Communication Networks Laboratory Experiments Page 1

1 The Network in the Laboratory for Telecommunications

In the laboratory five computers are available for the experiments. They are connected to the
campus network and the public internet. It is a 194.94.30.208/28 network with adresses in the
range from 194.94.30.209 to 194.94.30.222. Address 194.94.30.209 is the standard gateway.

On the computers, standard Windows command-line utilities and the software Wireshark
(www.wireshark.org) are used for network and protocol analysis. Login on the computers
with username and password "student".

You can do most of the experiments also from home, if you whish. But note if you are
connected to the Internet via WLAN, NAT and/or VPN, Wireshark may behave different
(consult the Wireshark support pages).

FHS campus network

FSL (Rohde & Schwarz)

IPv4: 194.94.30.222

SMBV (Rohde & Schwarz)

IPv4: 194.94.30.221

RTA4004 (Rohde & Schwarz)

IPv4: 194.94.30.220

NATE4 NATE1
IPv4: 194.94.30.212 IPv4: 194.94.30.210

NATE5 NATE2
IPv4: 194.94.30.213 IPv4: 194.94.30.211

NATE6 NATE10
IPv4: 194.94.30.214 IPv4: 194.94.30.219

Fakultät Elektrotechnik Prof. Dr. C. Roppel

Communication Networks Laboratory Experiments Page 2

2 Measurements with ping and traceroute

1. Read the online help information for the command "ipconfig" by entering
ipconfig -? in a Command (CMD) window.
Note: You can also look for help information in other languages in the Internet.

2. Gather information about the configuration of the network adapter of your computer
by entering ipconfig /all.

Note down the Ethernet address, also called MAC (medium access control) address,
the IPv4 address and the IPv6 address of your Ethernet LAN interface of your
computer:

Ethernet: _____________________________________________

IPv4: _____________________________________________

IPv6 (link-local): _____________________________________________

3. Read the online help information for the commands "ping" and "traceroute" by
entering ping and tracert, respectively, in a DOS window.

4. ping uses the ICMP messages Echo Request/Echo Reply. ICMP is specified in
RFC 792. Open the document (available at www.ietf.org) and look for the format of
these messages.

Note: For security reasons, some hosts and routers are configured to block ICMP
messages. The Windows firewall blocks these messages by default.

Fakultät Elektrotechnik Prof. Dr. C. Roppel

Communication Networks Laboratory Experiments Page 3

2.1 Measurements to a nearby host

1. Test the connection to a nearby host (in Germany) using ping.

2. Set the Don't Fragment Flag (option –f) and increase the packet size (option –l), until
ping reports an error. Determine in this way the Maximum Transmission Unit (MTU)
of this path, i. e. the maximum packet size which can be transmitted without
fragmentation.

(For a detailed discussion of MTU, see RFC 1191: Path MTU Discovery, and
RFC 4821: Packetization Layer Path MTU Discovery)

3. Determine the route to this host with traceroute. What is the number of hops (routers)
for this path?

4. Test different settings for the TTL (Time to Live) field with ping (option –i). What is
the minimum TTL value required to reach the host? Compare with the number of hops
measured with traceroute.

5. Compile your results (host name, IP address, number of hops, MTU, minimum TTL,
minimum/average/maximum Round Trip Time RTT) in a table (see next page).

6. Make a sketch of the network path (see next page). Your computer should be on the
top and the remote server on bottom, with the routers in between. Label all nodes with
their hop number, their IP address and your guess of the real-world organization.

2.2 Measurements to a distant host

1. Test the connection to a distant host (outside Germany) using ping.

2. Determine the route to this host with traceroute. What is the number of hops (routers)
for this path?

3. Determine MTU of this path

4. Compile your results in a table (see next page).

Fakultät Elektrotechnik Prof. Dr. C. Roppel

Communication Networks Laboratory Experiments Page 4

Nearby host:

Date/Time:

Host name:

IP address:

No. of hops:

MTU:

Min. TTL:

ping no. of packets:

RTT min

RTT avg

RTT max

Distant host:

Date/Time:

Host name:

IP address:

No. of hops:

MTU:

ping no. of packets:

RTT min

RTT avg

RTT max

Fakultät Elektrotechnik Prof. Dr. C. Roppel

Communication Networks Laboratory Experiments Page 5

Network path:

Fakultät Elektrotechnik Prof. Dr. C. Roppel

Communication Networks Laboratory Experiments Page 6

3 Wireshark
3.1 Getting started with Wireshark

Wireshark is a network protocol analyzer, which is available as open source software for
Linux and Windows operating systems. Wireshark provides detailed information about the
packets captured by the network card and can decode many protocols. The following
description refers to version 3.4.6.

1. Start Wireshark (click on the desktop icon or select Start -> Programme ->
Wireshark -> Wireshark.

When a message "A new version is available" appears, click "Skip this version".

On the welcome screen, select "Ethernet".

Record some packets (Capture -> Start, Capture -> Stop or click the corresponding
symbols on the toolbar) and analyze the data displayed. The packets captured are
displayed in three panes (from top to bottom): packet list, packet details and packet
bytes.

packet list

packet details
of selected packet

packet bytes
of selected packet

2. The basic procedure for capturing traffic is as follows (try it out!):

− Start a capture. When the message "Do you want to save the captured packets …"
is displayed, click "Continue without saving".

− Send/receive packets e. g. by opening a web page in a browser, by executing a

ping or traceroute command, etc.

− Stop the capture and analyze the packets.

Fakultät Elektrotechnik Prof. Dr. C. Roppel

Communication Networks Laboratory Experiments Page 7

3.2 Ethernet

Below you see the format of an Ethernet (IEEE 802.3) frame:

byte
1 6 6 2 min 46 4

Pre- Destination Source Length/ Data Pad

FCS
amble Address Address Type 0...1500 byte 0...46 byte

e. g. IP-Paket: IP Header Data

Ethernet addresses have 6 bytes. The first three bytes identify the equipment manufacturer.

Note: The first byte (preamble) and the last four bytes (FCS) of Ethernet frames are processed
by the network card and not forwarded to Wireshark.

1. Run a packet capture for a couple of seconds.

2. Select a frame where the destination address is your own address. Note down the
values of the Ethernet frame fields:

Destination address (hex): _____________________________________________

Manufacturer: _____________________________________________

Source address (hex): _____________________________________________

Manufacturer: _____________________________________________

Length/Type: _____________________________________________

3. Look for a broadcast frame and its destination address:

Broadcast address (hex): _____________________________________________

4. Look for frames with minimum length:

Minimum frame length: _____________________________________________

Number of data bytes: _____________________________________________

Fakultät Elektrotechnik Prof. Dr. C. Roppel

Communication Networks Laboratory Experiments Page 8

3.3 Internet Protocol (IP)

1. Start a new packet capture. Start a browser, open a page and wait until it is displayed
and close the browser. Stop the packet capture. Filter the data displayed, so that only
packets with your own IP address are shown (in the filter toolbar, enter "ip.addr ==
xxx.xxx.xxx.xxx" end click "Apply").

2. Test other display filters (see Analyze -> Display Filters -> Help).

3. Select an IPv4 packet where the destination address is your own address. Note down
its header fields:

Header field Value Comment

Version

Header Length

TOS

Total Length

Identification

Flags

Fragment Offset

TTL

Protocol

Header Checksum

Source Address

Destination Address

Fakultät Elektrotechnik Prof. Dr. C. Roppel

Communication Networks Laboratory Experiments Page 9

3.4 Internet Control Message Protocol (ICMP)

1. Start a new packet capture. Execute ping in a DOS window. Stop the packet capture.
Filter the data displayed, so that only packets with your own IP address are shown.

2. Inspect ping echo request/reply frames and identify the fields of the ICMP messages,
Compare to the information found in RFC 792. Write down their names and values in
the following table:

ping command: ______________________________________________________________

ICMP message field Value for echo request Value for echo reply
Type

3. Start a new packet capture. Execute traceroute in a DOS window, use the same host as
in Section 2.1. Stop the packet capture. Filter the data displayed, so that only packets
with your own IP address are shown. Inspect the TTL field of the ICMP messages sent
by your computer.
− Note down a few values (choose packets with different TTL values).
− Compare with your sketch of the network path.

Echo request TTL: _______________________________________

Response source IP address: _______________________________________

Echo request TTL: _______________________________________

Response source IP address: _______________________________________

Fakultät Elektrotechnik Prof. Dr. C. Roppel

Communication Networks Laboratory Experiments Page 10

3.5 Transmission Control Protocol (TCP)

1. Here we will try to capture a single TCP connection. First, go to a webpage where you
can download a large file, e. g. a pdf document, but start a new packet capture
before downloading. Stop the packet capture.

2. Filter the data displayed, so that only TCP/IP packets are shown (Filter: tcp). Examine
SYN and ACK flags, Sequence Numbers (SN), Acknowledgement Numbers (AN) and
the number of payload bytes (PB).

3. Select the first packet starting the connection setup and note down its TCP header
fields:

Header field Value Comment

Source Port

Destination Port

Sequence Number

Ack Number

Header Length

Flags

Window Size

TCP Checksum

Urgent Pointer

Options:

Fakultät Elektrotechnik Prof. Dr. C. Roppel

Communication Networks Laboratory Experiments Page 11

4. Select Statistics -> I/O Graph. This graph shows the packet rate over time. Click on
the line below "Display Filter" and change this to "tcp". Adjust the interval to reduce
the averaging in the display. You should be able to see the TCP flow control at work.

Your peak rate (Packets/100 ms): _______________________________________

For a discussion on TCP throughput measurements, see RFC 6349, Framework for
TCP Throughput Testing, and references therein.

Fakultät Elektrotechnik Prof. Dr. C. Roppel

Communication Networks Laboratory Experiments Page 12

5. Select Statistics -> Flow Graph. Select "Limit to display filter". In the box "Flow
type", select "TCP flow". This displays a graphical analysis of the TCP flows. Redraw
below the first five packets of a single flow (packets of the same flow have the same
port numbers) as shown in the graph and add a comment on the numbers displayed.

6. Start a new packet capture. Open a webpage in a browser. When the content is
displayed, stop the capture.

Webpages are often quite complex with many embedded resources. Repeat steps 4
and 5. You will notice that the flow graph now is much more complex showing
content fetches from other servers.

Sites like https://pagespeed.web.dev/ from Google or https://www.webpagetest.org/

can analyze the loading of webpages.

Fakultät Elektrotechnik Prof. Dr. C. Roppel