CAB303 Networks
Example of Practical Test 2
Network Protocol Analysis
This is an individual assessment
Assessment Duration: 50 minutes
The sample specifications are designed to assist you in preparation for the actual Practical-Test 2. You are required to use Wireshark to read and analyze the given capture files.
Note:
· You will be given 50 minutes to complete the actual assessment.
· The actual exam is closed book. Any type of reference materials, either from lecture notes or practical exercises, are NOT allowed.
· The usage of personal computing devices, including mobile phones and laptops are NOT allowed.
· Internet access is NOT allowed.
Question 1
Topic: A Protocol analysis on the TCP/IP model of client/server communications.
Scenario: In this scenario, a client host, a Web server and an FTP server are located in the same network. A DNS server is also located in this network to perform name resolution. You are required to use Wireshark to analyse a provided capture file (client_server.pcap). This file captures a series of Web sessions, ping traffic, name resolution processes, and an File Transfer Protocol (FTP) session.
Task 1: Download the Capture File “client_server.pcap” from BlackBoard
Use Wireshark to open and analyse the client_server.pcap file.
Task 2: Analyse the TCP/IP Model of Client/server Communications
Event 1
A user enters a Uniform Resource Identifier (URI) http://172.16.0.5/iisstart.htm into a Web browser.
(5 marks)
1. Use Table 1 to record the IP addresses of the Web client and Web server.
Table 1
IP Address of the Client
IP Address of the Server
2. Use Table 2 to identify the packets which are related to the TCP 3-way-handshake process of this Web session in this event.
Table 2
Field
SYN
SYN, ACK
ACK
Packet Number
Source IP address
Destination IP address
Source port number
Destination port number
3. Upon completion of this TCP 3-way-handshake process, use Table 3 to identify the HTTP request and response packets.
Table 3
HTTP Request
HTTP Response
Packet Number
Event 2
The user triggers another HTTP request by typing a URL into a web browser.
Analyse packets 17 to 21.
(5 marks)
1. Use Table 4 to identify the packets which are related to the TCP 3-way-handshake process associated with this event.
Table 4
SYN
SYN, ACK
ACK
Packet Number
Source IP address
Destination IP address
Source port number
Destination port number
2. Upon completion of this TCP 3-way-handshake process, use Table 6 to identify the HTTP request and response packets and identify the URL entered by the user.
Table 5
HTTP Request
HTTP Response
Packet Number
URL entered by the user
Event 3
The user issues a ping command by typing ping cat.inx251.edu.au.
(6 marks)
1. Identify the packets which are associated with this event.
Table 6
Packet Numbers
2. Locate and analyse the DNS query and response messages in relation to this event.
Use Table 7 to answer the following questions.
a) Which packet contains the DNS query message?
b) What are the source port and destination port for the DNS query?
c) What are the source IP and destination IP for the DNS query?
d) What type of DNS query is it (for example SOA, A, AAAA, MX, NS, or PTR)?
Table 7
DNS Query
Packet Number
Source IP address
Destination IP address
Source port number
Destination port number
Type of DNS query (DNS lookup type)
Use Table 8 to answer the following questions.
e) Which packet contains the DNS response message?
f) What are the source port and destination port for the DNS response?
g) What are the source and destination IP addresses for the DNS response?
h) What is the corresponding IP address to the hostname that has been resolved?
Table 8
DNS Response
Packet Number
Source IP address
Destination IP address
Source port number
Destination port number
DNS response (the host IP address)
3. Use Table 9 to record the ICMP packets which are related to this event.
Table 9
ICMP Request
ICMP Reply
Packet Numbers
Source IP address
Destination IP address
ICMP – Type
ICMP – Code
Event 4
The user triggers another HTTP request by typing a URL http://cat.inx251.edu.au:8080/index.htm into a web browser.
(4 marks)
1. Use Table 10 to identity the packets associated with the TCP 3-way-handshake process for this event.
Table 10
Field
SYN
SYN, ACK
ACK
Packet Number
Source IP address
Destination IP address
Source port number
Destination port number
2. Upon completion of this TCP 3-way-handshake process, use Table 11 to identify the HTTP request and response packets.
Table 11
Field
HTTP Request
HTTP Response
Packet Number
Event 5
The user triggers another HTTP request by typing http://dog.inx251.edu.au:8080/index.htm into a web browser.
(9 marks)
1. Locate and analyse the DNS query and response messages in relation to this event.
Use Table 12 to answer the following questions.
a) Which packet contains the DNS query message?
b) What are the source port and destination port for the DNS query?
c) What are the source IP and destination IP for the DNS query?
d) What type of DNS query is it (for example SOA, A, AAAA, MX, NS, or PTR)?
Table 12
DNS Query
Packet Number
Source IP address
Destination IP address
Source port number
Destination port number
Type of DNS query (DNS lookup type)
Use Table 13 to answer the following questions.
e) Which packet contains the DNS response message?
f) What are the source port and destination port for the DNS response?
g) What are the source and destination IP addresses for the DNS response?
h) What is the corresponding IP address to the hostname that has been resolved?
Table 13
DNS Response
Packet Number
Source IP address
Destination IP address
Source port number
Destination port number
DNS response (the host IP address)
2. Use Table 14 to identify the packets which are related to the TCP 3-way-handshake process in this event.
Table 14
SYN
SYN, ACK
ACK
Packet Number
Source IP address
Destination IP address
Source port number
Destination port number
3. Upon completion of this TCP 3-way-handshake process, use Table 15 to identify the HTTP request and response packets.
Table 15
HTTP Request
HTTP Response
Packet Number
Event 6
The user attempts to connect to an FTP server to upload a file.
(5 marks)
1. Use Table 16 to record the credentials used in the FTP authentication process.
Table 16
The username
The password
2. Upon successful login to the FTP server, the user attempts to upload a file to the FTP server. Use Table 17 to identify the packet for storing a file to the FTP server and the uploaded filename.
Table 17
Packet Number
File Name
3. Use Table 18 to identify the packet to mark once the file transfer is complete.
Table 18
Packet Number
Question 2
Topic: Protocol analysis on Internet Control Message Protocol (ICMP).
Description: “tracert” is a Windows-based tool that allows you to test the entire path that a packet travels through to reach its destination. You are required to use Wireshark to examine the provided capture file named tracert.pcap to identify the path from the source to reach the destination.
Task 1: Download the Capture File from BlackBoard
Use Wireshark to open and analyse the tracert.pcap file.
Task 2: Analyse Tracert Traffic
1. Draw an appropriate diagram to illustrate how the Windows-based utility – tracert displays the route taken from the source host to the destination host.
(2 marks)
2. Use Table 19 to record the path that a series of probe packets have taken to reach the destination.
(10 marks)
Table 19
Source IP Address
Type of ICMP Message
Destination IP Address
Time to Live (TTL)
192.168.0.10
1
64
2
254
3
246
4
249
5
23.49.227.171
58
Question 3
Topic: A step-by-step Analysis on Address Resolution Protocol (ARP) Process.
Description: To answer this question, you do not need a capture file. You just use the provided network topology to analyse step by step on the ARP process when a ping command is issued from PC1 to test the reachability of PC2, which is located on a different network from PC1, as shown in Figure 1. It is assumed that the ARP cache is initially empty at both PCs.
Figure 1: Network topology.
(10 marks)
Step 1.
A ping command has been issued from PC1 (192.168.10.11) to test the reachability of PC2 (192.168.20.22)
Step 2.
Fill in the blank.
To reach PC2 from PC1, PC1 relies on the default gateway to forward the ICMP message to PC2. PC1 needs to know the MAC address of its default gateway. PC1 sends an
ARP _____________ message. Use Table 20 to record key information in this message.
Table 20
Sender
MAC Address
Sender
IP Address
Target
MAC Address
Target
IP Address
Step 3.
Fill in the blank.
Router R1 receives the ARP request message issued by PC1, then R1 replies an
ARP ____________ message to PC1. Use Table 21 to record key information in this message.
Table 21
Sender
MAC Address
Sender
IP Address
Target
MAC Address
Target
IP Address
Step 4.
Upon receipt of this ARP message issued from the router R1, PC1 updates its ARP Cache with the received ARP message. Use Table 22 to record PC1’s ARP Cache.
Table 22
IP Address
MAC Address
Step 5.
Fill in the blank.
The ICMP messages are sent from PC1 to PC2 via R1. R1 needs obtains the MAC address of PC2 in order to forward the ICMP messages to PC2. Therefore, R1 sends an
ARP _____________ message to the 192.168.20.0/24 network. Use Table 23 to record key information in this ARP message.
Table 23
Sender
MAC Address
Sender
IP Address
Target
MAC Address
Target
IP Address
Step 6
Fill in the blank.
PC2 receives the ARP message sent from router R1, and then replies with an
ARP ___________ message to R1. Use Table 24 to record key information in this ARP message.
Table 24
Sender
MAC Address
Sender
IP Address
Target
MAC Address
Target
IP Address
Step 7.
Upon receipt of this ARP message sent from the R1, PC2 updates its ARP Cache with the received ARP message. Use Table 25 to record PC2’s ARP Cache.
Table 25
IP Address
MAC Address
Step 8.
Finally, R1 is able to forward the ICMP messages originated from PC1 to PC2.
End of Paper
Page 6 of 10
R1
PC1
PC2
Fa0/0
Fa1/0
MAC Address 00:00:2F:94:36:AA
IP Address 192.168.10.11/24
Default Gateway 192.168.10.1
MAC Address 00:00:2F:94:36:BB
IP Address 192.168.10.1/24
MAC Address 00:00:2F:94:36:CC
IP Address 192.168.20.1/24
MAC Address 00:00:2F:94:36:DD
IP Address 192.168.20.22/24
Default Gateway 192.168.20.1