You are on page 1of 7

Computer Networks - Lab Assignment 6

For this lab assignment, you will solve problems based on IPv4 and ICMP.

Grading Criteria:
This assignment has 0 points (with weightage of 0% in your overall 100 points). However, you are
required to complete and get it checked by course TAs before the next lab.

Internet Control Message Protocol ICMP


In this lab, well investigate the ICMP protocol, focusing on the ICMP messages generated
by the Ping program; ICMP messages generated by the Traceroute program; format and
contents of an ICMP message.

ICMP and Ping


Ping command is simple tool that allows anyone to verify if a host is live or not. The Ping
program in the source host sends a packet to the target IP address; if the target is live, the
Ping program in the target host responds by sending a packet back to the source host. Both
Ping packets are ICMP packets.

Do the following:
Open the Windows Command Prompt.
Start up the Wireshark packet sniffer, and begin Wireshark packet capture.
Type ping -n 10 www.inria.fr
When the Ping program terminates, stop packet capture in Wireshark.

Answer the following questions:

1. What is the IP address of your host? What is the IP address of the destination host?
IP address of the host is 10.13.40.11 and of destination is 128.93.162.84
2. Why is it that an ICMP packet does not have source and destination port numbers?
The ICMP packet does not have source and destination port numbers because it was
designed to communicate network-layer information between hosts and routers, not
between application layer processes. Each ICMP packet has a "Type" and a "Code".
Computer Networks - Lab Assignment 6

The Type/Code combination identifies the specific message being received. Since the
network software itself interprets all ICMP messages, no port numbers are needed to
direct the ICMP message to an application layer process.
3. Examine one of the ping request packets sent by your host. What are the ICMP type
and code numbers? What other fields does this ICMP packet have? How many bytes
are the checksum, sequence number and identifier fields?

TheICMP type is 8, and the code number is 0. The ICMP packet also has checksum,
identifier, sequence number, and data fields. The checksum, sequence number and identifier
fields are two bytes each.

4. Examine the corresponding ping reply packet. What are the ICMP type and code
numbers? What other fields does this ICMP packet have? How many bytes are the
checksum, sequence number and identifier fields?

ICMP and Traceroute


Traceroute command can be used to figure out the path a packet takes from source to
destination.
Computer Networks - Lab Assignment 6

Do the following:
Open the Windows Command Prompt.
Start up the Wireshark packet sniffer, and begin Wireshark packet capture.
Type tracert www.inria.fr
When the Traceroute program terminates, stop packet capture in Wireshark.

Answer the following questions:

5. What is the IP address of your host? What is the IP address of the target destination
host?
Host : 10.6.215.54 Destination: 128.93.162.64
6. Examine the ICMP echo packet. Is this different from the ICMP ping query packets in
the first half of this lab? If yes, how so?
The size of packets in this case is 52 bytes compared to 32 previously.
7. Examine the ICMP error packet. It has more fields than the ICMP echo packet. What
is included in those fields?
The ICMP error packet is not the same as the ping query packets. It contains both the
IP header and the first 8 bytes of the original ICMP packet that the error is for.

8. Examine the last three ICMP packets received by the source host. How are these
packets different from the ICMP error packets? Why are they different?

The last three ICMP packets are message type 0 (echo reply) rather than 11 (TTL
expired). They are different because the datagrams have made it all the way to the
destination host before the TTL expired.

9. Within the tracert measurements, is there a link whose delay is significantly longer
than others? Is there a link whose delay is significantly longer than others? Based on
the router names, can you guess the location of the two routers on the end of this link?

Computer Networks - Lab Assignment 6

Internet Protocol IP
In this lab, well investigate the IP protocol, focusing on the IP datagram. Well do so by
analyzing a trace of IP datagrams sent and received by an execution of the traceroute in
Ubuntu (equivalent to tracert in Windows). Well investigate the various fields in the IP
datagram, and study IP fragmentation in detail. To generate a trace of IP datagrams for this
lab, well use the traceroute program to send datagrams of different sizes towards some
destination.

For this section, you should use the given Wireshark capture (.pcap) files The file has been
generated in Ubuntu using traceroute program sending ICMP Echo requests. Datagram
size is taken as 500 bytes, 1500 bytes, 2000 bytes and 3500 bytes.

In your trace, you should be able to see the series of ICMP Echo Request sent by your
computer (IP 10.13.40.181) and the ICMP TTL-exceeded messages returned to your
computer by the intermediate routers.

1. Select the first ICMP Echo Request message sent by your computer, and expand the Internet
Protocol part of the packet. What is the IP address of your computer?

2. Within the IP packet header, what is the value in the upper layer protocol field?

3. How many bytes are in the IP header? How many bytes are in the payload of the IP
datagram? Explain how you determined the number of payload bytes. (Hint: payload bytes do
not include bytes in IP header)

IP header : 20 bytes. PAYLOAD : 500-20 = 480 bytes
Computer Networks - Lab Assignment 6

4. Has this IP datagram been fragmented? Explain how you determined whether or not the
datagram has been fragmented.

F0 = 00 hence, no fragmentation.

Next, sort the traced packets according to IP source address by clicking on the Source column
header; a small downward pointing arrow should appear next to the word Source. If the arrow
points up, click on the Source column header again. Select the first ICMP echo Request
message sent by your computer, and expand the Internet Protocol portion in the details of
selected packet header window. In the listing of captured packets window, you should see
all the subsequent ICMP messages (perhaps with additional interspersed packets sent by other
protocols running on your computer) below this first ICMP. Use the down arrow to move
through the ICMP messages sent by your computer. Look at first 3-4 ICMP echo requests
sent from your computer and answer the following:

5. Which fields in the IP datagram always change from one datagram to the next within this
series of ICMP messages sent by your computer?

Checksum, identification,
Computer Networks - Lab Assignment 6

6. Which fields stay constant? Which of the fields must stay constant? Which fields must
change? Why?
All except checksum, Identification.
checksum has to change due to TTL.
Source, destination and protocol type will remain same, always.

7. Describe the pattern you see in the values in the Identification field of the IP datagram

Identification number changes serially.

Next (with the packets still sorted by source address) find the series of ICMP TTL exceeded
replies sent to your computer by the nearest (first hop) router (default gateway).

8. What is the value in the Identification field and the TTL field?

TTL : 255. IDENTIFICATION : 32946

9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your
computer by the nearest (first hop) router? Why?

Identification field changes.

Sort the packet listing according to time again by clicking on the Time column.

Now find the first ICMP Echo Request message that was sent by your computer after you
changed the Packet Size in traceroute to be 1500.
Computer Networks - Lab Assignment 6

10. Has that message been fragmented across more than one IP datagram?
NO

11. Find out the MTU (Maximum Transmission Size) size of your network using Ping command?
Paste a screenshot for the same. Is it same as given in the Wireshark capture file (for IPv4)?
Explain your answer.

MTU is 1472 hit and trial ; checksum stripped off at NIC

12. Now find the first ICMP Echo Request message that was sent by your computer after you
changed the Packet Size in traceroute to be 2000.

yes size of datagram exceeded 1500.

13. Has that message been fragmented across more than one IP datagram?

Yes, size of datagram exceeded by 1500 bytes

14. What information in the IP header indicates that the datagram been fragmented? What
information in the IP header indicates whether this is the first fragment versus a latter
fragment? How long is this IP datagram?

MF = 1
FO has 1500 bytes space, if it is 0 then it means it is first in the sequence. Other wise the size
indicates it is a later fragment.

15. What information in the IP header indicates that this is not the first datagram fragment? Are
there more fragments? How can you tell?

FO is not equal to 0 means not the first fragment.
MF = 1 means there are more fragments.

16. What fields change in the IP header between the first and second fragment?

FO, LENGTH, CHECKSUM

Now find the first ICMP Echo Request message that was sent by your computer after you
changed the Packet Size in traceroute to be 3500.

17. How many fragments were created from the original datagram?

3 fragments

18. What fields change in the IP header among the fragments?

FO, CHECKSUM