ENGD3005 Communication Networks
Coursework Assignment 3
2016-2017
IPv4 / TCP
(Maximum Marks: 25)
Issue date: 31/01/2017
Submission deadline: 22/03/2017 4:00pm
Feedback date: 04/04/2017
Aim: In this assignment, you will use Wireshark to study IPv4 and TCP by capturing and examining a packet trace.
What to submit: Your coursework must be submitted as a report. Snapshots of the Wireshark interface showing the details of the captured trace and the tracert output should be included in the report. You must submit one hard copy of the report to FOTAC in the Gateway House and one identical soft copy (in Word format) to Turnitin.
Presentation: Please note that [3 marks] will be allocated to the presentation and organisation of your report.
Introduction: Capturing a Trace
The following steps show how to capture a packet trace using Wireshark.
Pick a URL at a remote server, e.g., http://www.jit.edu.cn/, and check that you can fetch the contents with wget (type wget http://www.jit.edu.cn). A successful fetch will result in a status code 200 OK in its displayed response.
Launch Wireshark and start a capture with a filter of tcp to record only standard web traffic.
After the capture is started, repeat the wget command above. This time, the packets will also be recorded by Wireshark.
After the command is complete, return to Wireshark and stop the trace.
You should now have a short trace similar to the one shown in Fig. 1.
Save the output as you will need it for later steps
Task 1: IP Packet Structure
Select any packet in the trace and expand the IP header fields (using the + expander or icon) to see the details similar to the snapshot presented in Fig. 1. Examine the details of the IP header fields presented in the middle panel of the Wireshark graphical interface.
1) Sketch a figure of an IP packet you examined. The figure should ideally show the position and size of bytes of the IP header fields as observed using Wireshark.
[4 marks]
2) By examining the details of the IP packets in your trace, answer the following questions:
a. What are the IP addresses of your computer and the remote server? [1 mark]
b. What is the initial value of the TTL field for packets sent from your computer? Is it the maximum possible value, or some lower value? [1 mark]
c. What does the Total Length field include? Provide an example from the trace to support your answer.
[1 mark]
d. What is the length of the IP Header and how is this encoded in the header length field? [1 mark]
e. How can you check whether a packet has been fragmented?
[1 mark]
Fig. 1: Trace of wget traffic showing the details of the IP header
Task 2: IP Header Checksum
To check that the IP header checksum value is correct, follow these steps:
Divide the header into 10 two-byte (16 bit) words. Each word will be 4 hexadecimal digits shown in the packet data panel at the bottom of the Wireshark window.
Add these 10 words using regular hexadecimal addition.
To compute the 1s complement sum from your addition so far, take any leading digits (beyond the 4 digits of the word size) and add them back to the remainder, e.g., 5a432 will become a432 + 5 = a437.
1) Pick a packet sent from the remote server to your computer, from the trace captured in Task 1 using Wireshark, and check that the IP header checksum is correct. Your answer should clearly show the summation process and the number of the packet you chose to carry out this summation on.[3 marks]
2) Explain why the checksum in IP covers only the header and not the data.
[3 marks]
Task 3: Sketch the Internet Path
To check the trace route, we can type tracert www.jit.edu.cn.
Each line of the tracert response shows information about the next IP hop from the computer running tracert towards the target destination. The lines with *s indicate that there was no response from the network to identity that segment of the Internet path.
Note: tracert does NOT work on wireless networks. It also does NOT work if a firewall in the network that your PC is connected to is restricting the traffic.
The task: Using the tracert output of a remote server at the University of Cambridge www.cam.ac.uk, which is provided below, sketch a drawing of the Internet path between the source computer and the remote server. [3 mark]
The sketch should clearly show the following:
a) The IP addresses of your computer and the remote server
b) The routers along the path ordered according to the hop count shown in the tracert output. For a better presentation of the sketch, group the routers that belong to one organisation, when possible, as the section highlighted
c:>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix. : lec-admin.dmu.a
Link-local IPv6 Address . . . . . : fe80::2c75:fd3a
IPv4 Address. . . . . . . . . . . : 10.14.143.159
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.14.143.254
c:>tracert www.cam.ac.uk
Tracing route to www.cam.ac.uk [131.111.150.25]
over a maximum of 30 hops:
1 1 ms<1 ms<1 ms10.0.14.2512 4 ms 3 ms 3 ms146.227.11.2513 4 ms 4 ms 3 mslinx-gw2.ja.net [195.66.236.15] 4 4 ms 4 ms 4 msae23.londhx-sbr1.ja.net [146.97.35.165]5 4 ms 4 ms 4 msae29.londpg-sbr2.ja.net [146.97.33.2]6 8 ms 4 ms 4 msae30.londtw-sbr2.ja.net [146.97.33.6]7 7 ms 7 ms 7 ms146.97.38.188 7 ms 7 ms 7 ms146.97.65.1179 7 ms 7 ms 7 msuniversity-of-cambridge.cambab-rbr1.eastern.ja.net [146.97.130.2]10 8 ms 9 ms 8 msc-ce.d-we.net.cam.ac.uk [192.84.5.18] 11 7 ms 7 ms 7 msc-ce.d-we.net.cam.ac.uk [192.84.5.18] 12 8 ms 8 ms 8 msroute-gh372.admin.cam.ac.uk [193.60.90.234] 13 8 ms 7 ms 7 msmint.admin.cam.ac.uk [193.60.89.241] 14 7 ms 7 ms 7 msprimary.admin.cam.ac.uk [131.111.150.25]Trace complete.Task 4: TCP Segment StructureSelect any packet in the packet trace captured by Wireshark and expand the TCP protocol section (using the + expander or icon) to see the details, similar to the snapshot presented in Fig. 2. Examine the details of the TCP fields presented in the middle panel of the Wireshark graphical interface.The task: sketch a figure of a TCP segment you examined. The figure should ideally show the position and size of bytes of the TCP fields as observed using Wireshark.[4 marks]Fig. 2: Trace of TCP traffic showing the details of the TCP header
Reviews
There are no reviews yet.