Scribd
Upload
6 views10 pages

Assignment-7

This document outlines a lab assignment for CS 315: Computer Networks at IIT Dharwad, focusing on the analysis of IP protocols, specifically IPv4 and IPv6, using Wireshark. The lab consists of three parts: analyzing IPv4 packets, understanding TCP connections, and examining IPv6 datagrams, with specific tasks and questions to be answered. Students are required to capture and analyze network traffic, identify IP addresses, and understand protocol details through practical exercises.

Uploaded by

220010012
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views10 pages

Assignment-7

This document outlines a lab assignment for CS 315: Computer Networks at IIT Dharwad, focusing on the analysis of IP protocols, specifically IPv4 and IPv6, using Wireshark. The lab consists of three parts: analyzing IPv4 packets, understanding TCP connections, and examining IPv6 datagrams, with specific tasks and questions to be answered. Students are required to capture and analyze network traffic, identify IP addresses, and understand protocol details through practical exercises.

Uploaded by

220010012
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

CS 315: Computer Networks Lab

Spring 2024-25, IIT Dharwad


Assignment-7
Wireshark Lab: IP
February 17, 2025

Introduction

In this lab, we’ll investigate the celebrated IP protocol, focusing on the IPv4 and IPv6 datagram.
This lab has three parts.
Part 0: Paste a screenshot of your system IP address, using ipconfig (on Windows) or
ifconfig (on Mac and Linux), and fill out this Google form to submit the details of your
system. The same system must be used to attempt all exercises of this lab.

Part 1: Basic IPv4

In this part, we’ll analyze packets in a trace of IPv4 datagrams sent and received by the
Ping. Use the following to capture and analyze an IPv4 trace in Wireshark, open a terminal
and follow these steps:

On Linux/macOS:​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​
​ ping google.com -c 5

On Windows:​​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​
​ ping -n 5 google.com
Answer the following questions.

1.​ What is the source and destination IP address for the above ping request you
observe in your trace?

○​ Source IP address: 10.240.110.97


○​ Destination IP address: 142.250.196.174
2.​ Mention the protocol used in the ping request.
●​ Internet Control Message Protocol (ICMP) is used for Ping requests and replies.
●​ ICMP is a network-layer protocol used for diagnostics and error reporting.

3.​ State the number of fields in the IPv4 header along with its size.

Fields in the IPv4 Header:


Sno Field in the IPV4 Header Size

1 Version 4 bits

2 Header Length in 32 -bit words 4 bits

3 Differentiated Services Field 1 byte (or) 8 bits

4 Total Length 2 bytes (or) 16 bits

5 Identification 2 bytes (or) 16 bits

6 Flags 3 bits

7 Fragment Offset 13 bits

8 Time to Live 1 byte (or) 8 bits

9 Protocol 1 byte (or) 8 bits

10 Header Checksum 2 bytes (or) 16 bits

11 Source Address 4 bytes (or) 32 bits

12 Destination Address 4 bytes (or) 32 bits

Select the first UDP segment sent by your computer via the Ping command.

4.​ List the type of queries used for the above request. Expand the Internet Protocol
part of the packet in the packet details window. What is the version of the IP
address used for the above request?

Before sending the ICMP Echo Request (Ping), your system performs a DNS query to
resolve google.com to an IP address.

Types of Queries Used in the Request:

1.​ A (Address) Record Query


○​ Resolves google.com to an IPv4 address.
2.​ AAAA (IPv6 Address) Query (if IPv6 is enabled)
○​ Resolves google.com to an IPv6 address.
Version: 4 (for IPv4)

Version:6 (for IPV6)


5.​ What is the value in the time-to-live (TTL) field in this IPv4 datagram’s header?

The value in the time-to-live (TTL) field in this IPv4 datagram’s header is=64
6.​ What is the value in the upper layer protocol field in this IPv4 datagram’s header?
The value in the upper layer protocol field in this IPv4 datagram’s header is UDP(17). This
indicates that IPv4 is being used as a service by the transport layer’s User Datagram
Protocol.The upper-layer protocol field in the IPv4 header is the "Protocol" field (8 bits).
7.​ How many bytes are in the payload of the IP datagram? Explain how you
determined the number of payload bytes.

Payload Size = Total Length - IP Header Size


The IP datagram payload has 56 − 20 = 36 Bytes.

This is also verifiable as it is the ‘Length’ field in the UDP details.


8.​ Has this IP datagram been fragmented? Explain how you determined whether or
not the datagram has been fragmented.

All of the flag bits are zero. Hence, the ‘more fragments’ field is zero (Further verifiable on expanding the
flags, in Figure (4)). Thus, this IP datagram has not been fragmented.
Next, let’s look at the ICMP packets being sent from your computer and returned to your
computer. The display filter that you can use to show just these packets is “icmp”.

9.​ Mention the number of requests and replies you observe from your computer to the
requested domain name.

Since the command ping google.com -c 5 sends 5 requests, you should see:

●​ 5 ICMP Echo Requests (sent).


●​ 5 ICMP Echo Replies (received).
10.​State the types of ping requests and replies you observe in the trace for the
requested domain name.
Types of Ping Requests and Replies

●​ ICMP Echo Request (Type 8, Code 0)


●​ ICMP Echo Reply (Type 0, Code 0)
11.​List in detail the fields that vary as well as remain constant from the ping request
and replies in the IP datagrams.

Fields That Vary:

1.​ Identification Field (Each packet has a unique value for tracking)
2.​ TTL (Time-to-Live) (Decreases with each hop)
3.​ Header Checksum (Recomputed for each packet)
4.​ ICMP Sequence Number (Increments with each ping request)
5.​ ICMP Timestamp (Varies based on when the packet is sent)

Fields That Remain Constant:

1.​ IP Version (Always 4 for IPv4)


2.​ Source IP Address (Your computer's IP)
3.​ Destination IP Address (Google's IP)
4.​ Protocol (Always ICMP, Protocol Number 1)
5.​ Header Length (Always 20 bytes unless options exist)

Part 2: Fragmentation

Use the following command in the terminal and capture the trace in Wireshark to answer
the following questions.
wget "https://files.testfile.org/PDF/50MB-TESTFILE.ORG.pdf"
Answer the following:
1.​ What are the IP addresses of the client and the above-requested domain?

●​ Client IP → 10.240.118.97
●​ Server IP → 104.21.80.1
2.​ Which transport layer protocol is being used to establish the connection between the
client and the requested domain?
Since wget is used to download files over HTTP or HTTPS, it relies on the TCP (Transmission
Control Protocol) at the transport layer.

The transport layer protocol used is: TCP (Transmission Control Protocol)
3.​ What is the IP version?

The IP Version: 4(IPV4)


4.​ In the entire TCP stream for the above request, what is the value of the last Ack
number and what does it signify?
●​ The last ACK number signifies that the receiver has successfully received all the
expected data from the sender. In a TCP connection, the acknowledgment number
corresponds to the next expected byte, meaning all the data before this number has
been successfully received.
●​ It typically represents the completion of the data transfer, indicating that the sender has
acknowledged all packets received up to that point.

In summary, the last ACK number is critical for determining that the entire file was successfully
received and acknowledged by the client, signaling the end of the connection and ensuring all
data was transmitted correctly.

Part 3: IPv6

In this final section, we’ll take a quick look at the IPv6 datagram using Wireshark. The
Internet is still primarily at IPv4 network, and your computer or your ISP may not be
configured for IPv6, let’s look at a trace of already captured packets that contain some
IPv6 packets. To generate this trace, our web browser opened the youtube.com
homepage. YouTube (and Google) provide fairly widespread support for IPv6.

Open the file provided Assignment_7_Part3_IPv6.pcapng.

This is a DNS request (contained in an IPv6 datagram) to an IPv6 DNS server for the IPv6
address of youtube.com. The DNS AAAA request type is used to resolve names to IPv6 IP
addresses.
Answer the following questions:

1.​ What is the IPv6 source and destination address of the computer making the DNS
AAAA request for the above-requested web browser?

●​ Source Address: 2601:193:8302:4620:215c:f5ae:8b40:a27a


●​ Destination Address: 2001:558:feed::1
2.​ What are the values of the flow label for these IPv6 datagrams?

The Flow Label is a 20-bit field in the IPv6 header used to mark packets that belong to
the same flow. A "flow" refers to a sequence of packets sent from a particular source to a
particular destination.

3.​ How much payload data are carried for these IPv6 datagrams? What does this
signify?
●​ The Payload Data signifies the amount of data carried by the IPv6 packet excluding the
IPv6 header.
●​ The payload might contain DNS queries, HTTP data, or other application-level data,
depending on the context of the trace.
4.​ What is the upper layer protocol to which this datagram’s payload will be delivered
at the destination?

For DNS, the Next Header will be UDP (17), as DNS typically runs over UDP.
For DNS requests and responses, the upper layer protocol is typically UDP (as DNS
commonly uses UDP for queries).

Lastly, find the IPv6 DNS response to the IPv6 DNS AAAA requests made in this trace.
This DNS response contains IPv6 addresses for youtube.com.

5.​ How many IPv6 addresses are returned in response to the AAAA requests?

4 IPv6 addresses are returned in response to the AAAA requests.

You might also like