Wireshark-IP-Solution

SolutiontoWiresharkLab:IPFig.1ICMPEchoRequestmessageIPinformation1.WhatistheIPaddressofyourcomputer?TheIPaddressofmycomputeris192.168.1.462.WithintheIPpacketheader,whatisthevalueintheupperlayerprotocolfield?Withintheheader,thevalueintheupperlayerprotocolfieldisICMP(0x01)3.HowmanybytesareintheIPheader?HowmanybytesareinthepayloadoftheIPdatagram?Explainhowyoudeterminedthenumberofpayloadbytes.Thereare20bytesintheIPheader,and56bytestotallength,thisgives36bytesinthepayloadoftheIPdatagram.4.HasthisIPdatagrambeenfragmented?Explainhowyoudeterminedwhetherornotthedatagramhasbeenfragmented.Themorefragmentsbit=0,sothedataisnotfragmented.5.WhichfieldsintheIPdatagramalwayschangefromonedatagramtothenextwithinthisseriesofICMPmessagessentbyyourcomputer?Identification,TimetoliveandHeaderchecksumalwayschange.6.Whichfieldsstayconstant?Whichofthefieldsmuststayconstant?Whichfieldsmustchange?Why?ThefieldsthatstayconstantacrosstheIPdatagramsare:•Version(sinceweareusingIPv4forallpackets)•headerlength(sincetheseareICMPpackets)•sourceIP(sincewearesendingfromthesamesource)•destinationIP(sincewearesendingtothesamedest)•DifferentiatedServices(sinceallpacketsareICMPtheyusethesameTypeofServiceclass)•UpperLayerProtocol(sincetheseareICMPpackets)Thefieldsthatmuststayconstantare:•Version(sinceweareusingIPv4forallpackets)•headerlength(sincetheseareICMPpackets)•sourceIP(sincewearesendingfromthesamesource)•destinationIP(sincewearesendingtothesamedest)•DifferentiatedServices(sinceallpacketsareICMPtheyusethesameTypeofServiceclass)•UpperLayerProtocol(sincetheseareICMPpackets)Thefieldsthatmustchangeare:•Identification(IPpacketsmusthavedifferentids)•Timetolive(tracerouteincrementseachsubsequentpacket)•Headerchecksum(sinceheaderchanges,somustchecksum)7.DescribethepatternyouseeinthevaluesintheIdentificationfieldoftheIPdatagramThepatternisthattheIPheaderIdentificationfieldsincrementwitheachICMPEcho(ping)request.Fig.2ICMPTTLexceededreply,IPinformation8.WhatisthevalueintheIdentificationfieldandtheTTLfield?Identification:30767TTL:649.DothesevaluesremainunchangedforalloftheICMPTTL-exceededrepliessenttoyourcomputerbythenearest(firsthop)router?Why?TheidentificationfieldchangesforalltheICMPTTL-exceededrepliesbecausetheidentificationfieldisauniquevalue.WhentwoormoreIPdatagramshavethesameidentificationvalue,thenitmeansthattheseIPdatagramsarefragmentsofasinglelargeIPdatagram.TheTTLfieldremainsunchangedbecausetheTTLforthefirsthoprouterisalwaysthesame.Fig.3ICMPEchoRequestpktsize=2000,firstfragment10.FindthefirstICMPEchoRequestmessagethatwassentbyyourcomputerafteryouchangedthePacketSizeinpingplottertobe2000.HasthatmessagebeenfragmentedacrossmorethanoneIPdatagram?Yes,thispackethasbeenfragmentedacrossmorethanoneIPdatagram11.PrintoutthefirstfragmentofthefragmentedIPdatagram.WhatinformationintheIPheaderindicatesthatthedatagrambeenfragmented?WhatinformationintheIPheaderindicateswhetherthisisthefirstfragmentversusalatterfragment?HowlongisthisIPdatagram?TheFlagsbitformorefragmentsisset,indicatingthatthedatagramhasbeenfragmented.Sincethefragmentoffsetis0,weknowthatthisisthefirstfragment.Thisfirstdatagramhasatotallengthof1500,includingtheheader.Fig.4ICMPEchoRequestpktsize=2000,secondfragment12.PrintoutthesecondfragmentofthefragmentedIPdatagram.WhatinformationintheIPheaderindicatesthatthisisnotthefirstdatagramfragment?Arethemorefragments?Howcanyoutell?Wecantellthatthisisnotthefirstfragment,sincethefragmentoffsetis1480.Itisthelastfragment,sincethemorefragmentsflagisnotset.13.WhatfieldschangeintheIPheaderbetweenthefirstandsecondfragment?TheIPheaderfieldsthatchangedbetweenthefragmentsare:totallength,flags,fragmentoffset,andchecksum.Fig.5ICMPEchoRequestpktsize=3500,firstfragment14.Howmanyfragmentswerecreatedfromtheoriginaldatagram?Afterswitchingto3500,thereare3packetscreatedfromtheoriginaldatagram.15.WhatfieldschangeintheIPheaderamongthefragments?TheIPheaderfieldsthatchangedbetweenallofthepacketsare:fragmentoffset,andchecksum.Betweenthefirsttwopacketsandthelastpacket,weseeachangeintotallength,andalsointheflags.Thefirsttwopacketshaveatotallengthof1500,withthemorefragmentsbitsetto1,andthelastpackethasatotallengthof540,withthemorefragmentsbitsetto0.