COLLEGE OF ENGINEERING, PUNE DEPT OF COMPUTER ENGINEERING AND INFORMATION TECHNOLOGY Third Year B.

Tech Computer Engineering - Computer Networks (CT 320) Lab 7: Capturing ICMP with Wireshark Batch : T1 Team Members : 1] Abhijay Patne (110903011) 2] Yash Joshi (110903013)

1. What is the IP address of your host? What is the IP address of the destination host? Ans. : My host : Destination Host : 10.1.11.112 74.125.236.210

2. Why is it that an ICMP packet does not have source and destination port numbers? Ans. Because it's simply an echo - reply protocol not a communication protocol.

3. Examine one of the ping request packets sent by your host. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields? Ans. : Type: 8 (Echo (ping) request) Code: 0 Checksum: 0x97a0 [correct], 2 Bytes Identifier (BE): 3525 (0x0dc5) Identifier (LE): 50445 (0xc50d) 2 Bytes per Endian type Sequence number (BE): 2 (0x0002) Sequence number (LE): 512 (0x0200) 2 Bytes per Endian type

4. Examine the corresponding ping reply packet. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?

Ans. : Type: 0 (Echo (ping) reply) Code: 0 Checksum: 0x9fa0 [correct] 2 Bytes Identifier (BE): 3525 (0x0dc5) Identifier (LE): 50445 (0xc50d) 2 Bytes per Endian type Sequence number (BE): 2 (0x0002) Sequence number (LE): 512 (0x0200) 2 Bytes per Endian type

5. What is the IP address of your host? What is the IP address of the target destination host? Ans. : My host : 10.1.11.112

Target host : 80.12.97.49

6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for the probe packets? If not, what would it be? Ans. : Yes.

7. Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping query packets? If yes, how so? Ans. : In traceroute, packet contains zero data whereas in ping, packet contains some data. In traceroute, sequence numbers are zero maximum times while it is sequential in case of ping.

8. Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo packet. What is included in those fields? Ans. : In error packet, the information about TCP source and destination port number as well as one extra field named Differentiated Service Field is added. It also contains additional information about IPV4 and TCP packets which may be helpful while debugging or finding the reason for error. Whereas in normal ICMP echo packet, Data field is present which is the only different field than the one in error packet.

9. Examine the last three ICMP packets received by the source host. How are these packets different from the ICMP error packets? Why are they different?

Ans. : Last three packets contains combination of echo request and reply which are similar to normal echo requests whereas error packet contains some additional fields such as the information about TCP source and destination port number as well as one extra field named Differentiated Service Field. These three combinations of echo request and reply might be useful to convey connection termination. 10. Within the traceroute measurements, is there a link whose delay is significantly longer than others? Ans. : Yes, the first one because at first time, the ARP program takes time to find the physical address of first router.