LAB 2

Q1. Select the first ICMP Echo Request message sent by your computer, and expand the
Internet Protocol part of the packet in the packet details window.What is the IP address of
your computer?
Ans: 172.16.1.138

Q2within the IP packet header, what is the value in the upper layer protocol field?
Ans: 1(ICMP)

Q3. How many bytes are in the IP header? How many bytes are in the payload of the IP
datagram? Explain how you determined the number of payload bytes.
Ans: There is 20 bytes in the IP header.There is 520 Payload bytes (total length
540 - the 20 header bytes = 520) as seen in below screenshot.

Q4. Has this IP datagram been fragmented? Explain how you determined whether or not
the datagram has been fragmented?

Ans:

Q5. Which fields in the IP datagram always change from one datagram to the next within
this series of ICMP messages sent by your computer?
Ans: Identification and Time to Live

Q6. Which fields stay constant? Which of the fields must stay constant? Which fields must
change? Why?
Ans:- • Version (IPv4 always used)
• Header length (doesn’t change since we are always using IPv4)
• Source IP (my computer’s IP address doesn’t change)
• Destination IP (destination IP address doesn’t change)
• Differentiated services (same protocol every time)
• Upper layer protocol (same protocol every time)
• Header checksum (verification disabled in my tests)
• Identification field is incrementing (each IP datagram has a different ID)
• Time to live is also incrementing

Q7 Describe the pattern you see in the values in the Identification field of the IP datagram?
Ans: They are incrementing.

Q8 what is the value in the Identification field and the TTL field?
Ans: Identification = 16025
TTL = 8

Q9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to
your computer by the nearest (first hop) router? Why?

Ans: In my case they do not change:

Q10. Find the first ICMP Echo Request message that was sent by your computer after you
changed the Packet Size in pin plotter to be 2000. Has that message been fragmented
across more than one IP datagram? [Note: if you find your packet has not been
fragmented, you should download the zip file http://gaia.cs.umass.edu/wireshark-
labs/wireshark-traces.zip and extract the ipethereal-trace-1packet trace. If your computer
has an Ethernet interface, a packet size of 2000 should cause fragmentation.3]
Ans: NA

Q11Print out the first fragment of the fragmented IP datagram. What information in the IP
header indicates that the datagram been fragmented? What information in the IP header
indicates whether this is the first fragment versus a latter fragment? How long is this IP
datagram?
Ans: No Fragmentation:

Q12 Print out the second fragment of the fragmented IP datagram. What information in the
IP header indicates that this is not the first datagram fragment? Are the more fragments?
How can you tell?
Ans: No Fragmentation:

Q13. What fields change in the IP header between the first and second fragment?
Ans: Total length, the more fragments bit, fragment offset would change in case
of fragmentation.

Q14. How many fragments were created from the original datagram?
Ans: No Fragmentation.

Q15. What fields change in the IP header among the fragments?

Ans: Total length, the more fragments bit, fragment offset would change in case
of fragmentation.

LAB 3
Q1. What is the IP address of your host? What is the IP address of the destination host?
Ans: IP of my Host: 172.16.1.138 and IP of Destination Host: 172.217.163.196
Q2. Why is it that an ICMP packet does not have source and destination port numbers?
Ans:The ICMP packet does not have source and destination port numbers
because it was designed to communicate network-layer information between
hosts and routers, not between application layer processes.

Q3. Examine one of the ping request packets sent by your host. What are the
ICMP type and code numbers? What other fields does this ICMP packet have?
How many bytes are the checksum, sequence number and identifier fields?
Ans: The ICMP type is 8, and the code number is 0. The ICMP packet also has
checksum, identifier, sequence number, and data fields.

Q4. Examine the corresponding ping reply packet. What are the ICMP type and code
numbers? What other fields does this ICMP packet have? How many bytes are the
checksum, sequence number and identifier fields?
Ans: The ICMP type is 0, and the code number is 0.The ICMP packet also has
checksum, identifier, sequence number, and data fields.
Q5. What is the IP address of your host? What is the IP address of the target destination
host?
Ans:IP of my Host: 172.16.1.138 and IP of Target Destination Host:
216.58.203.164

Q6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still
be 01 for the probe packets? If not, what would it be?
Ans: No, the number is 0x11.
Q7. Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping
query packets in the first half of this lab? If yes, how so?
Ans: They don’t have differences.
Q8. Examine the ICMP error packet in your screenshot. It has more fields than the ICMP
echo packet. What is included in those fields?
Ans: Difference in Extra Protocol Field.
Error:

No Error:

Q9. Examine the last three ICMP packets received by the source host. How are these
packets different from the ICMP error packets? Why are they different?
Ans: These Packets have message type 0 insteadof 11. They are different because
the former has no TTL expired while the latter is TTL expired.
Q10. Within the tracert measurements, is there a link whose delay is significantly longer
than others? Refer to the screenshot in Figure 4, is there a link whose delay is significantly
longer than others? On the basis of the router names, can you guess the location of the two
routers on the end of this link?
Ans: NA

LAB 4
Q1. Select one packet. From this packet, determine how many fields there are in the UDP
Header. (Do not look in the textbook! Answer these questions directly from what you
observe in the packet trace.) Name these fields.
Ans: The fields in the UDP Header are Source Port, Destination Port, Length and
Checksum.
Q2. From the packet content field determine the length(in bytes) of each of the UDP Header
Fields.
Ans: Each of the UDP Header Fields is 2 bytes long.

Q3. The value in the Length Field is the length of what? Verify your claim with your
captured of UDP packet.
Ans: The length field is the total length of user datagram header plus data as we
can see in the above image, “Payload Length” in IPv6 is equal to the “Length” in
UDP i.e. 55.
Q4. What is the maximum number of bytes that can be included in a UDP Payload.
Ans: Maximum bytes=65535 – 8 = 65527 bytes.

Q5. What is the largest possible source port number?

Ans: Largest possible port number = 2^16 -1 = 65535, as size of port address is
16bits.

Q6. What is the protocol number for UDP? Give your answer in both hexadecimal and
decimal notation.(To answer this question, you’ll need to look into the IP header.)
Ans: Protocol Number for UDP in decimal: 17
Protocol Number for UDP in hexadecimal : 0x11
Q7.Search “UDP” in Google and determine the fields over which the UDP checksum is
calculated.
Ans: The UDP checksum is calculated as the 16-bit one’s complement of the one’s
complement sum of a pseudo header of information from the IP header, the UDP
header, and the data. This is padded as needed with zero bytes at the end to
make a multiple of two bytes. If the checksum is computed to be 0, it must be set
to 0xFFFF.

Q8. Examine a pair of UDP packets in which the first packet is sent by your host and the
second packet is a reply to the first packet. Describe the relationship between the port
number in the two packets.
Ans: The source port of the UDP packet sent by the host is the same as the
destination port of the reply packet, and conversely the destination port of the
UDP packet sent by the host is the same as the source port of the reply packet.

Fig: UDP Sent by the host

Fig: UDP Reply by the Host