P1_PAD (1)

Yeray Pérez, NIA: 164324

Carlos Pulido, NIA: 163842

Jaume Pons, NIA:165072

LAB 1 – Review of networks and FTP traffic analysis

Wireshark, ifconfig, netstat, vsftpd, filezilla

1 Using Wireshark

1.1 Capturing packets

Q1. What are the Link layer (Ethernet II), and Network layer (IP) captured data? Identify the protocol, source and destination IP address and message exchanged for ping? Answer with your wireshark screen shot.

The Link Layer is the protocol layer in a program that handles the moving of data in an out across a physical link in a network.

The Network Layer packages output with the correct network address information, select routes and quality of the service.

Figure 1 - Wireshark with filter icmp

The green color are the Link Layer and the purple color are the Network Layer. The protocol are ICMP and specifically for this packet the source ip address is 84.89.128.15 and the destination ip address is 192.168.1.139 (logically this is a reply for the server to the client). The messages exchanged for ping are request and reply.

1.2 ifconfig

Q2. Locate “test search” data trace and explain your captured data for IP Protocol and Transmission Control Protocol section in wireshark with wireshark screen shot. Explain data encapsulation process with real information (headers, ip, port and data) from wireshark in each layer.

On the Network Layer the segment of data it’s encapsulated and given source and destination IP addresses. At this point the segment of data is now a packet.

Next, on the Link Layer the packet give a source and destination MAC address and a footer that contains an error-checking mechanism called CRC.

Figure 2 - Wireshark with filter http

In the image we see the IP and MAC addresses, the protocol and the port and data that sent.

Q3. What are the physical and logical addresses displayed in your ifconfig command? Do a ping to google.com and identify which (physical and logical) addresses have been used in which layers?

Physical address is 00:19:d1:f5:74:d9 and logical address is 192.168.1.20 of my computer.

The addresses of google.com are 216.58.211.196 (logical) and 00:26:cb:a2:cb:47 (physical).

1.3 netsat

Q4. Close and run Wireshark, open an internet explorer such as Firefox, open one or two web sites such as upf.edu. Capture UDP network traffics and explain for what purpose an UDP communications are used?

UDP is suitable for purposes where error checking and correction is not necessary. The principal usage are on protocols as DHCP, BOOTP and DNS where the exchange of packets are higher or are not profitable in terms of information transmitted.

Figure 3 - Wireshark with filter udp

2.5.4 Analyzing FTP packets and Protocol

Q5. Which one is the control connection? Include wireshark screen shot in your answer.

Figure 4 - Wireshark traffic of FTP transfer (Control connection)

The packets of blue border are the control connection packets.

Q6. Where one is the data connection? Include wireshark screen shot in your answer.

Figure 5 - Wireshark traffic of FTP transfer (Data connection)

The packets of pink border are the data connection.

Q.7 Which are the packets of data connections? Include wireshark screen shot in your answer.

Figure 6 – Wireshark traffic of FTP transfer (Packets of data connection)

The packets of orange border are the data connection packets

Q.8 What port numbers are used for both clients and the servers while sending and receiving data?

Server port: 53021Client port: 55701

The server port number not is 20. This happens because the FTP mode is PASV. We investigate this and in PASV mode the server port is selected randomly.

Q.9 What protocols are being used at lower layers?

The protocols that are used at lower layers is the TCP protocol.

Q.10 You are given an architecture diagram below. Explain the sequence network communication is happening. Use the answer of question 5 to 9 and put numbers on the diagram bellow.