Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Understanding Internet Protocol (IPv4)
1. Instructor:Dr. Shaji Khan(shajikhan@umsl.eduor314-489-9733)
Page 1 of 5
INFSYS 3842/6836
Assignment 3 (Lab): Understanding Internet Protocol (IPv4) using Wireshark
Points Possible: 100
Due Date: November 14, 2016 by 11:59pm Central Time
IMPORTANT NOTE: THIS LAB MUST BE CARRIED OUT ON YOUR OWNCOMPUTER AND OWN
NETWORK. PLEASE DO NOT CAPTURE PACKETS ON A NETWORK THAT YOU DO NOT OWN.YOU’VE
BEEN WARNED!
Lab Overview:Buildingonourpreviouslabwhere we capturedsome HTTPtraffic butfocusedon
Ethernet,we will nowlookatthe InternetProtocol (IP).
Lab Purpose:
1) To continue learning the basicsof how touse Wiresharkto capture networktraffic(from
studentsowncomputersandownnetworks)
2) To learnaboutbasic “Capture Filters”available inWireshark
3) Understandthe syntax of IP datagram (packet) headers,itskeyfields,andsome concepts
specifictoIPv4.
TASK 1: (This task has 6 questions)
In thistaskyou will use Wiresharktocapture some HTTP trafficandcomplete the activitiesand
questionsasdescribedbelow.
I recommendyouwatchsome videosonYouTube oncapturingHTTP trafficusingWireshark.The
processisfairlysimplyasdemonstratedinclassbutfeel freetolearnmore.
Alsofamiliarize yourselfwiththe basicinterfaceof Wireshark(the menus,options, filtersetc.).Again,
plentyof videosare availableonline andthe Wiresharkwikiisgoodformore advancedusers.
STEPS:
1) Clearhistoryandtemporaryinternetfiles/cache fromyourbrowser. Note:If youhave torepeatthe
stepsbelow(e.g.,youwanttocapture againto make sure) thenClearbrowsercache againbefore
tryingstepsbelow.
LAB Question1: What interface are youusingto capture traffic (WiredEthernetLAN/Wireless/
Virtual?)? WirelessInterface
LAB Question2: Please identifythe browseryouusedinthe stepsbelow. UsedMozilla
CONTINUE:
2. Instructor:Dr. Shaji Khan(shajikhan@umsl.eduor314-489-9733)
Page 2 of 5
2) Close all browserwindows andotherapplications.OpenWireShark. Openabrowserwindow and
type in http://www.umsl.edu/~khanshaj/3842/basic_http.html.DONOTPress
Enter yet.
3) Go back to Wiresharkand Start a capture.
4) Go back to the browserwindowand now hitenterto visitthe page.
5) Once the page loads,returntoWiresharkand Stop the capture. Save the capture on your
computer. Call it “FirstName_LastName_Assignment3_Capture”.
6) Examine the packetscapturedandscroll to find“greencoloredrows”thatdenote “TCP”based
traffic.
7) FINDTHE PACKETthat belongstothe HTTP GET requestaskingforthe basic_http.htmlfile.
[Youmay be able to use the search packetsfeature “CTRL+F” but be sure that youare searchingfor
a “SRTING” as a displayfilter.Once located,rightclickonthatpacketand choose “Follow TCP
Stream”.Thisshouldremove all otherpacketsallowingyoutofocusonjust thisTCPsession.
Anotherwindowshowingthe HTTP requestsandresponsesshouldalsoopen.Youcanminimize it.
8) Withthe GET requestpacket selected(itshouldremain highlighted asshown above),please
complete the rest of this lab
3. Instructor:Dr. Shaji Khan(shajikhan@umsl.eduor314-489-9733)
Page 3 of 5
LAB Question3: Using the packetassociatedwiththe GET requestasmentionedabove,pleasecomplete the followingfieldsinthe IPv4
Datagram (a.k.a.packet) headerbelow. The ideahere is to learn about the differentfieldsandwhat theyaccomplish.NOTE: Althoughthe field
valuesare alwaysinbinary(asseeninthe bottommost sectionof yourcapture) please feelfree toprovide the valuesastheyappearinthe
MIDDLE part (i.e.eitherdecimal orhex asthe case maybe). Type inyourvaluesinthe “Grey”shadedareasimmediatelybeloweachfield.
[Hint: please visithttp://en.wikipedia.org/wiki/IPv4tolearn more about IP and look for the section“Packet Structure” to betterunderstand
what each of the fieldsbelowmean]
IP Version 4 Header
OffsetOctet 0 1 2 3
Octet Bit 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
0 0
Version
(4 bits)
IP Header
Length
(4 bits)
Differentiated Services
Code Point (6 bits)
ECN
(2 bits)
Total Length
(16 bits)
4 20 bytes Default (0) 0 336
4 32
Identification
(16 bits)
Flags
Fragment Offset
(13 bits)
R DF MF
13364 0 1 0 0
8 64
Time to Live
(8 bits)
Protocol
(8 bits)
Header Checksum
(16 bits)
128 TCP (6) 0x7a9b
12 96 Source IP Address (32 bits)
192.168.1.202
16 128 Destination IP Address (32 bits)
134.124.1.234
20 160 Options (if IP Header Length > 5)
DATA
(or PAYLOAD OF THE IP v4 Packet/Datagram)
[The type of “payload” i.e. upper layer protocol packet the IP datagram is carrying is specified in the Protocol field above. See
http://en.wikipedia.org/wiki/List_of_IP_protocol_numbers for a full list)
4. Instructor:Dr. Shaji Khan(shajikhan@umsl.eduor314-489-9733)
Page 4 of 5
LAB Question4: For each of the IPv4datagram headerfieldsyoucompletedabove,please briefly
describe itspurpose/meaning. Whenpossible,pleaseanswerthisquestionbothingeneralaswell asin
particularto the datagram youare currentlyexamining. Forexample, thecurrentvaluein the Protocol
field is 6 which denotesthatthisdatagramiscarrying a TCP segment.Thismakessenseas we are
looking at HTTP databeing sent in TCP segments which arebeing carried by IPv4 packetsenclosed in
EthernetFrames!.)
[Hint:A goodreadingof the above linkandunderstandingthe packetstructure will helpwith
thistask.The answersare givenonthe linkabove buttry to actuallyunderstandwhateachfield
does.]
Version: This is a 4-bit field that is the first header in an IP packet.
IHL: Also known as the Internet Header Length. This is the second header that is 4 bits which is
a number of 32-bit words in the header itself. This specifies the size of the header and obtains a
minimum value of 5 which indicates 20 bytes.
DSCP: Also known as Differentiated Services Code Point. This was defined as ToS (Type of
Service) but is now defined by RFC 2474 for differentiated services. This field uses real-time
data and an example of that is VoIP (Voice over IP).
ECN: Also known as Explicit Congestion Notification. ECN is defined by RFC 3168 and allows
to end to end notification of network congestion without dropping incoming packets. This is an
optional feature that is only used when both endpoints support it and are willing to use it. Only
effective when supported by an underlying network.
Total Length: This is a 16-bit field that defines the entire packet size, including the header and
data in bytes. Minimum-length packet is 20 bytes and maximum length is 65,535 bytes. This is
with a maximum value of a 16-bit word.
Identification: This field is primarily used for uniquely identifying the group of fragments of a
single IP datagram. Experimental work suggested using the field for purposes such as adding
packet-tracing information to help trace datagrams and with spoofed source address. However,
RFC 6864 now prohibits such use.
Flags: This field is a three-bit field that's used to control or identify fragments. It consists of bit 0
which is reserved and must be zero, bit 1 which is don’t fragment (DF), and bit 2 which is more
fragments (MF). Packets are dropped if the DF flag is set and fragmentation is required to route
the packet. The field can be used when sending packets to a host that does not have sufficient
resources to handle fragmentation.
Fragment Offset: This is measured in units of eight-byte blocks ad is 13 bits long which specifies
the offset of a particular fragment relative to the beginning of the original unfragmented IP
datagram. First fragment is always set to zero per an offset.
Time to Live: TTL is an eight-bit field that helps prevent datagrams from persisting on an
internet. It does limit the datagrams lifetime and is specified in second but in time intervals less
than 1 second are rounded up to 1.
Protocol: This defines the protocol version used in the data portion of the IP datagram. For
example, IPv4 or IPv6.
Header Checksum: This is used for error-checking of the header which is a 16-bit field. The
router calculates the checksum of the header and compares it to the checksum field. If these
two values do not match, then the router discards the packet. The data field must be handled by
the encapsulated protocol in the packet.
Source IP Address: This is the address of the sender that is sending a packet to the destination
IP address.
Destination IP Address: This is the address of the recipient receiving the packet in which the
sender is sending the packet to.
5. Instructor:Dr. Shaji Khan(shajikhan@umsl.eduor314-489-9733)
Page 5 of 5
LAB Question5:
a) What isthe MINIMUM size (inbytes/octets) of anIPv4packet’s header? 20 bytes
b) What isthe MAXIMUM size (inbytes/octets) of anIPv4packet’s header? 60 bytes
LAB Question6: IPv4 allowsforpacketfragmentation(whereasIPv6DOESNOTallow forpacket
fragmentation).Onthe IPv4page on WikipediareadaboutFragmentation andReassembly
(https://en.wikipedia.org/wiki/IPv4#Fragmentation_and_reassembly).Please brieflyexplainthe idea
behindIPfragmentation(whyitissometimesnecessary,whichdevice typically performsthisfunctionin
IPv4 networks,andwhat IP fragmentationis?).
IP fragmentationisnecessarytobe done at timesbecause companiesneedtoensure thatthey
are receivinggoodpacketsversusreceivingbadpacketsfromdevicesontheirlocal network.Anydevice
on the networkcan senda packetto anotheruserinthe network.The networkconsistsof several
devicesconnectedtoone router. Routersisthe device thatisusedtoperformfragmentation. The
routeris a layer3 device whichisthe networklevel.Fragmentationiswhenarouterreceivesapacket
and examinesthe destinationaddresstowhichitdeterminesthe outgoinginterfacetouse andthat
interfacesmaximumtransmissionunit.Fragmentationisdone whenthe sizeis largerthanthe maximum
transmissionunitandthe donot fragmentbitinthe packetsheaderiszero.In thiscase the router then
dividesthe packetintofragments.The receiverwill reassemblethe datafromfragmentswiththe same
ID usingboththe fragmentoffsetandthe more fragmentsflag.Thisiswhenthe more fragmentsflagis
setand the fragmentoffsetfieldisnonzero.The offsetsare usedtoputthe fragmentsback inthe
correct orderfrom whenthe packetwasfragmented.
LAB DELIVERABLES (to be uploadedto MyGateway):
1) UploadcompletedWorddocument (savedas “FirstName_LastName_Assignment3”)
2) Uploadthe Wiresharkcapture file
GETTING HELP:
1) Call (314-489-9733) / email (shajikhan@umsl.edu)me anytime.Feelfree towalk-intomyoffice
if you see me there orsetupappointment.Tutorsare alsoavailable (see MyGateway/Faculty
Informationforhours,orsimplywalkintocybersecuritylab,ESH204 duringlabhours).
2) Of course try to helpeachotherout.If some studentsare alreadyfamiliarwiththe taskslisted
above,Iencourage youto helpothers.“Teaching”andhelpingothersisbyfarthe bestway to
learn!