Packet Tracing -- Putting it all together • Packet tracing: the actions of observing packets as they appear on the media and deriving the activities occuring on hosts; or, knowing the top-level commands issued and predicting the packets that will appear on the media.
Packet Tracing -- Putting it all together. Packet tracing: the actions of observing packets as they appear on the media and deriving the activities occuring on hosts; or, knowing the top-level commands issued and predicting the packets that will appear on the media. Packet Decoding …. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Packet Tracing -- Putting it all together
• Packet tracing: the actions of observing packets as they appear on the media and deriving the activities occuring on hosts; or, knowing the top-level commands issued and predicting the packets that will appear on the media.
Packet Decoding …
“There are only 10 kinds of people in this world:
Those who understand binary;
And those who don’t.”
Motivations for Packet Tracing
• Understanding network protocols
• Debugging your network
• Debugging applications that work over the network
Layer ProtocolsDNSQuery DNS
Reply
SYN
SYN/ACK
ACKCaller Callee
{TCP Establishment}
ARPRequest ARP
Reply
Examples - 1• Assumptions:Host A, IP Address 128.194.1.2
Host B, IP Address 128.194.1.3
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3
Trace command “DNS Query” initiated on Host A
A B
1
Answer - 1
Seg DAE SAE “type” SAIP DAIP
1 FF EA ARP Req 1.2 1.3
1 EA EB ARP Rply 1.3 1.2
1 EB EA DNS Q 1.2 1.3
1 EA EB DNS R 1.3 1.2
Examples - 2• Assumptions:Host A, IP Address 128.194.1.2
Host B, IP Address 128.194.1.3
Host C, IP Address 128.194.1.4
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3
Trace command “DNS Query” initiated on Host A
BA
1
C
2
Answer - 2
Seg DAE SAE “type” SAIP DAIP
1 FF EA ARP Req 1.2 1.3
2 FF EA ARP Req 1.2 1.3
1 EA EB ARP Rply 1.3 1.2
1 EB EA DNS Q 1.2 1.3
1 EA EB DNS R 1.3 1.2
Examples - 3• Assumptions:Host A, IP Address 128.194.1.2
Host B, IP Address 128.194.1.3
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3
Trace command “telnet 128.194.1.3” initiated on Host A
A B
1
Answer - 3
Seg DAE SAE “type” SAIP DAIP
1 FF EA ARP Req 1.2 1.3
1 EA EB ARP Rply 1.3 1.2
1 EB EA TCP SYN 1.2 1.3
1 EA EB SYN/ACK1.3 1.2
1 EB EA TCP ACK 1.2 1.3
Examples - 4• Assumptions:Host A, IP Address 128.194.1.2
Host B, IP Address 128.194.1.3
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3
Trace command “telnet B” initiated on Host A
A B
1
Answer - 4Seg DAE SAE “type” SAIP DAIP
1 FF EA ARP Req 1.2 1.3
1 EA EB ARP Rply 1.3 1.2
1 EB EA DNS Q 1.2 1.3
1 EA EB DNS R 1.3 1.2
1 EB EA TCP SYN 1.2 1.3
1 EA EB SYN/ACK 1.3 1.2
1 EB EA TCP ACK 1.2 1.3
Examples - 5• Assumptions:Host A, IP Address 128.194.1.1
Host B, IP Address 128.194.2.2
Host X, IP Address 128.194.1.254 on segment 1
Host X, IP Address 128.194.2.254 on segment 2
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3
Trace command “telnet 128.194.2.2” initiated on Host A
1 2
BAX
3
2 2
1 1
Examples - 5 cont.
Routing table on A:Net Mask Router0.0.0.0 0.0.0.0 128.194.1.254
Routing table on B:Net Mask Router0.0.0.0 0.0.0.0 128.194.2.254
Routing table on X:Net Mask Router
Answer - 5Seg DAE SAE “type” SAIP DAIP
1 FF EA ARP Req 1.1 1.254
1 EA EX1 ARP Reply 1.254 1.1
1 EX1 EA TCP SYN 1.1 2.2
2 FF EX2 ARP Req 2.254 2.2
2 EX2 EB ARP Reply 2.2 2.254
2 EB EX2 TCP SYN 1.1 2.2
2 EX2 EB SYN/ACK 2.2 1.1
1 EA EX1 SYN/ACK 2.2 1.1
1 EX1 EA TCP ACK 1.1 2.2
2 EB EX2 TCP ACK 1.1 2.2
Problem A -1Use the data and diagram to show the packets resulting from the command "telnet B" being
executed on host C. Assumptions: The diagram consists of 8 numbered ethernet segments,
5 bridges (unlabeled rectangles), two routers (X, Y) and hosts A, B, C. ARP caches are
empty. Tables on bridges are empty. Routing entries are as shown below. Host A is the
DNS nameserver and its IP address is known to all machines.