Tuesday, 24 May 2016

Wireshark Lab ARP Solution

Link to download document down below! (Microsoft Word format)

1.  Write down the contents of your computer’s ARP cache (see above procedure: Step 1).  What is the meaning of each column value?

Answer: The Internet Address column represents the IP address of the computer at the network layer, the Physical Address column contains the MAC address to physically communicate with the hardware that is located at that IP address, and the Type column indicates whether it is changing (dynamic) or not (static).


2.  Where in the ARP request does the “question” appear – the Ethernet address of the machine whose corresponding IP address is being queried? (see Wireshark).

Answer: The “question” appears in the ‘Target MAC address’.


3.  Why is the ARP request message sent as broadcast (i.e. to all other devices), whereas the ARP reply is sent as a unicast directly to the sender device only? Explain.

Answer: ARP requests are sent as broadcast because the destination or the target device is yet unknown. Broadcasting will be faster and more efficient to look for the device that matches the address of the request. ARP replies are sent as unicast because a connection has been established between two devices, therefore direct communication can be formed.

Download Link:

How To Download:
Please disable any Ad Block software if any beforehand or this may not work properly.

1. Please wait for 5 seconds.


2. Click on "Skip Ad".


3. Click on "Download through your browser".


Wireshark Lab IP Solution

Link to download document down below! (Microsoft Word format)

1.  Within the IP packet header, what is the value in the protocol field? What does this value mean?

Answer: The value in the protocol field is ICMP (1). It means the protocol field has only 1 byte.


2.  How many bytes are in the IP header? How many bytes are in the payload of the IP datagram?  Explain how you determined the number of payload bytes.

Answer: There are 20 bytes in the IP header, and 92 bytes total length, this gives 72 bytes in the payload of the IP datagram.


3.  Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer? Explain why they change.

Answer: Identification, Time to live and Header checksum always change. The identification is a unique value. Different IP packets must have different IDs to identify themselves. TTL always changes because traceroute increments each subsequent packet. Header checksum changes because since header change, checksum must also change.

4.  What is the value in the Identification field and the TTL field?

Answer: 
The value in the identification field is 46463.
The value in the TTL field is 255.



5.  Do these values (referring to question 4) remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router?  Why?

Answer: The identification field changes for all the ICMP TTL-exceeded replies because the identification field is a unique value. When two or more IP datagrams have the same identification value, then it means that these IP datagrams are fragments of a single large IP datagram.

The TTL field remains unchanged because the TTL for the first hop router is always the same.

Download Link:

How To Download:
Please disable any Ad Block software if any beforehand or this may not work properly.

1. Please wait for 5 seconds.


2. Click on "Skip Ad".


3. Click on "Download through your browser".




Wireshark Lab ICMP & Traceroute Solution

Link to download document down below! (Microsoft Word format)

1.  Why is it that an ICMP packet does not have source and destination port numbers?

Answers: ICMP is not used to transfer data, but rather to detect errors. If it cannot reach the IP, it will give an error and only send small amounts of data to check the status of the destination. Thus, it does not need a specific port, it just needs to know whether or not the given IP can be contacted.

2.  What is the ICMP protocol number in the IP packet header?

Answers: The protocol number in the IP packet header is 1.


3.  Examine the ICMP Echo Request packet. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?

Answers: The Type is 8, which is an Echo (ping) request. The code is 0. The other fields contained are Checksum, Identifier (BE), Identifier (LE), Sequence number (BE), and Sequence number (LE). They are each 2 bytes long.

4.  Examine the ICMP error packet received by your host (i.e. the TTL Exceeded packet). It has more fields than the ICMP echo packet. What is included in those fields?

Answers: The additional fields are the IPv4 data from the original packet (ping request). The additional data is a carbon copy of the ICMP part of the original packet.




5.  Refer to the screenshot in Figure 1, how many hops are there between the Traceroute client and target destination server is in France (i.e. www.inria.fr)?


Answers: 15 hops.

Download Link:

How To Download:
Please disable any Ad Block software if any beforehand or this may not work properly.

1. Please wait for 5 seconds.


2. Click on "Skip Ad".


3. Click on "Download through your browser".




Wireshark Lab DNS Solution

Link to download document down below! (Microsoft Word format)

1.  Locate the DNS query and response messages. Are they sent over UDP or TCP?

Answer: They sent over UDP.




2.  What is the destination port for the DNS query message? What is the source port of DNS response message?

Answer: 
Destination port: domain (53)
Source port: domain (53)


3.  To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your local DNS server. Are these two IP addresses the same?

Answer: 172.18.41.2, yes the two IP addresses are the same.


4.  Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?

Answer: Type: A (Host address), the query message does not contain any “answers”.



5.  Examine the DNS response message. How many “answers” are provided? What does each of these answers contain?

Answer: 
1 “answers” is provided.
The answer contains: www.ietf.org: type A, class IN, addr 12.22.58.30


6.  This web page contains images. Before retrieving each image, does your host issue new DNS queries?

Answer:
No.

Download Link:

How To Download:
Please disable any Ad Block software if any beforehand or this may not work properly.

1. Please wait for 5 seconds.


2. Click on "Skip Ad".


3. Click on "Download through your browser".


Wireshark Lab DHCP Solution

Link to download document down below! (Microsoft Word format)

1.  Are DHCP messages sent over UDP or TCP?

Answer: DHCP messages are sent over UDP (User Datagram Protocol).



2.  Draw a timing datagram illustrating the sequence of the first four-packet Discover/Offer/Request/ACK DHCP exchange between the client and server. For each packet, indicated the source and destination port numbers. Are the port numbers the same as in the example given in this lab assignment?

Answer: The port numbers are the same as the example given in this lab assignment.


3.  What is the link-layer (e.g., Ethernet, MAC) address of your host?

Answer: The link-layer address of my host is (00:25:64:e7:3b:2e)


4.  What values in the DHCP discover message differentiate this message from the DHCP request message?

Answer: The values which differentiate the Discover message from the Request message are in “Option: (t=53,l=1) DHCP Message Type”



5.  What is the value of the Transaction-ID in each of the first four (Discover/Offer/Request/ACK) DHCP messages? What are the values of the Transaction-ID in the second set (Request/ACK) set of DHCP messages? What is the purpose of the Transaction-ID field?

Answer: 
Discover - Transaction ID 0x752c8ad1
Offer    - Transaction ID 0x752c8ad1
Request - Transaction ID 0x752c8ad1
ACK      - Transaction ID 0x752c8ad1


6.  A host uses DHCP to obtain an IP address, among other things. But a host’s IP address is not confirmed until the end of the four-message exchange! If the IP address is not set until the end of the four-message exchange, then what values are used in the IP datagrams in the four-message exchange? For each of the four DHCP messages (Discover/Offer/Request/ACK DHCP), indicate the source and destination IP addresses that are carried in the encapsulating IP datagram.

Answer: The DCHP client and server both use 255.255.255.255 as the destination address. The client uses source IP address 0.0.0.0, while the server uses its actual IP address as the source.


7.  What is the IP address of your DHCP server?

Answer: The IP address of the DHCP server is 172.18.218.1

8.  What IP address is the DHCP server offering to your host in the DHCP Offer message? Indicate which DHCP message contains the offered DHCP address.

Answer: The DHCP server offered the IP address 172.18.218.105 to my client machine. The DHCP message with “DHCP Message Type = DHCP Offer” contained the offered IP.


9.  Explain the purpose of the router and subnet mask lines in the DHCP offer message.

Answer: The router line indicates to the client what its default gateway should be. The subnet mask line tells the client which subnet mask it should use.



10.  In the example screenshots in this assignment, the host requests the offered IP address in the DHCP Request message. What happens in your own experiment?

Answer: In my experiment, the host requests the offered IP address in the DHCP Request message.



11.  Explain the purpose of the lease time. How long is the lease time in your experiment?

Answer: The lease time is the amount of time the DHCP server assigns an IP address to a client. During the lease time, the DHCP server will not assign the IP given to the client to another client, unless it is released by the client. Once the lease time has expired, the IP address can be reused by the DHCP server to give to another client. In my experiment, the lease time is 8 days.




12.  What is the purpose of the DHCP release message? Does the DHCP server issue an acknowledgment of receipt of the client’s DHCP request? What would happen if the client’s DHCP release message is lost?

Answer: The client sends a DHCP Release message to cancel its lease on the IP address given to it by the DHCP server. The DHCP server does not send a message back to the client acknowledging the DHCP Release message. If the DHCP Release message from the client is lost, the DHCP server would have to wait until the lease period is over for that IP address until it could reuse it for another client.

Download Link:

How To Download:
Please disable any Ad Block software if any beforehand or this may not work properly.

1. Please wait for 5 seconds.


2. Click on "Skip Ad".


3. Click on "Download through your browser".


Wireshark Lab HTTP Solution

Link to download document down below! (Microsoft Word format)


1.  Is your browser running HTTP version 1.0 or 1.1?  What version of HTTP is the server running? 

Answer: Both are running HTTP version 1.1




2.  What languages (if any) does your browser indicate that it can accept to the server?

Answer: Accept-Language: en-us


3.  What is the status code returned from the server to your browser? 

Answer: HTTP/1.1 200 OK (text/html)



4.  When was the HTML file that you are retrieving last modified at the server? 

Answer: Last-Modified: Thu, 12 Sep 2013 08:03:01 GMT


5.  How many bytes of content are being returned to your browser?

Answer: 382 bytes


6.  What is the HTTP status code and phrase returned from the server in response to this second HTTP GET? Did the server explicitly return the contents of the file? Explain.

HTTP/1.1 404 Not Found (text/html)

The server did not explicitly return the contents of the file because the file could not be found.




7.  By inspecting the raw data in the packet content window, do you see any headers within the data that are not displayed in the packet-listing window?  If so, name two.

Answers: No, all headers can be found in the raw data.

Download Link:

How To Download:
Please disable any Ad Block software if any beforehand or this may not work properly.

1. Please wait for 5 seconds.


2. Click on "Skip Ad".


3. Click on "Download through your browser".