1 Jae Sook Lee FA16 CSIT 340 – 01 Dr. Constantine Coutras Lab #5 Wire Shark Lab: ICMP 1. ICMP and Ping Ping to www.cam.ac.uk (command prompt) Ping to www.cam.ac.uk (Wire Shark)
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
Jae Sook Lee
FA16 CSIT 340 – 01
Dr. Constantine Coutras
Lab #5
Wire Shark Lab: ICMP
1. ICMP and Ping
Ping to www.cam.ac.uk (command prompt)
Ping to www.cam.ac.uk (Wire Shark)
2
Ping to www.cam.ac.uk expended (Wire Shark)
(Number #7 expanded print version attached the end of the lab assignment)
1. What is the IP address of your host? What is the IP address of the destination host?
Answer
Source IP Address: 192.168.47.15
Destination IP Address: 131.111.150.25
2. Why is it that an ICMP packet does not have source and destination port numbers?
Answer
It doesn’t require because it used by hosts and routers to communicate network-layer
information to each other.
3. Examine one of the ping request packets sent by your host. What are the ICMP type and code
numbers? What other fields does this ICMP packet have? How many bytes are the checksum,
sequence number and identifier fields?
Answer
Type:8 (Echo (ping) request), Code: 0
3
Identifier (BE): 1(0x0001), Identifier (LE): 256 (0x0100), Checksum: 0x4d2e
Sequence number (BE): 45(0x0100), Sequence number (LE): 11520(0x2d00)
Total: 32 bytes
4. Examine the corresponding ping reply packet. What are the ICMP type and code numbers?
What other fields does this ICMP packet have? How many bytes are the checksum, sequence
number and identifier fields?
Answer
Type: 0 (Echo (ping) reply), Code: 0, Checksum: 0x552e
Identifier (BE): 1(0x0001), Identifier (LE): 256 (0x0100),
Sequence number (BE): 45(0x0100), Sequence number (LE): 11520(0x2d00)
Total: 32 bytes
2. ICMP and Traceroute
Tracert to www.cam.ac.uk (command promt)
4
Tracert to www.cam.ac.uk (command prompt)
(Number #21 expanded print version attached the end of the lab assignment)
5. What is the IP address of your host? What is the IP address of the target destination host?
Answer
Source IP Address: 192.168.47.15
Destination IP Address: 131.111.150.25
5
6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01
for the probe packets? If not, what would it be?
Answer No, It is not protocol number 01. Instead of that UDP should be 17 or 0x07.
7. Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping query
packets in the first half of this lab? If yes, how so?
Answer Yes. It is different. The ICMP ping query packets in the first half of this lab has TTL
exceeded included. TTL exceeded are traceroute. Traceroute output provides three result for
each TTL
6
8. Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo
packet. What is included in those fields?
Answer: I found the ICMP error packet in TTL checksum. Also internet control message protocol
included Type, code, identifier(BE)(LE), sequence number(BE)(LE)
9. Examine the last three ICMP packets received by the source host. How are these packets
different from the ICMP error packets? Why are they different?
(Number 289, 291, 294)
Answer: Last three packets are all type and code both are 0. It is different because it each
packets has good checksum status. Also, it included each request frames (288, 290, 292)
response time.
10. Within the tracert measurements, is there a link whose delay is significantly longer than
others? Refer to the screenshot in Figure 4, is there a link whose delay is significantly longer
than others? On the basis of the router names, can you guess the location of the two routers on
the end of this link?
Answer
7
I tried the same destination as figure 4 traceroute example. Unlike WireShark example IP
Address is not the same as example. So I also tried with figure 4 IP Address(138.96.146.2) as
well. First traceroute with institution name has a link between 7 and 8 has longer delay. Even
though it is not exactly the same name and IP Address, both included ny. Number 7:
nyiix.nyk.cw.net, 8: ae0-xcr1.nyh.cw.net. Because of the evidence, I assume that the delay
occurred in inside not outside of the U.S.
Second traceroute with figure 4 IP Address has much longer delay than previous traceroute.
Between link number between 9 and 10 have significantly longer delay than others. Link 9 is in
New York area and Link number 10, I believe that province-Alpes-Cote d’Azur in France.
Because of transition of region, It takes longer than other link connection.
8
3. Extra Credit For one of the programming assignments you created a UDP client ping program. This ping program, unlike the standard ping program, sends UDP probe packets rather than ICMP probe packets. Use the client program to send a UDP packet with an unusual destination port number to some live host. At the same time, use Wireshark to capture any response from the target host. Provide a Wireshark screenshot for the response as well as an analysis of the response.
Answer
Please note that solve this programming assignments, I was using provided Python code by
Textbook Chapter 2.7 Socket Programming, UDPClient.py and modified the program
purposefully.
Python compiled (Server Name: www.google.com Server Port 12000)
Result
9
WireShark
WireShark Packet specification
10
10 Python compiled pings captured, # 297, 299, 302,303, 305, 308, 310, 311, 313, and 324.
11
12
Before display www.google.com ping message response, two standard queries and one query
response displayed. Two queries request included questions and type A in Domain name
system. And the last query response included type A, questions and answers in Domain name
system. Answers section has information of Domain name, IP Address, and type. After three
domain name service packets, ping message started to capture by Wireshark and showed ping
request number in data section. Unlike previous exercise problems, WireShark doesn’t capture
ICMP Protocol because of unusual destination port number. I assumed that the ping request
wants to connect to destination port number however the destination may not have any
services listening on the port specified. And also, I’ve been tried to ping with port number 80, to
destination www.google.com, it doesn’t display response message. I assume that because of
short pining time, 1 sec, It’s too short to response the pining request.
Related Documents
