Wireshark IP Sept 15 2009 - Documents

Wireshark IP Sept 15 2009

Please download to get full document.

View again

of 6
436 views
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.

Download

Document Related
Document Description
Wireshark Lab: IP Version: 2.0 © 2009 J.F. Kurose, K.W. Ross. All Rights Reserved Computer Networking: A Topth down Approach, 5 edition. In this lab, we’ll investigate the IP protocol, focusing on the IP datagram. We’ll do so by analyzing a trace of IP datagrams sent and received by an execution of the traceroute program (the traceroute program itself is explored in more detail in the Wireshark ICMP lab). We’ll investigate the various fields in the IP datagram, and study IP fragmentation in d
Document Share
Document Tags
Document Transcript
    Wireshark Lab: IP   Version: 2.0 © 2009 J.F. Kurose, K.W. Ross. All Rights Reserved   Computer Networking: A Top- down Approach, 5  th  edition  .   In this lab, we’ll investigate the IP protocol, focusing on the IP datagram. We’ll do so byanalyzing a trace of IP datagrams sent and received by an execution of the traceroute  program (the traceroute program itself is explored in more detail in the Wireshark ICMP lab). We’ll investigate the various fields in the IP datagram, and study IPfragmentation in detail.Before beginning this lab, you’ll probably want to review sections 1.4.3 in the text andsection 3.4 of RFC 2151 [ftp://ftp.rfc-editor.org/in-notes/rfc2151.txt] to update yourself on the operation of the traceroute program. You’ll also want to read Section 4.4 inthe text, and probably also have RFC 791 [ftp://ftp.rfc-editor.org/in-notes/rfc791.txt] onhand as well, for a discussion of the IP protocol. 1   1. Capturing packets from an execution of traceroute In order to generate a trace of IP datagrams for this lab, we’ll use the traceroute  program to send datagrams of different sizes towards some destination,  X  . Recall that traceroute operates by first sending one or more datagrams with the time-to-live(TTL) field in the IP header set to 1; it then sends a series of one or more datagramstowards the same destination with a TTL value of 2; it then sends a series of datagramstowards the same destination with a TTL value of 3; and so on. Recall that a router mustdecrement the TTL in each received datagram by 1 (actually, RFC 791 says that therouter must decrement the TTL by at least  one). If the TTL reaches 0, the router returnsan ICMP message (type 11 – TTL-exceeded) to the sending host. As a result of thisbehavior, a datagram with a TTL of 1 (sent by the host executing traceroute ) willcause the router one hop away from the sender to send an ICMP TTL-exceeded messageback to the sender; the datagram sent with a TTL of 2 will cause the router two hopsaway to send an ICMP message back to the sender; the datagram sent with a TTL of 3 1 All references to the text in this lab are to Computer Networking: A Top-down Approach, 5 th edition.  will cause the router three hops away to send an ICMP message back to the sender; andso on. In this manner, the host executing traceroute can learn the identities of therouters between itself and destination  X  by looking at the source IP addresses in thedatagrams containing the ICMP TTL-exceeded messages.We’ll want to run traceroute and have it send datagrams of various lengths.    Windows. The tracert program (used for our ICMP Wireshark lab) providedwith Windows does not allow one to change the size of the ICMP echo request(ping) message sent by the tracert program. A nicer Windows traceroute  program is  pingplotter  , available both in free version and shareware versions athttp://www.pingplotter.com. Download and install  pingplotter  , and test it out byperforming a few traceroutes to your favorite sites. The size of the ICMP echorequest message can be explicitly set in  pingplotter  by selecting the menu item  Edit-> Options->Packet Options and then filling in the Packet Size field. Thedefault packet size is 56 bytes. Once  pingplotter  has sent a series of packets withthe increasing TTL values, it restarts the sending process again with a TTL of 1,after waiting Trace Interval amount of time. The value of  Trace Interval and thenumber of intervals can be explicitly set in  pingplotter  .    Linux/Unix. With the Unix traceroute command, the size of the UDPdatagram sent towards the destination can be explicitly set by indicating thenumber of bytes in the datagram; this value is entered in the traceroute  command line immediately after the name or address of the destination. Forexample, to send traceroute datagrams of 2000 bytes towardsgaia.cs.umass.edu, the command would be:% traceroute gaia.cs.umass.edu 2000  Do the following:    Start up Wireshark and begin packet capture (Capture->Start) and then press OK   on the Wireshark Packet Capture Options screen (we’ll not need to select anyoptions here).    If you are using a Windows platform, start up  pingplotter  and enter the name of atarget destination in the “Address to Trace Window.” Enter 3 in the “# of times toTrace” field, so you don’t gather too much data. Select the menu item  Edit->Advanced Options->Packet Options and enter a value of 56 in the Packet Size  field and then press OK. Then press the Trace button. You should see a  pingplotter  window that looks something like this:   Next, send a set of datagrams with a longer length, by selecting  Edit->Advanced Options->Packet Options and enter a value of 2000 in the Packet Size field andthen press OK. Then press the Resume button.Finally, send a set of datagrams with a longer length, by selecting  Edit->Advanced Options->Packet Options and enter a value of 3500 in the Packet Size  field and then press OK. Then press the Resume button.Stop Wireshark tracing.    If you are using a Unix platform, enter three traceroute commands, one witha length of 56 bytes, one with a length of 2000 bytes, and one with a length of 3500 bytes.Stop Wireshark tracing.If you are unable to run Wireshark on a live network connection, you can download apacket trace file that was captured while following the steps above on one of the author’sWindows computers 2 . You may well find it valuable to download this trace even if you’ve captured your own trace and use it, as well as your own trace, when you explorethe questions below. 2 Download the zip filehttp://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zipand extract the file ip-ethereal-trace-1 . The traces in this zip file were collected by Wireshark running on one of the author’scomputers, while performing the steps indicated in the Wireshark lab. Once you have downloaded thetrace, you can load it into Wireshark and view the trace using the File pull down menu, choosing Open , andthen selecting the ip-ethereal-trace-1 trace file.  2. A look at the captured trace In your trace, you should be able to see the series of ICMP Echo Request (in the case of Windows machine) or the UDP segment (in the case of Unix) sent by your computer andthe ICMP TTL-exceeded messages returned to your computer by the intermediaterouters. In the questions below, we’ll assume you are using a Windows machine; thecorresponding questions for the case of a Unix machine should be clear. Wheneverpossible, when answering a question you should hand in a printout of the packet(s) withinthe trace that you used to answer the question asked. Annotate the printout to explainyour answer. To print a packet, use File->Print  , choose Selected packet only , choose Packet summary line, and select the minimum amount of packet detail that you need toanswer the question.1.   Select the first ICMP Echo Request message sent by your computer, and expandthe Internet Protocol part of the packet in the packet details window.What is the IP address of your computer?2.   Within the IP packet header, what is the value in the upper layer protocol field?3.   How many bytes are in the IP header? How many bytes are in the payload of the IP datagram ? Explain how you determined the number of payload bytes.4.   Has this IP datagram been fragmented? Explain how you determined whether ornot the datagram has been fragmented.
Search Related
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks