Task 1: IP Packet Structure
1) Sketch a figure of an IP packet you examined. The figure should ideally show
the position and size of bytes of the IP header fields as observed using
Wireshark.
From0x03 to 0x21, size 20 bytes.
2) By examining the details of the IP packets in your trace, answer the following
questions:
a. What are the IP addresses of your computer and the remote server?
My IP address: 192.168.1.201
Remote server: 221.226.37.168
b. What is the initial value of the TTL field for packets sent from your computer?
Is it the maximum possible value, or some lower value?
TTL: 64, the max possible value is 255
c. What does the Total Length field include? Provide an example from the trace
to support your answer.
From the beginning of IP header to the end of data pack. In my
example, the total length is 173 bytes from 0x0e to 0xba.
d. What is the length of the IP Header and how is this encoded in the header length
field?
The length is 20 bytes, it is encoded in the lower 4 bits of the same byte as version.
The unit is 4 bytes, so if the value of lower 4 bits is 5, the length is 20 bytes.
e. How can you check whether a packet has been fragmented?
Expand the “flags” line, then we can see the information about fragment.
Task 2: IP Header Checksum
1) Pick a packet sent from the remote server to your computer, from the trace
captured in Task 1 using Wireshark, and check that the IP header checksum is
correct. Your answer should clearly show the summation process and the
number of the packet you chose to carry out this summation on.
The check sum is correct. I copy IP header as hex stream and set the two bytes of
check sum to 0000. Then I used the following program to compute the check sum.
The result of my program is 1f1b which is the same as two bytes in IP header.
int main() {
int buff[10] = { 0x4500, 0x0255, 0x608c, 0x0000, 0x7306, 0x0000,
0xdde2,
0x25a8, 0xc0a8, 0x01c9 };
int checksum = 0, i = 0;
for (i = 0; i < 10; i++) { checksum += buff[i]; } checksum = (checksum >> 16) + (checksum & 0xffff);
checksum += (checksum >> 16);
checksum = 0xffff – checksum;
printf(“%04x\n”, checksum);
return 0;
}
2) Explain why the checksum in IP covers only the header and not the data.
The check sum of IP header will be computed and checked on each passed router. If
all data would be computed, it may be very slow. Since the TCP header has a check
sum of all data, the check sum of IP header should check the header only.
Task 3: Sketch the Internet Path
a) The IP addresses of your computer and the remote server
b) The routers along the path ordered according to the hop count shown in the tracert
output. For a better presentation of the sketch, group the routers that belong to one
organisation, when possible, as the section highlighted
c:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::b8eb:33fe:9163:c2bd%9
IPv4 Address. . . . . . . . . . . : 192.168.1.201
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
C:\Users\apple>tracert www.cam.ac.uk
Tracing route to www.cam.ac.uk [131.111.150.25]
over a maximum of 30 hops:
1 1 ms 1 ms <1 ms 192.168.1.254 2 6 ms 18 ms 5 ms gw-vlan1558.edge1.leicgrov.opal.ask4.net [78.109.191.113] 3 6 ms 5 ms 5 ms core2-thn-edge1-thn.thn.ask4.net [81.23.55.101] 4 10 ms 5 ms 15 ms lon-xmr-core2-thn.thn.ask4.net [81.23.62.230] 5 5 ms 4 ms 5 ms linx-gw1.ja.net [195.66.224.15] 6 14 ms 5 ms 7 ms ae23.londtn-sbr1.ja.net [146.97.35.169] 7 6 ms 17 ms 4 ms ae29.londtw-sbr2.ja.net [146.97.33.9] 8 9 ms 8 ms 7 ms 146.97.38.18 9 7 ms 7 ms 7 ms 146.97.65.117 10 12 ms 54 ms 46 ms University-of-Cambridge.cambab-rbr1.eastern.ja.net [146.97.130.2] 11 9 ms 9 ms 8 ms d-dw.s-dw.net.cam.ac.uk [193.60.88.2] 12 8 ms 8 ms 9 ms d-dw.s-dw.net.cam.ac.uk [193.60.88.2] 13 8 ms 8 ms 8 ms 128.232.128.6 14 8 ms 8 ms 8 ms 128.232.129.2 15 9 ms 8 ms 9 ms mint.admin.cam.ac.uk [193.60.89.241] 16 8 ms 8 ms 8 ms primary.admin.cam.ac.uk [131.111.150.25] Trace complete. Task 4: TCP Segment Structure Sketch a figure of a TCP segment you examined. The figure should ideally show the position and size of bytes of the TCP fields as observed using Wireshark. It includes a TCP header and data. The size of header is 20 bytes. The length of data is 133 bytes. So the “TCP segment Len” field does not include the TCP header.