Scribd
Upload
212 views

Lab4 Report

This document contains the answers to lab questions about analyzing packet captures and IP packet headers. The questions examine an ICMP echo request packet sent by the student's computer. Key details summarized: - The student's IP address is 192.168.1.8 - The IP header fields that always change between packets are Identification, Time to Live, and Header Checksum - A large 2000 byte ping request was fragmented into three IP packets as indicated by the More Fragments flag and changing Fragment Offset values.

Uploaded by

Kian Ying
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
212 views

Lab4 Report

This document contains the answers to lab questions about analyzing packet captures and IP packet headers. The questions examine an ICMP echo request packet sent by the student's computer. Key details summarized: - The student's IP address is 192.168.1.8 - The IP header fields that always change between packets are Identification, Time to Live, and Header Checksum - A large 2000 byte ping request was fragmented into three IP packets as indicated by the More Fragments flag and changing Fragment Offset values.

Uploaded by

Kian Ying
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

CSE

434 Name: Bing Hao Computer Networks (2014 Spring)

2014

Home Page: http://uniteng.com

Lab3
1. Select the first ICMP Echo Request message sent by your computer, and expand the
InternetProtocolpartofthepacketinthepacketdetailswindow.WhatistheIPaddressof
yourcomputer?
Answer

Figure1
Accordingtothefigure1,theIPaddressofmycomputeris192.168.1.8.

2.WithintheIPpacketheader,whatisthevalueintheupperlayerprotocolfield?
Answer
Accordingtothefigure1,withintheIPpacketheader,thevalueintheupperlayerprotocolfield
isUDP(17)

3. How many bytes are in the IP header? How many bytes are in the payload of the IP
datagram?Explainhowyoudeterminedthenumberofpayloadbytes.
Answer
According to the figure 1, the header length is 20 bytes and the total length is 56 bytes.
Therefore,thepayloadoftheIPdatagramshouldbe36bytes(56bytes20bytes).

CSE 434 Name: Bing Hao Computer Networks (2014 Spring)

2014

Home Page: http://uniteng.com


4. Has this IP datagram been fragmented? Explain how you determined whether or not the
datagramhasbeenfragmented.
Answer
According to the figure 1, under flags section, the more fragments bit = 0, so the data is not
fragmented.

5.WhichfieldsintheIPdatagramalwayschangefromonedatagramtothenextwithinthis
seriesofICMPmessagessentbyyourcomputer?
Answer

CSE 434 Name: Bing Hao Computer Networks (2014 Spring)

2014

Home Page: http://uniteng.com

According to abovetwoscreenshots,identification,Time to live andHeader checksum always


change.

6. Which fields stay constant? Which of the fields must stay constant? Which fields must
change?Why?
Answer
Thefieldsthatstayconstantare:
Version(sinceweareusingIPv4),headerlength(sincetheseareUDPpackets),sourceIP(since
allpacketsaresentfrommycomputer),destinationIP(sincewearesendingtothesamehost),
DifferentiatedServices(sinceallpackets areUDP), UpperLayer Protocol (sincetheseare UDP
packets)
Thefieldsthatmuststayconstantare:
Version(sinceweareusingIPv4),headerlength(sincetheseareUDPpackets),sourceIP(since
allpacketsaresentfrommycomputer),destinationIP(sincewearesendingtothesamehost),
DifferentiatedServices(sinceallpackets areUDP), UpperLayer Protocol (sincetheseare UDP
packets)
Thefieldsthatmustchangeare:
Identification(IPpacketshavedifferentids),Timetolive(tracerouteincrementseachpacket),
Headerchecksum(sinceheaderchanges)

CSE 434 Name: Bing Hao Computer Networks (2014 Spring)

2014

Home Page: http://uniteng.com


7.DescribethepatternyouseeinthevaluesintheIdentificationfieldoftheIPdatagram
Answer

Thefirstrequest,valuesintheidentification:44695

Thesecondrequest,valuesintheidentification:44696
Accordingtoabovetwoscreenshots,thepatternistheIPheaderIdentificationfieldincrement
witheachUDPrequest.

8.WhatisthevalueintheIdentificationfieldandtheTTLfield?
Answer

CSE 434 Name: Bing Hao Computer Networks (2014 Spring)

2014

Home Page: http://uniteng.com

Accordingtoabovescreenshot,Identification:57077,TTL:64

9. Do these values remain unchanged for all of the ICMP TTLexceeded replies sent to your
computerbythenearest(firsthop)router?Why?
Answer
The values of identification field changes for all the ICMP TTLexceeded replies since the
identificationfieldisauniquevalue.IftwoormoreIPdatagramshavethesameidentification
value,thenitmeansthattheseIPdatagramsarefragmentsofasinglelargeIPdatagram.
TheTTLfieldwasunchangedsincetheTTLforthenearestrouterisalwaysthesame(Linux,TTL
64).

10. Find the first ICMP Echo Request message that was sent by your computer after you
changedthePacketSizeinpingplottertobe2000.Hasthatmessagebeenfragmentedacross
morethanoneIPdatagram?
Answer

CSE 434 Name: Bing Hao Computer Networks (2014 Spring)

2014

Home Page: http://uniteng.com


No.101hasidentification:44696

No.102hasidentification:44696
According to above to screenshots, above has been fragmented across more than one IP
datagram.

11. Print out the first fragment of the fragmented IP datagram. What information in the IP
header indicates that the datagram been fragmented? What information in the IP header
indicates whether this is the first fragment versus a latter fragment? How long is this IP
datagram?
Answer

According to above screenshot, The Flags bit for more fragments is set which means the
datagramhasbeenfragmented.Thefragmentoffsetis0,weknowthisisthefirstfragment.The
lengthofthisfirstdatagramis1500includingtheheader.

CSE 434 Name: Bing Hao Computer Networks (2014 Spring)

2014

Home Page: http://uniteng.com


12.PrintoutthesecondfragmentofthefragmentedIPdatagram.WhatinformationintheIP
headerindicatesthatthisisnotthefirstdatagramfragment?Arethemorefragments?How
canyoutell?
Answer

Accordingtoabovescreenshot,thisisnotthefirstfragmentsincethefragmentoffsetis1480
andthisshouldbethelastfragment,sincethestatusofmorefragmentsflagisnotset.

13.WhatfieldschangeintheIPheaderbetweenthefirstandsecondfragment?
Answer
Totallength,flags,fragmentoffset,andchecksum.

14.Howmanyfragmentswerecreatedfromtheoriginaldatagram?
Answer

CSE 434 Name: Bing Hao Computer Networks (2014 Spring)

2014

Home Page: http://uniteng.com

Accordingtoabovescreenshot,3packetscreatedfromtheoriginaldatagram.

15.WhatfieldschangeintheIPheaderamongthefragments?
Answer
Fragmentoffset,checksum.Moreover,forthefirsttwopackets,thetotallengthis1500withthe
morefragmentsflagsetto1,andthethirdpacketstotallengthis540withthemorefragments
flagsetto0.

You might also like