Add to collection(s) Add to saved
  1. No category
Uploaded by David Kaniki

UNZA EEE 5581 Lab 3 Report.

advertisement 
The University of Zambia
Department of Electrical and Electronic
Engineering
Name: David Mumba Kaniki
Computer Number: 2019035057
Course: EEE 5581
Lecturer: Dr. S. Tembo
Activity: Lab 2 Part 1
Title: IP
Lab Partners: Patience Chembe
Gift Mbumwae
Aim or Objectives:
-
-
Analyse IP Packet Structure: Identify and examine the key components of an IP packet
header, including fields such as version, header length, total length, identification, flags,
fragment offset, TTL, protocol, header checksum, source address, and destination address.
Capture and Filter Network Traffic: Use Wireshark to capture live network traffic and apply
filters to isolate and analyse IP packets.
Investigate IP Fragmentation and Reassembly: Understand the process of IP fragmentation,
identify fragmented packets, and analyse the reassembly process.
Introduction
In this lab, we will delve into the workings of the Internet Protocol (IP), focusing on the intricacies of
the IP datagram. This exploration will be facilitated by analysing a trace of IP datagrams that are sent
and received during the execution of the traceroute program. The lab is based on "Wireshark Lab: IP
Version 2.0 © 2009 J.F. Kurose, K.W. Ross," a companion to "Computer Networking: A Top-Down
Approach, 5th edition."
The primary objective of this lab is to examine the various fields within the IP datagram and to gain a
detailed understanding of IP fragmentation. The traceroute program, which operates by sending a
sequence of IP datagrams with incrementing Time-To-Live (TTL) values, will be used to generate the
necessary trace. This process allows us to observe how routers decrement the TTL value, ultimately
resulting in the generation of ICMP "time exceeded" messages, which provide insights into the path
taken by the datagrams across the network.
Before beginning this lab, it is advisable to review sections 1.4.3 and 4.4 of the textbook and section
3.4 of RFC 2151 to understand the operation of the traceroute program and the IP protocol.
Additionally, RFC 791 should be kept handy for detailed discussions on the IP protocol.
To generate the required IP datagram trace, we will use traceroute programs available on both
Windows and Unix/Linux platforms. On Windows, we will use the pingplotter program, which allows
setting the ICMP echo request message size, while on Unix/Linux, the size of the UDP datagram can
be set directly in the traceroute command.
By capturing the IP datagrams using Wireshark, we will analyse the headers and payloads to answer
specific questions related to the IP addresses, protocol fields, header and payload sizes, and
fragmentation status. This lab aims to provide a comprehensive understanding of how IP operates
within the context of real-world network communications.
Theory/Background:
The Internet Protocol (IP) is a fundamental component of the Internet's network layer, responsible
for the transmission of data across networks. IP defines how data packets are formatted, addressed,
transmitted, routed, and received at the destination. This section provides an overview of the key
aspects of IP, including its structure, addressing, fragmentation, and the differences between IPv4
and IPv6.
IPv4 Datagram Format
The IPv4 (Internet Protocol version 4) is the most widely used version of IP. The basic unit of data
transfer in IPv4 is the datagram. An IPv4 datagram consists of a header and a payload. The header
contains essential control information required for routing and delivery, while the payload carries the
actual data.
Key fields in the IPv4 header include:
- Version Number (4 bits): Indicates the IP version (IPv4 in this case).
- Header Length (4 bits): Specifies the length of the header, allowing routers to determine where the
data begins.
- Type of Service (TOS) (8 bits): Used to specify the priority and quality of service desired.
- Total Length (16 bits): The total length of the datagram, including header and data, up to 65,535
bytes.
- Identification, Flags, Fragmentation Offset: Used for datagram fragmentation and reassembly.
- Time-to-Live (TTL) (8 bits): Limits the lifetime of the datagram to prevent it from circulating
indefinitely. It is decremented by each router that processes the datagram.
- Protocol (8 bits): Indicates the transport layer protocol (e.g., TCP, UDP) used in the payload.
- Header Checksum (16 bits): Used for error-checking the header.
- Source and Destination IP Addresses (32 bits each): Indicate the origin and destination of the
datagram.
- Options: Optional fields for additional functionalities.
The payload typically contains the transport layer segment (TCP or UDP) to be delivered to the
destination.
Fragmentation and Reassembly
Not all link-layer protocols can handle large datagrams. The maximum size of a datagram that can be
carried by a link-layer protocol is called the Maximum Transmission Unit (MTU). When a datagram
exceeds the MTU of a link, it must be fragmented.
Fragmentation involves breaking down a large datagram into smaller fragments, each of which is
small enough to fit within the MTU. Each fragment is then treated as an independent datagram with
its own header. The fields in the header such as identification, flags, and fragmentation offset help in
reassembling the fragments back into the original datagram at the destination.
IPv4 Addressing
IPv4 addresses are 32-bit numerical labels used to identify interfaces on the network. These
addresses are typically written in dotted-decimal notation, consisting of four decimal numbers
separated by dots (e.g., 192.168.0.1).
IP addresses are hierarchical and consist of two main parts:
- Network Portion: Identifies the specific network.
- Host Portion: Identifies a specific interface within that network.
Subnets and CIDR
A subnet is a smaller network within a larger network. The subnet mask determines which portion of
an IP address is used for the network and which portion is used for hosts. For instance, a subnet
mask of 255.255.255.0 (or /24 in CIDR notation) indicates that the first 24 bits of the IP address are
the network portion, and the remaining 8 bits are the host portion.
Classless Inter-Domain Routing (CIDR) is a method for allocating IP addresses and routing IP packets.
It replaces the older system of IP address classes (A, B, C) with a more flexible method. CIDR allows
for the aggregation of IP addresses, which simplifies routing and improves the efficiency of IP address
allocation.
IPv6
IPv6 is the successor to IPv4, designed to address the limitations of IPv4, such as address exhaustion.
IPv6 addresses are 128 bits long, allowing for a vastly larger number of unique addresses. The header
format is also simplified to improve processing efficiency.
Key differences between IPv4 and IPv6 include:
- Address Length: IPv6 uses 128-bit addresses compared to IPv4's 32-bit addresses.
- Header Simplification: IPv6 headers are designed to be simpler and more efficient.
- Fragmentation: IPv6 does not allow routers to perform fragmentation. Instead, fragmentation is
handled by the sending host.
- Security: IPv6 has built-in support for IPsec, a suite of protocols for securing IP communications.
Understanding the structure and function of the Internet Protocol is essential for networking
professionals. IP's ability to format, address, transmit, and route data efficiently across diverse and
complex networks is fundamental to the functioning of the modern Internet. By mastering concepts
such as IPv4 addressing, fragmentation, and the improvements introduced with IPv6, one gains a
comprehensive understanding of the Internet's network layer operations.
IP Fragmentation and Assembly
IPv4 datagram format
Materials
-
A computer with a Wi-Fi connection.
Wireshark Packet Sniffer Version 4.2.4 (v4.2.4-0-g1fe5bce8d665).
PingPlotter Version 5.24.3.8913
Methodology:
Findings and Results:
Attached to this lab report.
Discussion:
The lab aimed to delve into the Internet Protocol (IP) by analysing the structure of IP packets,
capturing and filtering network traffic using Wireshark, and investigating IP fragmentation and
reassembly. Through the analysis of a trace of IP datagrams generated by the traceroute program,
the lab sought to understand the various fields within the IP datagram and gain insights into the
fragmentation process.
The discussion covered several key aspects of IP, including the structure of IPv4 datagrams, IP
addressing, fragmentation, and the differences between IPv4 and IPv6. The analysis of the IP header
fields revealed patterns and behaviours essential for proper routing and delivery of data packets
across networks.
Answers to the lab questions provided a comprehensive understanding of how various fields within
the IP datagram functioned and interacted. For instance, the identification field incremented with
each ICMP Echo request, while the TTL field remained constant for ICMP TTL-exceeded replies from
the nearest router. The discussion elucidated why certain fields needed to remain constant, such as
the version, header length, source and destination IP addresses, differentiated services, and upper
layer protocol, for consistent interpretation and processing of packets by routers and destination
hosts.
Furthermore, the examination of IP fragmentation highlighted the process of breaking down large
datagrams into smaller fragments to fit within the maximum transmission unit (MTU) of a link-layer
protocol. The lab findings demonstrated how fragmentation was indicated in the IP header,
distinguishing between the first and subsequent fragments based on the fragment offset value.
Overall, the lab provided valuable insights into the inner workings of the Internet Protocol,
emphasizing the importance of understanding IP packet structure, addressing, and fragmentation for
network professionals. By mastering these concepts, individuals can effectively analyse and
troubleshoot network issues, ensuring efficient data transmission across diverse network
environments.
Answers to Questions:
1. Select the first ICMP Echo Request message sent by your computer, and expand the Internet
Protocol part of the packet in the packet details window. What is the IP address of your
computer?
My computer IP address is 192.168.117.2
2. Within the IP packet header, what is the value in the upper layer protocol field?
The value is: Protocol: ICMP (1)
3. How many bytes are in the IP header? How many bytes are in the payload of the IP
datagram? Explain how you determined the number of payload bytes.
There are 20 bytes in the IP header, and 56 bytes total length, this gives 36 bytes in the
payload of the IP datagram.
4. Has this IP datagram been fragmented? Explain how you determined whether or not the
datagram has been fragmented.
The fragments bit = 0, so the data is not fragmented.
5. Which fields in the IP datagram always change from one datagram to the next within this
series of ICMP messages sent by your computer?
Identification, Time to live and Header checksum always change.
6. Which fields stay constant? Which of the fields must stay constant? Which fields must
change? Why?
-
Fields that stay constant across the IP datagrams are:
Version (since we are using IPv4 for all packets)
Header length (since these are ICMP packets)
Source IP (since we are sending from the same source)
Destination IP (since we are sending to the same dest)
Differentiated Services (since all packets are ICMP they use the same Type of Service class)
Upper Layer Protocol (since these are ICMP packets)
-
The fields that must stay constant are:
Version (since we are using IPv4 for all packets)
Header length (since these are ICMP packets)
Source IP (since we are sending from the same source)
Destination IP (since we are sending to the same dest)
Differentiated Services (since all packets are ICMP they use the same Type of Service class)
Upper Layer Protocol (since these are ICMP packets)
-
The fields that must change are:
Dentification (IP packets must have different ids)
Time to live (traceroute increments each subsequent packet)
Header checksum (since header changes, so must checksum)
To understand why certain fields in the IP datagrams stay constant and others must change,
we need to consider the purpose and function of each field within the IP protocol and the
specifics of the traceroute operation.
Fields that Stay Constant
Version:
- Reason: We are using IPv4 for all packets in this lab. The version field identifies the IP
protocol version being used and remains constant because all packets conform to the same
protocol standard.
Header Length:
- Reason: The header length indicates the length of the IP header. Since we are dealing with
ICMP packets and the structure of the IP header does not change in our scenario, this field
remains constant.
Source IP:
- Reason: This field specifies the IP address of the sender. As the packets are being sent
from the same source (the computer running traceroute), the source IP remains the same for
all packets.
Destination IP:
- Reason: This field specifies the IP address of the destination. Since the packets are being
sent to the same destination as part of the traceroute process, this field remains unchanged.
Differentiated Services:
- Reason: This field indicates the Type of Service (ToS) or Quality of Service (QoS) being
used. Since all packets are ICMP and are treated the same way in terms of service class, this
field does not change.
Upper Layer Protocol:
- Reason: This field indicates the protocol used in the data portion of the IP datagram. For
ICMP packets, this field specifies ICMP as the upper layer protocol, which remains constant.
Fields that Must Stay Constant
- Version: Consistency in protocol version ensures correct interpretation and processing of
the packets by the routers and destination host.
- Header Length: A fixed header length indicates a consistent structure, which is crucial for
proper parsing and handling of the packets.
- Source IP: Maintaining a consistent source IP allows routers and destination hosts to
properly identify the sender of the packets.
- Destination IP: Consistent destination IP ensures that packets are routed to the intended
recipient throughout the traceroute process.
- Differentiated Services: Uniform service class ensures consistent treatment of packets
across the network.
- Upper Layer Protocol: Maintaining ICMP as the upper layer protocol ensures that the
packets are correctly identified and processed as ICMP packets by network devices.
7. Describe the pattern you see in the values in the Identification field of the IP datagram.
The pattern is that the IP header Identification fields increment with each ICMP Echo (ping)
request.
8. What is the value in the Identification field and the TTL field?
Identification: 0x0f8e (3982)
TTL: 64
9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your
computer by the nearest (first hop) router? Why?
The identification field changes for all the ICMP TTL-exceeded replies because the
identification field is a unique value. When two or more IP datagrams have the same
identification value, then it means that these IP datagrams are fragments of a single large IP
datagram.
The TTL field remains unchanged because the TTL for the first hop router is
always the same.
10. Find the first ICMP Echo Request message that was sent by your computer after you changed
the Packet Size in pingplotter to be 2000. Has that message been fragmented across more
than one IP datagram? [Note: if you find your packet has not been fragmented, you should
download the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and
extract the ip ethereal-trace-1packet trace. If your computer has an Ethernet interface, a
packet size of 2000 should cause fragmentation.3]
Yes, this packet has been fragmented across more than one IP datagram
11. Print out the first fragment of the fragmented IP datagram. What information in the IP
header indicates that the datagram been fragmented? What information in the IP header
indicates whether this is the first fragment versus a latter fragment? How long is this IP
datagram?
The Flags bit for more fragments is set, indicating that the datagram has been fragmented.
Since the fragment offset is 0, we know that this is the first fragment. This first datagram has
a total length of 1500, including the header.
12. Print out the second fragment of the fragmented IP datagram. What information in the IP
header indicates that this is not the first datagram fragment? Are the more fragments? How
can you tell?
We can tell that this is not the first fragment, since the fragment offset is 1480. It is the last
fragment, since the more fragments flag is not set.
13. What fields change in the IP header between the first and second fragment? Now find the
first ICMP Echo Request message that was sent by your computer after you changed the
Packet Size in pingplotter to be 3500.
The IP header fields that changed between the fragments are: total length, flags, fragment
offset, and checksum.
14. How many fragments were created from the original datagram? After switching to 3500,
there are 3 packets created from the original datagram.
15. What fields change in the IP header among the fragments?
The IP header fields that changed between all of the packets are: fragment offset, and
checksum. Between the first two packets and the last packet, we see a change in total
length, and also in the flags. The first two packets have a total length of 1500, with the more
fragments bit set to 1, and the last packet has a total length of 540, with the more fragments
bit set to 0.
Conclusion:
In conclusion, this lab provided a comprehensive exploration of the Internet Protocol (IP), focusing
on the analysis of IP packet structure, network traffic capture and filtering, and investigation of IP
fragmentation and reassembly. Through the examination of traceroute-generated IP datagrams and
Wireshark packet analysis, we gained valuable insights into the functioning of key IP header fields
and the fragmentation process.
. The lab findings underscored the significance of consistent interpretation and processing of IP
packets by routers and destination hosts, emphasizing the necessity for certain fields to remain
constant.
Moreover, the analysis of IP fragmentation shed light on the process of breaking down large
datagrams into smaller fragments to accommodate link-layer protocol MTU constraints. Through the
examination of fragmented IP datagrams and their reassembly, we gained practical insights into how
routers and hosts handle fragmented packets in network communications.
All in all, this lab equipped us with valuable knowledge and practical skills essential for network
professionals in analysing and troubleshooting network issues. By mastering the intricacies of IP
packet structure, addressing, and fragmentation, we are better prepared to ensure efficient data
transmission and network performance in diverse and complex network environments.
References:
[1] Leon-Garcia, A., & Widjaja, I. (2003). Communication Networks: Fundamental Concepts and Key
Architectures (2nd ed.). McGraw-Hill Higher Education. ISBN-10: 007246352X, ISBN-13: 9780072463521.
[2] "Manager Engine." [Online]. Available: www.manageengine.com/network-monitoring/networkprotocols.html. [Accessed 10 July 2021].
[3] Kurose, J. F., & Ross, K. W. (2009). Wireshark Version 2.0 Lab Manual.
Related documents
Chapter 7
Chapter 7
Design Philosophy of the DARPA Internet Protocols
Design Philosophy of the DARPA Internet Protocols
CNT 4704: Homework 2 (Fall 2015)
CNT 4704: Homework 2 (Fall 2015)
Download
advertisement