Cover Page

Maryam aref yusuf 202100887 Section 3

Wireshark lab(Internet Protocol)

Experiment Number: 4

LAB – 2
WIRESHARK

Introduction: Name: Muneera Mohammed Almajed

In this laboratory experiment, ID:
we202100451
will utilize Wireshark and
PingPlotter to gain insights into datagrams. Our goal is to understand
Sec: 02
the concept of fragmentation and how a message is sent from the
sender to the receiver, along with the process of receiving it.
Tools:
1- WireShark 2- PingPlotter 5

Provide 3-screenshots showing the ping plotter traces after changing the
size to 56, 2000, and 3500 Bytes.

Size 56

Size 2000

Size 3000

 Procedure
1. Download and install PingPlotter and Wireshark tools.
2. Use PingPlotter to send packets to a target website.
3. Capture packets using Wireshark during the packet sending process.
4. Send sets of datagrams with different lengths (56 bytes, 2000 bytes, and 3500
bytes).
5. Pause both PingPlotter and Wireshark after sending each set of datagrams.
6. Analyze the sent packets in Wireshark, focusing on the Internet Protocol Version
section and observing changes in identi cation, TTL, ags, offset, and Header
checksum with different packet lengths.

Discussions
1) What is the IP address of your computer? [ans+screenshot]
My computer’s IP is:192.168.100.41

2) Within the IP packet header, what is the value in the upper layer protocol eld?
[ans+screenshot]
ICMP

fi

fl

fi
3) What is the value of the Offset? [ans+screenshot]
Offset value is: 0

4) How many bytes are in the IP header? How many bytes are in the payload of theIP
datagram? Explain how you determined the number of payload bytes.
[ans+screenshot]
Ans: Number of bytes in the IP header: 20
Number of bytes in the Payload: 36
Calculation of the payload length: 56 (total length) - 20 (Datagram header)

5) Has this IP datagram been fragmented? How do you know? [ans+screenshot]

Ans: Yes or No: No
How: The presence of a ag value of 000 in the packet indicates that the last bit is 0,
suggesting that there are no more packets to follow.

fl





 6) Which elds in the IP datagram always change from one datagram to the nextwithin
this series of ICMP messages sent by your computer?
The elds are: identi cation, Time to live(TTL) and Header checksum

7) Describe the pattern you see in the values in the Identi cation eld of the
IPdatagram.
The pattern observed is that the Identi cation eld in the IP header increases with
each ICMP Echo request.

8) What is the value in the Identi cation eld and the TTL eld? [ans+screenshot]
Identi cation: 0x0t2d(3885)
TTL:255

fi
fi

fi

fi

fi
fi
fi
fi

fi
fi
fi

 9) Do these values remain unchanged for all of the ICMP TTL-exceeded replies sentto
your computer by the nearest ( rst hop) router? Why?
Ans: No, The identi cation eld changes because it is assigned a unique value unless
the IP datagrams are fragmented, in which case multiple IP datagrams may have the
same identi cation value. On the other hand, the TTL eld remains constant as the TTL
for the rst hop router is consistently set to the same value

10) Find the rst ICMP Echo Request message that was sent by your computer after
you changed the Packet Size in pingplotter to be 2000. Has that message been
fragmented across more than one IP datagram? [ans+screenshot]
Yes, because the packet No.7 has the identi cation “0x101c” and the total length of
520. And in the packet No.6, it has the same identi cation which is “0x101c”and the
total length of 1500 This means the 2000 bytes has been fragmented into two packets
with same identi cation which is “0x101c”

fi
fi
fi
fi
fi
fi
fi

fi
fi
fi

 11) Place a screenshot of the rst fragment of the fragmented IP datagram. What
information in the IP header indicates that the datagram been fragmented? What
information in the IP header indicates whether this is the rst fragment versus a latter
fragment?How long is this IP datagram? [ans+screenshot]
Ans: Information indicates that this datagram is fragmented: in ag section, the last bit
is 1, which indicates that this byte is fragmented and there’s more packets incoming
from the same datagram
Information indicates that this is the rst fragment: fragment offset is 0
Length of this datagram: 1500 including the header

12) Place a screenshot of the second fragment of the fragmented IP datagram. What
information inthe IP header indicates that this is not the rst datagram fragment? Are
the more fragments? How can you tell? [ans+screenshot]
Ans: Information indicates that this is not the rst fragment:
fragment offset is 1480
Are there more fragments: no
How can you tell: third bit in ag “More fragment : not set” and it’s 0, which indicates it’s false,
so there’s no more fragments

fl

fi
fi
fi

fi
fi

fl

 13) What elds change in the IP header between the rst and second fragment?
Ans: elds: Total length, ags, fragment offset, and checksum.

14) How many fragments were created from the original datagram? [ans+screenshot]
Three,3
First =

Second=

Third=
fi

fi
fl
fi

15.How do you know that the fragments you found belong to the same original
datagram?
All of the packets with the same identi cation value of "0x87f5" are part of the same
datagram.

Conclusion
By observing the Maximum Segment Size (MSS), which is typically set to 1500, we
noticed a pattern. When we set the datagram size to 500, it utilized only one packet.
Similarly, for a datagram size of 2000, it used only two packets, and for a datagram
size of 3500, it used three packets.

fi