions:

a.   What does the TTL field represent and what is its initial value? Discuss the importance of this field.   [3 mark]

b.   What does the Total Length field include? Provide an example from the trace to support your answer.   [2 mark]

c.   How  can  you  check  whether  a packet has been  fragmented? Discuss your answer. Discuss the importance of fragmentation.  [4 mark]

Fig. 2: Trace of a traffic showing the details of the IP header

2)  What is the percentage of TCP packets in your captured trace to the total traffic? What is the percentage of UDP ones?   [2 marks]

3)  Generate an I/O Graph that shows the traffic of each of the TCP and UDP transport protocols analysed in the previous point 2).   [2 marks]

4)  Use Wireshark to measure the average bit rate of your captured trace (or the trace you obtained from the Learning Zone module shell).   [2 marks]

Task 4: IP Header Checksum [6 marks]

1)  Pick a packet from the trace captured in the previous task, and check that the IP header checksum is correct. Support your  answer showing the summation process and a snapshot.   [3 marks]

2)  Explain why the checksum in IP covers only the header and not the data.   [3 marks]