COMPUTER NETWORKS

BIT-
BIT-10(D)
Assignment-04 (Total Marks 50)

Protocols Analysis
Submission date: 20-12-2010, 3:20 p.m.

Note carefully:

For the assignment, you MUST use LINUX Operating System

Please prepare a report with solutions to all the problems

Your answers should be supported by appropriate screenshots with
annotations showing which parts are relevant to your answers. If your
answers are not supported with screenshots when needed, points will be
deducted

The snapshot you paste should be very clear

ALL the students are required to submit the assignment in Hard copy.

Please don’t leave any questions un-answered, Your answers will be graded
based on:
• Correctness
• Completeness with necessary screenshots
• Necessary descriptions and explanations of your answers

OBJECTIVE
One’s understanding of network protocols can often be greatly deepened by “seeing protocols in action”
and by “playing around with protocols” – observing the sequence of messages exchanged between two
protocol entities, delving down into the details of protocol operation, and causing protocols to perform
certain actions and then observing these actions and their consequences. This can be done in simulated
scenarios or in a “real” network environment such as the Internet. In this assignment, we’ll take the latter
approach.
You’ll be running various network applications in different scenarios using a computer on your desk, at
home, or in a lab. You’ll observe the network protocols in your computer “in action,” interacting and
exchanging messages with protocol entities executing elsewhere in the Internet. Thus, you and your
computer will be an integral part of these “live” experiments. You’ll observe, and you’ll learn, by doing.
This assignment is organized into four parts. At the end of each part there are a series of questions that
you are going to solve.
We expect that your solutions will be unique: it depends on the network environment you have, your IP
and MAC addresses, and the computer configurations. Therefore, as you work on this assignment
independently, we expect each report will contain different answers for certain questions. By the end of
this assignment, you will find that you have learnt a lot on the details of various network protocols
through hands-on experiments.

GET STARTED
This lab assignment assumes that you have access to a computer that 1) you may install applications; 2) it
is connected to the Internet. It could be a laptop or a desktop.

The basic tool for observing the messages exchanged between executing protocol entities is called a
packet sniffer. As the name suggests, a packet sniffer captures (“sniffs”) messages being sent/received
from/by your computer; it will also typically store and/or display the contents of the various protocol
fields in these captured messages. A packet sniffer itself is passive. It observes messages being sent and
received by applications and protocols running on your computer, but never sends packets itself.
Similarly, received packets are never explicitly addressed to the packet sniffer. Instead, a packet sniffer
receives a copy of packets that are sent/received from/by application and protocols executing on your
machine.
Figure 1 shows the structure of a packet sniffer. At the right of Figure 1 are the protocols (in this case,
Internet protocols) and applications (such as a web browser or ftp client) that normally run on your
computer. The packet sniffer, shown within the dashed rectangle in Figure 1 is an addition to the usual
software in your computer, and consists of two parts. The packet capture library receives a copy of every
link-layer frame that is sent from or received by your computer. Note that here messages that are
exchanged by higher layer protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all are eventually
encapsulated in link-layer frames that are transmitted over physical media such as an Ethernet cable. In
Figure 1, the assumed physical media is an Ethernet, and so all upper layer protocols are eventually
encapsulated within an Ethernet frame. Capturing all link-layer frames thus gives you all messages
sent/received from/by all protocols and applications executing in your computer.
 Figure 1: Packet Sniffer

FIRST OF ALL DOWNLOAD, INSTALL AND GET FAMILIAR WITH THE TOOL.
(a) Surf to http://www.wireshark.org and download the latest version of this tool. Download the
Wireshark user guide. The Wireshark FAQ has a number of helpful hints and interesting tidbits of
information, particularly if you have trouble installing or running Wireshark.
(b) Wireshark is a very advanced tool that can be used to analyse all types of network packets. Run the
tool and select the ethernet device you want to sniff on.
(c) When you play around and generate some traffic by browsing some web pages you will recognize
soon that there are a lot of packets passing by on your interface. Besides the higher level protocols you
probably will also see a lot of transport layer messages like messages of the Address Resolution Protocol
(ARP) that help machines to find out each others IP addresses on a local network. It is possible to apply
filters to the intercepted messages so that we only see messages that we are interested in. In the latest
version the filter syntax is equipped with auto-completion. We can construct rules like:
ip.src==192.168.0.1
http.request.method==GET
And combine them...
ip.dst==131.174.69.27&&http.request.method==POST

EXPERIMENT – 1 (EXPERIMENT WITH ping)

Lets look at the way the ping command works:
i. Make sure Wireshark is up and running.

ii. Open a LINUX terminal

iii. In the terminal, issue the ping command to ping Google.com: ping google.com.

iv. Use Wireshark to find out which two protocols are used by ping command we issued.

v. Attached the snapshot in which these protocols are shown. Snapshot MUST contain
information about these protocols.
 vi. Packet structure of protocols shown in wireshark in the form of snapshot.

vii. Analyze the messages triggered by running the utility, and describe the flow of messages
in form of timeline diagram along with the source and destination IP addresses contained.

viii. Protocols used by each message within the network stack along with the demux keys (
you can find from analyzing the captured messages in wireshark).

ix. Examine one of the ping request packets sent by your host. What are the ICMP type and
code numbers? What other fields does this ICMP packet have? How many bytes are the
checksum, sequence number and identifier fields?

x. Examine the corresponding ping reply packet. What are the ICMP type and code
numbers? What other fields does this ICMP packet have? How many bytes are the
checksum, sequence number and identifier fields?

xi. Examine the consecutive ICMP packets. Verify the RTT time reported in the command
window is the same as the timestamps you observe via Wireshark. (Providing screenshots
for command windows is helpful to demonstrate your results. )

EXPERIMENT – 2 (EXPERIMENT WITH traceroute)

Lets look at the way the traceroute command works:
i. Make sure Wireshark is up and running.

ii. Open a LINUX terminal

iii. Type traceroute <website>, Press enter

iv. Stop packet capture when command prompt returns.

v. Analyze which protocols are used by traceroute utility, make the snap shots of header of
packet exchanged for traceroute.

vi. Packet structure of protocols shown in wireshark in the form of snapshot.

vii. Analyze the messages triggered by running the utility, and describe the flow of messages
in form of timeline diagram along with the source and destination IP addresses contained.

viii. Protocols used by each message within the network stack along with the demux keys(
you can find from analyzing the captured messages in wireshark).

EXPERIMENT – 3 (EXPERIMENT WITH HTTP)

i. Start up your web browser.

ii. Start up the Wireshark packet sniffer. Use “http” (just the letters, not the quotation marks) in
the display-filter-specification window, so that only captured HTTP messages will be
 displayed in the packet-listing window. (We’re only interested in the HTTP protocol here,
and don’t want to see the clutter of all captured packets).

iii. Enter a web link of your choice into the web browser. It could be a RFC file, a website, etc.

iv. Stop Wireshark packet capture

v. Choose a GET message and its response message in the captured message traces of
Wireshark. Recall that since the HTTP message was carried inside a TCP segment, which
was carried inside an IP datagram, which was carried within an Ethernet frame, Wireshark
displays the Frame, Ethernet, IP, and TCP packet information as well.

vi. By looking at the information in the HTTP GET and response messages, answer the
following questions. When answering the following questions, you should provide snapshot
of the GET and response messages and indicate where in the message you’ve found the
information that answers the following questions.

a) What is the version of HTTP protocol, is it 1.0 or 1.1? Where do you find it?
b) What is the status code returned from the server to your browser?
c) Based on timestamps, what is the delay for the HTTP response?
d) Messages which are sent /received by your application layer protocol to/from
google server

EXPERIMENT – 4 (EXPERIMENT WITH IP)

i. Start the wireshark

ii. Enter icmp as filter

iii. Open the linux terminal

iv. Enter the following command:

v. traceroute google.com 500000

vi. Provide the following information related to one of the packets:

a) Version
b) Header Length
c) Identification
d) Total Length
e) Flags
f) TTL
g) Protocol
h) Source IP Address
i) Destination IP Address
EXPERIMENT – 5 (EXPERIMENT WITH TCP)
i. Start the wireshark

ii. Enter tcp as filter

iii. Enter the http://www.google.com in your favorite browser

iv. Write the answer to following Questions:

1) Which protocols are used by the communication at:

a) Transport Layer

• If transport protocol is TCP then provide the following information:

• Using Wireshark, capture the frames/packets/segments associated with a TCP 3-way
handshake.

Figure 2: Information required in Experiment 5

Resources:

1) http://www.wireshark.org/download/src/
2) http://www.tcpdump.org/release/libpcap-0.9.3.tar.gz