In your trace, you should be able to see the series of ICMP Echo Request (in...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
In your trace, you should be able to see the series of ICMP Echo Request (in the case of Windows machine) or the UDP segment (in the case of Unix) sent by your computer and the ICMP TTL-exceeded messages returned to your computer by the intermediate routers. In the questions below, we'll assume you are using a Windows machine; the corresponding questions for the case of a Unix machine should be clear. Whenever possible, when answering a question below you should hand in a printout of the packet(s) within the trace that you used to answer the question asked. When you hand in your assignment, annotate the output so that it's clear where in the output you're getting the information for your answer (e.g., for our classes, we ask that students markup paper copies with a pen, or annotate electronic copies with text in a colored font). To print a packet, use File->Print, choose Selected packet only, choose Packet summary line, and select the minimum amount of packet detail that you need to answer the question. 1. Select the first ICMP Echo Request message sent by your computer, and expand the Internet Protocol part of the packet in the packet details window. 000 Eile Edit View Go Capture Analyze Statistics Telephony Iools Internals Help Filter: No. Time 1 0.000000 2 4.866867 3 4.868147 4 5.363536 55.364799 65.864428 7 5.865461 8 6.163045 96.176826 10 6.188629 11 6.202957 12 6.208597 13 6.234505 Source Telebit 73:8d:ce 192.168.1.100 192.168.1.100 192.168.1.100 192.168.1.100 192.168.1.100 192.168.1.100 192.168.1.102 10.216.228.1 192.168.1.102 24.218.0.153 192.168.1.102 24.128.190.197 Fragment offset: 0 0000 00 06 25 da af 73 00 20 0010 30 54 32 do 00 00 01 01 0020 17 64 08 00 17 ca 03 00 0030 aa aa aa aa aa aa aa aa 3040 3050 an na an an na an an 88 0060 aa Frame (frame), 98 bytes TT 71 . Xip-ethereal-trace-1 [Wireshark 1.6.7 (SVN Rev 41973 from /trunk-1.6)] Frame 8: 98 bytes on wir (784 bits), 98 bytes captured (784 bits) Ethernet II, Src: Actionte_8a:70:la (00:20:e0:8a:70:la), Dst: LinksysG_da:af:73 (00:06:25:da:af:73) Internet Protocol Version 4, Sre: 192.168.1.102 (192.168.1.102), Dst: 128.59.23.100 (128.59.23.100) Version: 4 Header Length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)). Total Length: 84 Identification: 0x32d0 (13008) Flags: 0x00 80 Ba 70 la 08 00 45.00 2d 2c c0 a8 01 66 80 3b 50 03 37 32 20 aa aa aa 1 Destination. Broadcast 192.168.1.1 192.168.1.1 192.168.1.1 192.168.1.1 192.168.1.1 192.168.1.1 128.59.23.100 192.168.1.102 128.59.23.100 192.168.1.102 128.59.23.100 192.168.1.102 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa a tu ao mi ao da da lo Expression... Clear Apply 11 Protocol Length Info ARP UDP UDP UDP UDP UDP UDP ICMP ICMP ICMP ICMP ICMP ICMP 2 ALLERKE QQ F 7 Y ******* Packets: 380 Displayed: 380 Marked: 0 Load time: 0:00.006 In 60 who has 192.168.1.117? Tell 192.168.1.104 174 Source port: 30955 Destination port: ssdp 175 Source port: 30955 Destination port: ssdp 174 Source port: 30955 Destination port: ssdp 175 Source port: 30955 Destination port: ssdp 174 Source port: 30955 Destination port: ssdp 175 Source port: 30955 Destination port: ssdp 98 Echo (ping) request id=0x0300, seq=20483/848, ttl=1 70 Time-to-live exceeded (Time to live exceeded in transit) 98 Echo (ping) request id=0x0300, seq=20739/849, ttl=2 70 Time-to-live exceeded (Time to live exceeded in transit) 98 Echo (ping) request id=0x0300, seq=20995/850, ttl=3 70 Time-to-live exceeded (Time to live exceeded in transit) 25 101 Profile: Default 3050 3060 Frame (frame), 98 bytes Packets: 380 Displayed: 380 Marked: 0 Load time: 0:00.006 What is the IP address of your computer? Profile: Default 2. Within the IP packet header, what is the value in the upper layer protocol field? 3. How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes. 4. Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented. T+CE Next, sort the traced packets according to IP source address by clicking on the Source column header; a small downward pointing arrow should appear next to the word Source. If the arrow points up, click on the Source column header again. Select the first ICMP Echo Request message sent by your computer, and expand the Internet Protocol portion in the "details of selected packet header" window. In the "listing of captured packets" window, you should see all of the subsequent ICMP messages (perhaps with additional interspersed packets sent by other protocols running on your computer) below this first ICMP. Use the down arrow to move through the ICMP messages sent by your computer. 5. Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer? 6. Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why? 7. Describe the pattern you see in the values in the Identification field of the IP datagram Next (with the packets still sorted by source address) find the series of ICMP TTL- exceeded replies sent to your computer by the nearest (first hop) router. 8. What is the value in the Identification field and the TTL field? 9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router? Why? Fragmentation Sort the packet listing according to time again by clicking on the Time column. 10. Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 2000. Has that message been fragmented across more than one IP datagram? [Note: if you find your packet has not been fragmented, you should download the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract the ip- ethereal-trace-/packet trace. If your computer has an Ethernet interface, a packet size of 2000 should cause fragmentation.] 11. Print out the first fragment of the fragmented IP datagram. What information in the IP header indicates that the datagram been fragmented? What information in the IP header indicates whether this is the first fragment versus a latter fragment? How long is this IP datagram? The packets in the ip-ethereal-trace-/ trace file in http://gaia.cs.umass.edu/wireshark-labs/wireshark- traces.zip are all less that 1500 bytes. This is because the computer on which the trace was gathered has an Ethernet card that limits the length of the maximum IP packet to 1500 bytes (40 bytes of TCP/IP header data and 1460 bytes of upper-layer protocol payload). This 1500 byte value is the standard maximum length allowed by Ethernet. If your trace indicates a datagram longer 1500 bytes, and your computer is using an Ethernet connection, then Wireshark is reporting the wrong IP datagram length; it will likely also show only one large IP datagram rather than multiple smaller datagrams.. This inconsistency in reported lengths is due to the interaction between the Ethernet driver and the Wireshark software. We recommend that if you have this inconsistency, that you perform this lab using the ip-ethereal-trace-1 trace file. 12. Print out the second fragment of the fragmented IP datagram. What information in the IP header indicates that this is not the first datagram fragment? Are the more fragments? How can you tell? 13. What fields change in the IP header between the first and second fragment? Now find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 3500. 14. How many fragments were created from the original datagram? 15. What fields change in the IP header among the fragments? In your trace, you should be able to see the series of ICMP Echo Request (in the case of Windows machine) or the UDP segment (in the case of Unix) sent by your computer and the ICMP TTL-exceeded messages returned to your computer by the intermediate routers. In the questions below, we'll assume you are using a Windows machine; the corresponding questions for the case of a Unix machine should be clear. Whenever possible, when answering a question below you should hand in a printout of the packet(s) within the trace that you used to answer the question asked. When you hand in your assignment, annotate the output so that it's clear where in the output you're getting the information for your answer (e.g., for our classes, we ask that students markup paper copies with a pen, or annotate electronic copies with text in a colored font). To print a packet, use File->Print, choose Selected packet only, choose Packet summary line, and select the minimum amount of packet detail that you need to answer the question. 1. Select the first ICMP Echo Request message sent by your computer, and expand the Internet Protocol part of the packet in the packet details window. 000 Eile Edit View Go Capture Analyze Statistics Telephony Iools Internals Help Filter: No. Time 1 0.000000 2 4.866867 3 4.868147 4 5.363536 55.364799 65.864428 7 5.865461 8 6.163045 96.176826 10 6.188629 11 6.202957 12 6.208597 13 6.234505 Source Telebit 73:8d:ce 192.168.1.100 192.168.1.100 192.168.1.100 192.168.1.100 192.168.1.100 192.168.1.100 192.168.1.102 10.216.228.1 192.168.1.102 24.218.0.153 192.168.1.102 24.128.190.197 Fragment offset: 0 0000 00 06 25 da af 73 00 20 0010 30 54 32 do 00 00 01 01 0020 17 64 08 00 17 ca 03 00 0030 aa aa aa aa aa aa aa aa 3040 3050 an na an an na an an 88 0060 aa Frame (frame), 98 bytes TT 71 . Xip-ethereal-trace-1 [Wireshark 1.6.7 (SVN Rev 41973 from /trunk-1.6)] Frame 8: 98 bytes on wir (784 bits), 98 bytes captured (784 bits) Ethernet II, Src: Actionte_8a:70:la (00:20:e0:8a:70:la), Dst: LinksysG_da:af:73 (00:06:25:da:af:73) Internet Protocol Version 4, Sre: 192.168.1.102 (192.168.1.102), Dst: 128.59.23.100 (128.59.23.100) Version: 4 Header Length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)). Total Length: 84 Identification: 0x32d0 (13008) Flags: 0x00 80 Ba 70 la 08 00 45.00 2d 2c c0 a8 01 66 80 3b 50 03 37 32 20 aa aa aa 1 Destination. Broadcast 192.168.1.1 192.168.1.1 192.168.1.1 192.168.1.1 192.168.1.1 192.168.1.1 128.59.23.100 192.168.1.102 128.59.23.100 192.168.1.102 128.59.23.100 192.168.1.102 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa a tu ao mi ao da da lo Expression... Clear Apply 11 Protocol Length Info ARP UDP UDP UDP UDP UDP UDP ICMP ICMP ICMP ICMP ICMP ICMP 2 ALLERKE QQ F 7 Y ******* Packets: 380 Displayed: 380 Marked: 0 Load time: 0:00.006 In 60 who has 192.168.1.117? Tell 192.168.1.104 174 Source port: 30955 Destination port: ssdp 175 Source port: 30955 Destination port: ssdp 174 Source port: 30955 Destination port: ssdp 175 Source port: 30955 Destination port: ssdp 174 Source port: 30955 Destination port: ssdp 175 Source port: 30955 Destination port: ssdp 98 Echo (ping) request id=0x0300, seq=20483/848, ttl=1 70 Time-to-live exceeded (Time to live exceeded in transit) 98 Echo (ping) request id=0x0300, seq=20739/849, ttl=2 70 Time-to-live exceeded (Time to live exceeded in transit) 98 Echo (ping) request id=0x0300, seq=20995/850, ttl=3 70 Time-to-live exceeded (Time to live exceeded in transit) 25 101 Profile: Default 3050 3060 Frame (frame), 98 bytes Packets: 380 Displayed: 380 Marked: 0 Load time: 0:00.006 What is the IP address of your computer? Profile: Default 2. Within the IP packet header, what is the value in the upper layer protocol field? 3. How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes. 4. Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented. T+CE Next, sort the traced packets according to IP source address by clicking on the Source column header; a small downward pointing arrow should appear next to the word Source. If the arrow points up, click on the Source column header again. Select the first ICMP Echo Request message sent by your computer, and expand the Internet Protocol portion in the "details of selected packet header" window. In the "listing of captured packets" window, you should see all of the subsequent ICMP messages (perhaps with additional interspersed packets sent by other protocols running on your computer) below this first ICMP. Use the down arrow to move through the ICMP messages sent by your computer. 5. Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer? 6. Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why? 7. Describe the pattern you see in the values in the Identification field of the IP datagram Next (with the packets still sorted by source address) find the series of ICMP TTL- exceeded replies sent to your computer by the nearest (first hop) router. 8. What is the value in the Identification field and the TTL field? 9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router? Why? Fragmentation Sort the packet listing according to time again by clicking on the Time column. 10. Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 2000. Has that message been fragmented across more than one IP datagram? [Note: if you find your packet has not been fragmented, you should download the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract the ip- ethereal-trace-/packet trace. If your computer has an Ethernet interface, a packet size of 2000 should cause fragmentation.] 11. Print out the first fragment of the fragmented IP datagram. What information in the IP header indicates that the datagram been fragmented? What information in the IP header indicates whether this is the first fragment versus a latter fragment? How long is this IP datagram? The packets in the ip-ethereal-trace-/ trace file in http://gaia.cs.umass.edu/wireshark-labs/wireshark- traces.zip are all less that 1500 bytes. This is because the computer on which the trace was gathered has an Ethernet card that limits the length of the maximum IP packet to 1500 bytes (40 bytes of TCP/IP header data and 1460 bytes of upper-layer protocol payload). This 1500 byte value is the standard maximum length allowed by Ethernet. If your trace indicates a datagram longer 1500 bytes, and your computer is using an Ethernet connection, then Wireshark is reporting the wrong IP datagram length; it will likely also show only one large IP datagram rather than multiple smaller datagrams.. This inconsistency in reported lengths is due to the interaction between the Ethernet driver and the Wireshark software. We recommend that if you have this inconsistency, that you perform this lab using the ip-ethereal-trace-1 trace file. 12. Print out the second fragment of the fragmented IP datagram. What information in the IP header indicates that this is not the first datagram fragment? Are the more fragments? How can you tell? 13. What fields change in the IP header between the first and second fragment? Now find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 3500. 14. How many fragments were created from the original datagram? 15. What fields change in the IP header among the fragments?
Expert Answer:
Related Book For
Accounting Information Systems
ISBN: 9780132871938
11th Edition
Authors: George H. Bodnar, William S. Hopwood
Posted Date:
Students also viewed these computer network questions
-
(a) Determine whether 1 1 -2 is in the span of 1 and 1 Is -2 () of)() in the -3 3 1 -000-0-000 1 span of 2 3 ? (c) Is 2 4 in the span of ?
-
List three specific parts of the Case Guide, Objectives and Strategy Section (See below) that you had the most difficulty understanding. Describe your current understanding of these parts. Provide...
-
Case Study: Quick Fix Dental Practice Technology requirements Application must be built using Visual Studio 2019 or Visual Studio 2017, professional or enterprise. The community edition is not...
-
Jobs A, B, and C are waiting to be started on Machine Center X. When they are finished at this center, they must be moved to Machine Center Y for final processing. Machine capacity for both centers...
-
Name the followingcompounds: CH (b) (c) SH (a) CH SH CH CH3CH2CHSH CHH-CHH2H CH (e) C (d) (f) SCH3 CHCHSCH2CH3 SCH3 SCH2CH3
-
(a) Prove that the individual entries aij of a matrix A are bounded in absolute value by its matrix norm: |aij| (b) Prove that if the series converges, then the matrix series converges to some matrix...
-
A piece of wool is used to charge two plastic spheres. When the spheres are held \(200 \mathrm{~mm}\) apart, they repel each other with \(7.00 \mathrm{~N}\) of force. If the wool ends up with a...
-
On March 17, Kennedy Baking, Inc., committed to buy 1,000 tons of commodity A for delivery in May at a cost of $118 per ton. Concerned that the price of commodity A might decrease, on March 29 the...
-
2. 42. 33 43 A. B. Which of the above atoms belong to inert element R S C. T D. U A. If atom R belong to element R ant atom V belong to element V, what would be the formula of the compound formed...
-
Define the 4 (character, duties, consequences, and relationships) criteria for making ethical judgements. In your opinion, which criteria is the easiest to do? Which is the hardest? Why?
-
In the following sentence, the direct object is underlined. Select, from the options, the sentence that also has a direct object. The thrush builds a swollen nest. a. The thrush is found mainly in...
-
When is using magazine advertising a bad choice?
-
What is public relations, and how is it used in an IMC campaign?
-
How are coupons used to bridge the gap between newspaper and sales promotion? What are the strengths of their use?
-
What are some of the most common incentives used in direct marketing?
-
Define an infomercial and explain the differences between an infomercial and a traditional television advertisement.
-
Joe Jay purchased a new home with a $260,000 loan. He decided touse Loyal Bank for his mortgage and the bank required him to putdown 20%. The monthly payment for the 6.50% 25- year mortgage...
-
Open Text Corporation provides a suite of business information software products. Exhibit 10-9 contains Note 10 from the companys 2013 annual report detailing long-term debt. Required: a. Open Text...
-
What is normalization? Distinguish between first, second, and third normal forms.
-
State two advantages of using cycle billing.
-
What is a virus program? Give several examples.
-
Quick return motion is incorporated in a shaper, a planer and ____.
-
Length of open belt connecting two pulleys of radii \(r_{1}\) and \(r_{2}\) and at a center distance \(D\) apart, is: (a) \(\pi\left(r_{1}+r_{2} ight)+\left(r_{1}-r_{2} ight)^{2} / D+2 D\) (b)...
-
A flywheel: (a) Is provided to minimize the engine vibration (b) Is provided to control engine speed (c) Controls output fluctuation and input accordingly (d) All of the above
Study smarter with the SolutionInn App