a) Examine the protocol type and time to live fields in the IP packet that carries...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
a) Examine the protocol type and time to live fields in the IP packet that carries the first ICMP Echo Request. ICMP packet doesn't have source and destination port numbers. Why? b) Study the ICMP message and what are the fields does ICMP packet have? Check the number of bytes for the checksum, sequence number and identifier fields. c) Identify the data bytes in request message and note the corresponding character sequence in third pane of Wireshark window. What is contained in this data field? (10 marks) ICMP echo reply: a) Compare the message identifier and sequence number in the reply message with the equivalent numbers in the request message. (5 marks) b) Recognize the data bytes in the reply message and compare the data sequence with that in the request message. (5 marks) c)To support the above questions 1 & 2, please provide screen dumps of the Wireshark packets you have captured. i.e. Like the screen dumps shown above in the procedure.(10 marks) ter kmp No.. Time 92 10.826517 93 10.872711 100 17.860322 101 17.906644 106 18.894 511 107 18.940406 117 19.928676 118 19.974502 124 20.963821 125 21.010552 Source 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 Total Length: 60 Identification: 0x8bf8 (35832) Flags: 0x00 Fragment offset: 0 Destination 0000 90 80 6b 72 39 ae 00 19 0010 00 3c 8b 18 00 00 80 01 0020 e7 68 08 00 01 5€ 02 00 0030 67 68 69 6a ob 6c od de 0040 77 61 62 63 64 65 66 67 Internet Protocol (p), 20 bytes Expression... Cear Apply Protocol TCMP ICMP 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 Frame 92 (74 bytes on wire, 74 bytes captured) Ethernet II, Sec: Intel 09:20:6f (00:19:d1:09:2c:6f), Dst: Schmidre 72:39:ae (00:80:6b:72:39:ae) Internet Protocol, Sec: 10.0.0.147 (10.0.0.147), Dst: 209.85.231.104 (209.85.231.104) version: 4 Header length: 20 bytes Differentiated services Field: 0x00 (DSCP 0x00: Default: ECN: 0X00) 45 00 di 09 2c of 08 eb 77-03 4a 00 61 65 66 of 70 71 72 73 74 75 76 68 69 ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP Info Echo (ping) request Echo (ping) reply Echo (ping) request Echo (ping) reply Echo (ping) request Echo (ping) reply Echo (ping) request Echo (ping) reply Echo (ping) request Echo (ping) reply kro........ Keep. W ghijk imn opqrstuv wabcdefg hi Packets: 1174 Displayed: 10 Marked: 0 The screen shot of Wireshark output after filtering the 'icmp' messages. Profile: Defau a) Examine the protocol type and time to live fields in the IP packet that carries the first ICMP Echo Request. ICMP packet doesn't have source and destination port numbers. Why? b) Study the ICMP message and what are the fields does ICMP packet have? Check the number of bytes for the checksum, sequence number and identifier fields. c) Identify the data bytes in request message and note the corresponding character sequence in third pane of Wireshark window. What is contained in this data field? (10 marks) ICMP echo reply: a) Compare the message identifier and sequence number in the reply message with the equivalent numbers in the request message. (5 marks) b) Recognize the data bytes in the reply message and compare the data sequence with that in the request message. (5 marks) c)To support the above questions 1 & 2, please provide screen dumps of the Wireshark packets you have captured. i.e. Like the screen dumps shown above in the procedure.(10 marks) ter kmp No.. Time 92 10.826517 93 10.872711 100 17.860322 101 17.906644 106 18.894 511 107 18.940406 117 19.928676 118 19.974502 124 20.963821 125 21.010552 Source 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 Total Length: 60 Identification: 0x8bf8 (35832) Flags: 0x00 Fragment offset: 0 Destination 0000 90 80 6b 72 39 ae 00 19 0010 00 3c 8b 18 00 00 80 01 0020 e7 68 08 00 01 5€ 02 00 0030 67 68 69 6a ob 6c od de 0040 77 61 62 63 64 65 66 67 Internet Protocol (p), 20 bytes Expression... Cear Apply Protocol TCMP ICMP 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 209.85.231.104 10.0.0.147 Frame 92 (74 bytes on wire, 74 bytes captured) Ethernet II, Sec: Intel 09:20:6f (00:19:d1:09:2c:6f), Dst: Schmidre 72:39:ae (00:80:6b:72:39:ae) Internet Protocol, Sec: 10.0.0.147 (10.0.0.147), Dst: 209.85.231.104 (209.85.231.104) version: 4 Header length: 20 bytes Differentiated services Field: 0x00 (DSCP 0x00: Default: ECN: 0X00) 45 00 di 09 2c of 08 eb 77-03 4a 00 61 65 66 of 70 71 72 73 74 75 76 68 69 ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP Info Echo (ping) request Echo (ping) reply Echo (ping) request Echo (ping) reply Echo (ping) request Echo (ping) reply Echo (ping) request Echo (ping) reply Echo (ping) request Echo (ping) reply kro........ Keep. W ghijk imn opqrstuv wabcdefg hi Packets: 1174 Displayed: 10 Marked: 0 The screen shot of Wireshark output after filtering the 'icmp' messages. Profile: Defau
Expert Answer:
Answer rating: 100% (QA)
The questions are related to the analysis of Internet Control Message Protocol ICMP packets using the Wireshark network protocol analyzer Unfortunately I cant perform interactive actions such as using ... View the full answer
Related Book For
Principles Of Information Security
ISBN: 9780357506431
7th Edition
Authors: Michael E. Whitman, Herbert J. Mattord
Posted Date:
Students also viewed these computer network questions
-
Discuss the implications of collateral scarcity and collateral velocity for market liquidity and financial stability. How do changes in market conditions, such as regulatory reforms, market...
-
The following questions are regarding Amdahl's Law as it relates to databases. a. If 65% of your program can be parallelized, and you are using 4 machines to run the parallel version of the program,...
-
Why does MongoDB make sure that each document has a unique id? Does this make it easier or more difficult to shard a MongoDB database? Why?
-
What type of insurance policy insures against all risks of loss that are not specifically excluded by the policy? OA) Binder policy OB) Named peril policy OC) Specified peril policy OD) Open peril...
-
How can a neutron, with practically no kinetic energy, excite a nucleus to the extent shown in Fig.31-2?
-
General accountingprinciples consist of four basic principles, four assumptions, and two constraints that are the building blocks of GAAP (Generally Accepted Accounting Principles). These ten general...
-
It is mentioned that for a "decision to be made" there must be more than one alternative under consideration and the possible outcomes must be of unequal value. What are the three general types of...
-
The Switch division of Tornax Inc. produces a small switch that is used by various companies as a component part in their products. Tornax operates its divisions as autonomous units, giving its...
-
For a particular taxable year, X Corp., a DE corp., has taxable income of $ 1 , 0 0 0 ( before taking foreign income taxes into account ) , of which $ 2 0 0 is from sources outside the U . S . Assume...
-
Open the Orders Solution.sln file contained in the VB2017\Chap03\Orders Solution folder. The interface provides a button for adding the number ordered to the total ordered, and a button for...
-
Write an Executive Summary in which you analyze the liquidity, solvency and profitability of Wahlberg Company. Recommend with supporting points, whether the Company should be considered as an...
-
Suppose the Gini coefficient in some country were equal to 0. What would that tell us about income in this country?
-
Explain under what conditions it is best to use a pie chart to present data.
-
Suppose you are interested in constructing a frequency distribution for the heights of 80 students in a class. Describe how you would do this.
-
Construct a frequency histogram for weight loss using MINITAB. Use the following information to answer question. Suppose Weight Watchers has collected the following weight loss data, in pounds, for...
-
The Home News used this bar chart (next column, bottom) on page Dl of its November 20, 1991, issue to depict the increasing popularity of turkey not just at holiday meals but throughout the year. (a)...
-
1) (3 points) Consider the following security prices: Security 3-month European call whose exercise price = $25 3-month European put whose exercise price = $25 the underlying (non-dividend-paying)...
-
What is EBIT/eps analysis? What information does it provide managers?
-
Explain that the RM policy is a strategic document that formalizes much of the intent of the governance group. Explain that the RM policy must include purpose and scope, RM intent and objectives,...
-
Discuss the criteria on which selecting information security personnel is based, including the principles of supply and demand. This is likely a combination of experience, certifications, and...
-
True or False: Popular cryptosystems use a hybrid combination of symmetric and asymmetric algorithms.
-
1. Describe the bases of power held by Dr. Jamie Thompson. Describe the bases of power held by Dr. Elizabeth Clarke. 2. What activities and people have contributed to Jaime Thompsons power? What...
-
What is the current in the wire in Figure Q22.1? 1.0 VR + 1.0-1.0V + FIGURE Q22.1
-
Electroconvulsive therapy is a last-line treatment for certain mental disorders. In this treatment, an electric current is passed directly through the brain, inducing seizures. The total charge that...
Study smarter with the SolutionInn App