Lab 4: Wireshark IPv8.

0 1

Lab4:
Wireshark: IP v8.0
Gayatri
0878834
Computer network and security
IT-6003-7B3-24/SP
Prof. Hoell
04/14/2024
Lab 4: Wireshark IPv8.0 2

1 Answer: The IP address of my computer is 192.168.1.102.

2 Answer: ICMP (0x01) is the value in the header's upper layer protocol field.

3 Answer: The IP datagram's payload consists of 36 bytes, with the IP header including 20 bytes
and the entire length being 56 bytes.

4 Answer: Since the fragment offset is set to 0, there hasn't been any fragmentation of the packet.
Lab 4: Wireshark IPv8.0 3

5 Answer: The header checksum, identification, and time to live are always changing.

6 Answer: The following fields are consistent throughout IP datagrams: • Version (because all
packets use IPv4)
• header length (as ICMP packets, these are)
• source IP (because the source from which we are sending is the same)
• destination IP (since it is the same destination to whom we are sending)
• Differentiated Services (every packet uses the same Type of Service class because they are all
ICMP).
• Upper Layer Protocol (ICMP packets, hence this)

The following fields need to remain unchanged: • Version (because all packets use IPv4)
• header length (as ICMP packets, these are)
• source IP (because the source from which we are sending is the same)
• destination IP (since it is the same destination to whom we are sending)
• Differentiated Services (every packet uses the same Type of Service class because they are all
ICMP).
• Upper Layer Protocol (ICMP packets, hence this)
The fields that need to be updated are:
• Identification (distinct IP packet identifiers are required)
• Time to live, which is increased with each new packet sent by traceroute
• Header checksum (checksum must change since header does)
Lab 4: Wireshark IPv8.0 4

7 Answer: Every strand of echo requests causes the identifying field to increase by one,
following a pattern.

8 Answer: Identification: 0x0951(2385)

TTL: 242

9 Answer: The identification field changes for all the ICMP TTL-exceeded replies because the
identification field is a unique value. When two or more IP datagrams have the same
identification value, then it means that these IP datagrams are fragments of a single large IP
datagram. The TTL field remains unchanged because the TTL for the first hop router is always
the same.

10 Answer: Yes, this packet has been fragmented across more than one IP datagram.
Lab 4: Wireshark IPv8.0 5

11 Answer: The Flags bit for more fragments is set, indicating that the datagram has been
fragmented. Since the fragment offset is 0, we know that this is the first fragment. This first
datagram has a total length of 1500, including the header.

12 Answer: The second fragment is obvious because it now has a fragment offset of 1480. There
are no more fragments because it no longer has a flag set for more fragments.

13 Answer: The IP header fields that changed between the fragments are:

1. total length.
2. flags.
3. fragment offset.
4. checksum.

14 Answer: After switching to 3500, there are 3 packets created from the original datagram.
Lab 4: Wireshark IPv8.0 6

15 Answer: The IP header fields that changed between all the packets are fragment offset, and
checksum. Between the first two packets and the last packet, we see a change in total length, and
in the flags. The first two packets have a total length of 1500, with the more fragments bit set to
1, and the last packet has a total length of 540, with the more fragments bit set to 0.