Week 8: Network Layer – IPv4 and

ICMP Protocols
Objectives
1. Capture and study ICMP header.
2. Modify ICMP payload size.
3. Capture and study IPv4 header.
4. Identify network route to destination.

Hardware and Software Requirements

1. A personal computer with Windows 10 operating system.
2. Ethernet switch.
3. Ethernet Network cables – UTP.
4. Wireshark Network Analyzer.
5. TCP and UDP Wireshark traces.

Network Parameters
Below are the network parameters that should be configured in your computer:

IP Address: 172.16.71.x (where x is the computer number)

Subnet Mask: 255.255.0.0
Default Gateway: {keep blank}
Preferred DNS: {keep blank}
Alternate DNS: {keep blank}

Notes for Lab Handout

1. In every step of the lab experiment, include the procedure or command used, the
output result, proof about the output, as well as the interpretation and conclusion.
2. The proof can be a screen shot of the output recorded using a snipping tool, if
applicable.
3. Include notes about the lab experiment in your lab work before submission.

Page 1 of 8
Student Notes (3 points)
Take useful and meaningful notes while the instructor is explaining the lab as well as
important points acquired during your lab work and report them down. Each note out of
0.3 point.

1. Two types of lights: Laser, infra-red

2. ICMP is the upper part of the network layer

3. ICMP is responsible for generating payload

4. Payload does not include user information

5. Checksum is used for privacy

6. Payload = total length - IHL

7. Forwarding from 1 route to another will cost 1 TTL

8. As users, we cann determine ttl value

9. IP header length = 20

10. Be stands for Big endian

Page 2 of 8
Student Lab Work (10 points)
1. Start a network traffic capture using Wireshark and then ping any classmate’s PC to
generate ICMP packets. Apply a display filter to display ICMP packets only.

a. Based on the captured Wireshark trace, answer the following:

i. How many types of ICMP packets did you record? (Give number)

Answer. (0.2 point)

2

ii. Indicate the recorded types, in the ICMP packets. (Give type name)

Answer. (0.2 point)

1. request
2. replay

iii. Open the ICMP header of each ICMP packet type and then report the
name and size of each ICMP header field.

Answer for each ICMP packet type. (1 point)

Name: 74 Echo (ping) request; Type = 1 byte; Code = 1 byte;
Checksum = 2 bytes; Identifier = 2 bytes; Sequence number = 2 bytes
Data 32 bytes

74 Echo (ping) replay; Type = 1 byte; Code = 1 byte;

Checksum = 2 bytes; Identifier = 2 bytes; Sequence number = 2 bytes
Data 32 bytes

iv. What is the ICMP header length of each ICMP packet type?

Answer for each ICMP packet type. (0.2 point)

Echo Request type header length = 40 bytes
Echo Replay type header length = 40 bytes

Explain how you calculated the ICMP header length. (0.2 point)
By sum up all header fields length: Type, Code, Checksum, Identifier,
Sequence number

v. What is the default ICMP payload size of each ICMP packet type?

Answer for each ICMP packet type. (0.4 point)

For request type, payload size = 32 bytes
For replay type, payload size = 32 bytes

Page 3 of 8
 vi. What is inside the payload of each ICMP packet type?

Answer for each ICMP packet type. (0.4 point)

Random Text generated by ICMP protocol just to test the length of the
load size

vii. What is the total ICMP packet size of each ICMP packet type?

Answer for each ICMP packet type. (0.4 point)

For request type, packet size = 74 bytes

For replay type, packet size = 74 bytes

b. What command allows an ICMP packet sent to your classmate’s computer to

have its payload size increase to 512 Bytes?

Answer. (0.2 point)

ping -l 512 172.16.71.20

What becomes the size of the total ICMP packet?

Answer. (0.3 point)

554

c. Capture the ICMP traffic to two different computers simultaneously, using

ping command from different command prompt windows, and then answer
the questions below:

i. How does the ICMP Echo reply relate to the ICMP Echo request?

Explain with proof. (0.3 point)

Based on the sequence number, if the sequence
Is the same, then this indicates that they are related

ii. What is the relationship among the increment of the sequence number
fields and destination computers?

Explain with proof. (0.3 point)

The sequence number should increase by 1 after each request/replay
but since there is two requests interaction with each other, the
Page 4 of 8
 sequence number will increase by 2 in this case, since the other
destination had used the previous +1 sequence number .

iii. What is the value inside the field Identifier? Does it change?

Explain with proof. (0.3 point)

For request: Identifier in big endian = 0x0001 = 1
And Identifier in little endian = 0x0100 = 256

For replay: Identifier in big endian = 0x0001 = 1

And Identifier in little endian = 0x0100 = 256

2. Open the IPv4 packet header of any captured ICMP packet:

a. What is the minimum length of the IPv4 header?

Answer. (0.2 point)

20

Explain your answer with details. (0.3 point)

When you count all the header fields, it will = 20

b. Using the “traceroute” Wireshark trace, answer the following questions:

i. What is the type of the returned ICMP packet following an ICMP Echo
request with TTL equal to 1?

Page 5 of 8
 Answer. (0.5 point)

Time-to-live exceeded

ii. What is the source IPv4 address of the above ICMP packet?

Answer. (0.2 point)

Source Address: 172.16.0.253

Why the above ICMP packet was generated. Explain with details (0.3
point)
When the packet with ttl = 1 has to move to the next router, it was
decreased by ONE and the packet arrived with ttl = 0 which in this case an error
has to be sent to the source indicating that the ttl = 0

iii. Repeat answering the above two steps each time the TTL value increments
by 1.

Answer. (1 point)
Pc4: Source IPv4: 10.254.22.1
ttl = 2 => R1 (ttl = 1) => R2 (ttl = 0)  return Time-to-live exceeded
Pc6: Source IPv4: 10.22.255.253
Ttl = 3 => R1(ttl = 2) => R2 (ttl = 1) => R3 (ttl = 0)  return Time-to-live
exceeded
Pc8 Source IPv4: 192.168.140.20
Ttl = 4 => R1(Ttl = 3) => R2(ttl = 2) => R3 (ttl = 1) => R4 (ttl = 0) 
return Time-to-live exceeded
Pe10 Source IPv4:10.142.24.10
Ttl = 5 =>R1(Ttl = 4) => R2(Ttl = 3) => R3(ttl = 2) => R4 (ttl = 1) => R5
(return replay)

iv. What ICMP packet type indicates the end of TTL increment?

Answer. (0.5 point)

v. What does the received ICMP packet type in (iv) indicate?

Answer. (0.5 point)

It means, it has packet cannot transferred at the given time

c. Find out the code, in hexadecimal, used by the IPv4 protocol to identify:
Page 6 of 8
 i. ICMP protocol.

Answer. (0.1 point)

0x01

Explain with proof. (0.6 point)

IPv4 got ICMP connections traffic

ii. Find out the code, in hexadecimal, used by the IPv4 protocol to
identify the TCP protocol. Show the proof of your answer.

Answer. (0.1 point)

0x06

Explain with proof. (0.6 point)

IPv4 got TCP connections traffic

iii. Find out the code, in hexadecimal, used by the IPv4 protocol to
identify the UDP protocol. Show the proof of your answer.

Answer. (0.1 point)

0x11

Explain with proof. (0.6 point)

IPv4 got UDP connections traffic

Page 7 of 8
Page 8 of 8