Examine a packet trace

Assignment Help Other Subject
Reference no: EM132164265

Lab Exercise - IPv4

Objective

To learn about the details of IP (Internet Protocol). IP is the network layer protocol used throughout the Internet. We will examine IP version 4, since it is ubiquitously deployed, while the IP version 6 is partly deployed. IP is covered in §5.6.1 to §5.6.3 of your text. Review those sections before doing this lab.

Requirements

Wireshark: This lab uses the Wireshark software tool to capture and examine a packet trace. A packet trace is a record of traffic at a location on the network, as if a snapshot was taken of all the bits that passed across a particular wire. The packet trace records a timestamp for each packet, along with the bits that make up the packet, from the lower-layer headers to the higher-layer contents. Wireshark runs on most operating systems, including Windows, Mac and Linux. It provides a graphical UI that shows the sequence of packets and the meaning of the bits when interpreted as protocol headers and data. It color-codes packets by their type, and has various ways to filter and analyze packets to let you investigate the behavior of network protocols. Wireshark is widely used to troubleshoot networks. You can download it from www.wireshark.org if it is not already installed on your computer. We highly recommend that you watch the short, 5 minute video "Introduction to Wireshark" that is on the site.

wget / curl: This lab uses wget (Linux and Windows) and curl (Mac) to fetch web resources. wget and curl are command-line programs that let you fetch a URL. Unlike a web browser, which fetches and executes entire pages, wget and curl give you control over exactly which URLs you fetch and when you fetch them. Under Linux, wget can be installed via your package manager. Under Windows, wget is available as a binary; look for download information. Under Mac, curl comes installed with the OS. Both have many options (try "wget --help" or "curl --help" to see) but a URL can be fetched simply with "wget URL" or "curl URL ".

traceroute / tracert: This lab uses "traceroute" to find the router level path from your computer to a remote Internet host. traceroute is a standard command-line utility for discovering the Internet paths that your computer uses. It is widely used for network troubleshooting. It comes pre-installed on Window and Mac, and can be installed using your package manager on Linux. On Windows, it is called "tracert". It has various options, but simply issuing the command "traceroute" will cause your computer to find and print the path to the remote computer.

Step 1: Capture a Trace
Proceed as follows to capture a trace assuming that your computer has IPv4 connectivity; alternatively, you may use a supplied trace. The trace we want to gather is a simple web fetch from a remote server, which will cause your computer to send and receive IP packets, followed by a traceroute to the remote server to find the path it uses over the Internet.

1. Pick a URL at a remote server, check that you can fetch the contents with wget or curl, e.g., "wget". This will fetch the resource and either write it to a file (wget) or to the screen (curl). With wget, you want a single response with status code "200 OK". If the fetch does not work then try a different URL; keep in mind that you may be referring to a URL by a shortcut for which browsers must do work to find the intended content

2. Perform a traceroute to the same remote server to check that you can discover information about the network path. If you are on Linux / Mac and behind a NAT (as most home users or virtual machine users) then use the -I option (that was a capital i) to traceroute. This will cause traceroute to send ICMP probes like tracert instead of its usual UDP probes; ICMP probes are better able to pass through NAT boxes. A successful example is shown below; save the output as you will need it for later steps. Note that traceroute may take up to a minute to run. Each line shows information about the next IP hop from the computer running traceroute towards the target destination. The lines with "*"s indicate that there was no response from the network to identity that segment of the Internet path. Some unidentified segments are to be expected. However, if traceroute is not working correctly then nearly all the path will be "*"s. In this case, try a different remote server, experiment with traceroute, or use the supplied traces.
3. Launch Wireshark and start a capture with a filter of "tcp port 80". Make sure to check "enable network name resolution". We use this filter to record only standard web traffic. Name resolution will translate the IP addresses of the computers sending and receiving packets into names. It will help you to recognize whether the packets are going to or from your computer.
4. After the capture is started, repeat the wget/curl command above. This time, the packets will also be recorded by Wireshark.
5. After the command is complete, return to Wireshark and stop the trace. You should now have a short trace similar to that shown in the figure below, along with the output of a traceroute you ran earlier to the corresponding server.

Step 2: Inspect the Trace
Select any packet in the trace and expand the IP header fields (using the "+" expander or icon) to see the details. You can simply click on a packet to select it (in the top panel). You will see details of its structure (in the middle panel) and the bytes that make up the packet (in the bottom panel). Our interest is the IP header, and you may ignore the other higher and lower layer protocols. When you click on parts of the IP header, you will see the bytes that correspond to the part highlighted in the bottom panel. We have expanded the IP header and clicked on all the IP header fields in the figure above.
Let us go over the fields in turn:
- The version field is set to 4. This is "IPv4" after all.
- Then there is the header length field. Observe by looking at the bytes selected in the packet data that version and header length are both packed into a single byte.
- The Differentiated Services field contains bit flags to indicate whether the packet should be handled with quality of service and congestion indications at routers.
- Then there is the Total Length field.
- Next is the Identification field, which is used for grouping fragments, when a large IP packet is sent as multiple smaller pieces called fragments. It is followed by the Flags and the Fragment offset fields, which also relate to fragmentation. Observe they share bytes.
- Then there is the Time to live or TTL field, followed by the Protocol field.

Step 3: IP Packet Structure
To show your understanding of IP, sketch a figure of an IP packet you studied. It should show the position and size in bytes of the IP header fields as you can observe using Wireshark. Since you cannot easily determine sub-byte sizes, group any IP fields that are packed into the same bytes. Your figure can simply show the frame as a long, thin rectangle. Try not to look at the figure of an IPv4 packet in your text; check it afterwards to note and investigate any differences.

By looking at the IP packets in your trace, answer these questions:
1. What are the IP addresses of your computer and the remote server?
2. Does the Total Length field include the IP header plus IP payload, or just the IP payload?
3. How does the value of the Identification field change or stay the same for different packets? For instance, does it hold the same value for all packets in a TCP connection or does it differ for each packet? Is it the same in both directions? Can you see any pattern if the value does change?
4. What is the initial value of the TTL field for packets sent from your computer? Is it the maximum possible value, or some lower value?
5. How can you tell from looking at a packet that it has not been fragmented? Most often IP packets in normal operation are not fragmented. But the receiver must have a way to be sure. Hint: you may need to read your text to confirm a guess.
6. What is the length of the IP Header and how is this encoded in the header length field? Hint: notice that only 4 bits are used for this field, as the version takes up the other 4 bits of the byte. You may guess and check your text.

Step 4: Internet Paths
The source and destination IP addresses in an IP packet denote the endpoints of an Internet path, not the IP routers on the network path the packet travels from the source to the destination. traceroute is a utility for discovering this path. It works by eliciting responses (ICMP TTL Exceeded messages) from the router 1 hop away from the source towards the destination, then 2 hops away from the source, then 3 hops, and so forth until the destination is reached. The responses will identify the IP address of the router. The output from traceroute normally prints the information for one hop per line, including the measured round trip times and IP address and DNS names of the router. The DNS name is handy for working out the organization to which the router belongs. Since traceroute takes advantage of common router implementations, there is no guarantee that it will work for all routers along the path, and it is usual to see "*" responses when it fails for some portions of the path.
Using the traceroute output, sketch a drawing of the network path. If you are using the supplied trace, note that we have provided the corresponding traceroute output as a separate file. Show your computer (lefthand side) and the remote server (righthand side), both with IP addresses, as well as the routers along the path between them numbered by their distance on hops from the start of the path. You can find the IP address of your computer and the remote server on the packets in the trace that you captured. The output of traceroute will tell you the hop number for each router.
To finish your drawing, label the routers along the path with the name of the real-world organization to which they belong. To do this, you will need to interpret the domain names of the routers given by traceroute. If you are unsure, label the routers with the domain name of what you take to be the organization. Ignore or leave blank any routers for which there is no domain name (or no IP address).

Step 5: IP Header Checksum
We will now look at the IP header checksum calculation by validating a packet. The checksum algorithm adds the header bytes 16 bits at a time. It is computed so that re-computing the sum across the entire IP header (including the checksum value) will produce the result of zero. A complicating factor for us is that this is done using 1s complement arithmetic, rather than 2s complement arithmetic that is normally used for computing. The steps below explain how to perform the necessary computation.
From the trace, pick a packet sent from the remote server to your computer and check that you have a non-zero value in the checksum field. The checksum value sent over the network will be non-zero, so if you have a zero value it is because of the capture setup. Try a packet that has an IP header of 20 bytes, the minimum header size when there are no options, to make this exercise easier.
Follow these steps to check that the checksum value is correct:
1. Divide the header into 10 two byte (16 bit) words. Each word will be 4 hexadecimal digits shown in the packet data panel in the bottom of the Wireshark window, e.g., 05 8c
2. Add these 10 words using regular addition. You may add them with a hexadecimal calculator (Google to find one), or convert them to decimal, add them, and convert them back to hexadecimal. Do whatever is easiest.
3. To compute the 1s complement sum from your addition so far, take any leading digits (beyond the 4 digits of the word size) and add them back to the remainder. For example: 5a432 will become a432 + 5 = a437.
4. The end result should be 0xffff. This is actually zero in 1s complement form, or more precisely 0xffff is -0 (negative zero) while 0x0000 is +0 (positive zero).
If you cannot get your sum to come out and are sure that the checksum must be wrong, you can get Wireshark to check it. See whether it says "[correct]" already. If it does not then use the menus to go to Preferences, expand Protocols, choose IPv4 from the list, and check "validate header checksum". Now Wireshark will check the checksum and tell you if it is correct.

Explore on your own
We encourage you to explore IP on your own once you have completed this lab. Some ideas:
- Read about and experiment with IPv6. Modern operating systems already include support for IPv6, so you may be able to capture IPv6 traffic on your network. You can also "join the IPv6" backbone by tunneling to an IPv6 provider.
- Learn about tunnels, which wrap an IP packet within another IP header.
- Read about IP geolocation. It is the process of assigning a geographical location to an IP address using measurements or clues from its name administrative databases. Try a geolocation service.
- Learn about IPsec or IP security. It provides confidentiality and authentication for IP packets, and is often used as part of VPNs.

Attachment:- lab.rar

Verified Expert

The Assignment was about the use of Wireshark and analyze the Data which is transversing from Real time Network. It needed to analyze the Data, PDU & Header size as well as the content of the header. Moreover it also needed me to do the Realtime calculations of the Checksum. I did solve all the questions as per the requirement.

Reference no: EM132164265

Questions Cloud

What is the speedup if one-third of the 15 seconds : Look at how speedup behaves when we incorporate faster floating point hardware.
Define a 64-bit constant signed integer in flash : HCS12 : Define a 64-bit constant signed integer in Flash. Write a program that would divide it by 8 and stores the result in a 64-bit signed integer variable.
Which party do you believe will win the suit : Which party do you believe will win this suit? If you believe that the plaintiff will be successful in her suit, what if any damages should be awarded?
Write a program that displays a long message : Delay routine to display part of message at a time. You can select different messages based on the selector DIP switch on the trainer board.
Examine a packet trace : Examine a packet trace. A packet trace is a record of traffic at a location on the network, as if a snapshot was taken of all the bits that passed across a part
Explain the attributes of language : Chapter 1 explains the attributes of language and the process of language acquisition in young children. Since this is such a crucial component to support.
Size of an integer array : Write a Java Program that ask the user to enter the size of an integer array then all the elements of the array
Review problem on domestic terrorism : As opposed to foreign terrorists, domestic terrorists pose a different problem for law enforcement being U.S. citizens. What type of approach toward domestic.
Create a directory called garbage under your home directory : Change your default mask so that the default permission is 644. What is the default permission for directories after you make this change?

Reviews

Write a Review

 

Other Subject Questions & Answers

  Explaining continuous improvement plan for case study

Your task is to consider the domains above and write an ESSAY illustrating and explaining continuous improvement plan for one case study. The primary purpose of this assessment item is to help you to develop skills in the contents and compilation ..

  Define how you would reduce bias in decision-making process

You are a counseling psychologist in a state prison. You have been counseling a new inmate, and he confided in you that one of the other inmates has indicated.

  Describe your implementation of kindness

Describe the reactions you perceived from others and yourself. Describe what you learned about prosocial behavior from this exercise

  Describe how sociologists define mental illness

Describe how sociologists define mental illness. Use the major theoretical perspectives in your response

  What effects do these changes have on older people

Our concept of old age is changing. Previously older adults were either taken into their children's homes or placed in a nursing home. What effects do these changes have on older people

  How would you incorporate the concepts of social control

How would you incorporate the concepts of social control and empowerment into your objectives?

  Glamorous models observed walking on the runways and streets

the dress as being brought on by the desire to look like one of the gorgeous and glamorous models observed walking on the runways and streets

  What extent do you agree or disagree with these statements

What extent do you agree or disagree with these statements? In your essay, be sure to refer to the Income tax Act 2007 and decided cases

  Theology and philosophy are different

Explaining how theology and philosophy are different. Use arguments from at least one Christian source, one Muslim source, and one Jewish source.

  Review of literature and incorporating theory

SIGNIFICANSE OF DAILY INTERRUPTION IN SEDATED MECHANICAL VENTILATOR PATIENTS - Review of Literature and Incorporating Theory

  Define what does victory or failure say about a person

What does victory or failure say about a person and his or her quest? Technically Gilgamesh failed and Odysseus succeeded.

  Explain why people become aggressive

Use the three components to prepare slides that discuss what you believe best explains why people become aggressive.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd