$50
ECE5484-Project 4 Solved
The objective of this project is to reinforce your understanding of the TCP/IP protocol suite. In particular, you will use the Wireshark network protocol analyzer to examine details of TCP, UDP, and IP protocols from the TCP/IP protocol suite. You must:
i) capture and analyze TCP segments;
ii) capture and analyze UDP datagrams;
iii) capture and analyze IP datagrams; and
iv) write and submit a brief written report. The written report is to provide answers to the questions posed in Sections 2, 3, and 4 below.
This project assumes you installed and gained familiarity with Wireshark in Project 3.
1. TCP Capture and Analysis
For this part of the project, you will generate HTTP traffic, which is carried using TCP, and examine the resulting trace. Follow the steps below.[1]
1. Start Wireshark and set the interface to use to capture packets.
2. Click on “Capture Options.” Be sure that the “Use promiscuous mode” is turned off (unchecked). Be sure that “Capture Filter” is blank (no capture filter should be set). This can also be done from the main Wireshark window using the “Capture:Interfaces” and the “Capture:Options” menus.
3. Open your web browser and clear the cache.
4. Begin packet capture by clicking the “Start” button. Or, from the main Wireshark window, choose the “Capture:Start” menu.
5. Enter the URL http://www.ieee.org in your web browser. Wait long enough that the browser receives a response from the web server and then stop the capture using the “Capture:Stop” menu or using the stop button on the toolbar. NOTE: be sure to enter http://www.ieee.org, not https://www.ieee.org.
6. Use the display filter to select the packets to be displayed in Wireshark by entering the IP address of the www.ieee.org web server, which in my capture is 23.0.16.220 , as “ip.host==23.0.16.220” (lowercase, no quotes) into the display filter specification window near the top of the Wireshark window. The IP address for www.ieee.org may be different for you. So you’ll need to look for which IP address you got. This will change for each person. You might have the same IP as I did, but you may have another one. In my experience the server starts with 23 so you can try looking for that.
7. Find the HTTP packet from your client to the host IP you found (www.ieee.org) that contains the first GET request (“GET / HTTP/1.1”).[2]
8. Right click on the packet, select “Conversation Filter:TCP” as shown in Figure 1.
Figure 1. Selecting the TCP conversation.
First, consider the basics of the communication between your computer (the client) and www.ieee.org (the server) that is responding to the request. Answer the following questions in your report in Section 2.1.
Q 1.What is the IP address of the client?
Q 2.What is the port number used on the client for the TCP session with the server? Q 3.What is the IP address of the server?
Q 4.What is the port number used by the server for the TCP session with the client?
Next, consider TCP’s three-way handshake and use of acknowledgment numbers. Answer the following questions in your report in Section 2.1. Note that, by default, Wireshark specifies relative TCP sequence numbers. This is fine for this assignment, but do keep in mind that the actual initial sequence number is a more random number.[3]
Q 5.What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and the server?
Q 6.What field and value in that field in the TCP segment identifies the segment as a SYN segment?
Q 7.What is the sequence number of the SYN/ACK segment sent by the server to the client in reply to the SYN from the client?
Q 8.What is the value of the acknowledgement number in the SYN/ACK segment sent by the server to the client?
Q 9.What does this acknowledgment number indicate?
Q 10.What field in the TCP segment and value in that field identifies the segment as a SYN/ACK segment? Q 11.Locate the first GET message sent to the server. What is the sequence number of this message? Q 12.What is the total length of the HTTP request containing the GET? Note that this message is the data field for TCP.
Q 13.Locate the TCP segment from the server that acknowledges the GET message. Does the acknowledgment number agree with what you would expect? Briefly explain why or why not. Provide a screen shot of the Wireshark window displaying the information you use to answer this question.
2. UDP Capture and Analysis
For this part of the project, you will use the “nslookup” command, which uses DNS, to generate some UDP traffic. DNS traffic is carried as UDP datagrams.
1. Start Wireshark, if not already running, and clear the capture filter and the display filter.
2. Begin packet capture by choosing “Capture:Interfaces” and then selecting “Start” for the appropriate network interface from which you wish to capture packets.
3. From a command prompt[4] on your computer, enter “nslookup www.ece.vt.edu” which will use DNS to find the IP address associated with the host name www.ece.vt.edu. Wait for the response from the web server and then stop the capture in Wireshark.
4. Use the display filter to select the packets to be displayed in Wireshark by entering “udp” (lowercase, no quotes) into the display filter specification window near the top of the Wireshark window.
Consider the fields in a UDP header. Answer the following questions in Section 2.2 of your report
Q 14.Select one UDP datagram to or from your computer that is part of the DNS transaction. Double click on the packet in the main Wireshark window to create a new window displaying the packet. From this datagram, list each field in the header and indicate the length of the field and its value for this datagram. Provide a
screen shot of the window displaying the information you use to answer questions Q14-Q17. Q 15.The value in the Length field is the length of what? Verify your answer with the captured UDP datagram considered in the previous question.
Q 16.What is the maximum number of bytes that can be included in a UDP payload?
Q 17.What is the protocol number associated with UDP? Express the answer in decimal.
Q 18.Examine a pair of UDP packets in which the first packet is sent by your host and the second packet is a reply to the first packet. Describe the relationship between the port numbers in the two packets.
3. IP Analysis
For this part of the project, you will consider IP and routing in the Internet. You will generate traffic using a traceroute program. Traceroute allows you to trace the route from your host to any other host on the Internet, taking advantage of ICMP or ICMPv6[5] messages. Traceroute programs include “tracert” accessible from a command prompt in Windows, pingplotter[6] or similar program that runs as a Windows application, and “traceroute -I” on Linux systems. Follow these steps.
1. Familiarize yourself with a traceroute program and trace the route to an IP address selected by you. (You need not include any output from this first step in your project report.)
2. Start Wireshark and begin packet capture by choosing “Capture:Interfaces” and then selecting “Start” for the appropriate network interface from which you wish to capture packets.
3. Perform a traceroute to host www.google.com. After the traceroute completes, stop the Wireshark capture.
4. Use the display filter to select the packets to be displayed in Wireshark by entering “icmp” if using IPv4 or “icmpv6” if using IPv6 (lowercase, no quotes) into the display filter specification window near the top of the Wireshark window.
In the Wireshark trace, locate the first or earliest ICMP or ICMPv6 echo reply message. Use this message to answer the following questions in Section 2.3 of your report.
Q 19.Did your traceroute operation use ICMP or ICMPv6? Provide a screen shot of the Wireshark window displaying the information you use to answer question Q19-25. Q 20.What is the IP address of the host that generated the first TTL exceeded?
Q 21.Does this address match the destination address in the echo request messages?
Q 22.What is the content of the Protocol field of the datagram containing the echo reply? (Next Header if
IPv6)
Q 23.What is the purpose of this Protocol field? (Next Header if IPv6) Q 24.How many bytes are in the IP header?
Q 25.How many bytes are in the payload of the IP datagram? Briefly explain how you determine this value?
