Wireshark Lab: ICMP v8.0 Supplement to Computer Networking:A Top-Down Approach,8h ed..J.F.Kurose and K.W.Ross COMPUTER NETWORKING 2005-2020.J.F Kurose and K.W.Ross,All Rights Reserved In this lab,we'll explore several aspects of the ICMP protocol: ICMP messages generating by the Ping program; .ICMP messages generated by the Traceroute program the format and contents of an ICMP message ncouraged to re iew the ICMP material in section5.6 of the tex We present this r the ows operating system.However,it is straightforward to translate the lab to a Unix or Linux environment 1.ICMP and Ping ackets You may recall that the Ping progra tworkadmin G. fa ost is live g progra he host sen a pack t to the target IP dd arg ing pros ram in the arget a pa guesed ().both packets are ICMP packets Do the following? nforences to figures and sectionk w Ross.Addison-Wesley/Pearson.2020 op-down ose a ison-Wesley/Pears e把吸 The traces in thiszip file were collected by Wireshark runningon one of the author's computers.while erforming the ste eps indicated in the Wireshark lab.Once you have downloaded the e,you can lo cting the
Wireshark Lab: ICMP v8.0 Supplement to Computer Networking: A Top-Down Approach, 8th ed., J.F. Kurose and K.W. Ross “Tell me and I forget. Show me and I remember. Involve me and I understand.” Chinese proverb © 2005-2020, J.F Kurose and K.W. Ross, All Rights Reserved In this lab, we’ll explore several aspects of the ICMP protocol: • ICMP messages generating by the Ping program; • ICMP messages generated by the Traceroute program; • the format and contents of an ICMP message. Before attacking this lab, you’re encouraged to review the ICMP material in section 5.6 of the text1 . We present this lab in the context of the Microsoft Windows operating system. However, it is straightforward to translate the lab to a Unix or Linux environment. 1. ICMP and Ping Let’s begin our ICMP adventure by capturing the packets generated by the Ping program. You may recall that the Ping program is simple tool that allows anyone (for example, a network administrator) to verify if a host is live or not. The Ping program in the source host sends a packet to the target IP address; if the target is live, the Ping program in the target host responds by sending a packet back to the source host. As you might have guessed (given that this lab is about ICMP), both of these Ping packets are ICMP packets. Do the following2 : 1 References to figures and sections are for the 8h edition of our text, Computer Networks, A Top-down Approach, 8th ed., J.F. Kurose and K.W. Ross, Addison-Wesley/Pearson, 2020. 2 If you are unable to run Wireshark live on a computer, you can download the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract the file ICMP-ethereal-trace-1. The traces in this zip file were collected by Wireshark running on one of the author’s computers, while performing the steps indicated in the Wireshark lab. Once you have downloaded the trace, you can load it into Wireshark and view the trace using the File pull down menu, choosing Open, and then selecting the ICMP-ethereal-trace-1 trace file. You can then use this trace file to answer the questions below
Let's begin this adventure by opening the Windows Command Prompt application (which can be found in your Accessories folder). Start up the Wireshark packet sniffer,and begin Wireshark packet capture The ping co in c:\wir syster so type eithe hostnam 品e MS-Ds nout duotation marks), continent.Ifyou're outsid of Asia,you may want to enter www.ust Web server at Hong Kong University of Science and Technology.The argument -n/0 indicates that 10 ping messages should be sent.Then run the Ping program by typing return. When the Ping program terminates,stop the packet capture in Wireshark At the end of the experiment,your Command Prompt Window should look something like Figure 1.In this example,the source ping program is in Massachusetts and the destination Ping program is in Hong Kong.From this window we see that the source ping ery packets and received 10 responses note also that for each calculates the round-trip time (RT).which for the 10 packets is on average 375 msec Command Prompt .▣x C:\WINDOWS\SYSTEM32>ping -n 10 www.ust.hk Pinging www.ust.hk [143.89.14.34]with 32 bytes of data: =3 ing statistics for 143.89.14.34: 8:9c6109s). =375ms Figure 1 Command Prompt window after entering Ping command. Figure 2 provides a screenshot of the Wireshark output,after"icmp"has been entered into the filter display window.Note that the packet listing shows 20 packets:the 10 Ping queries sent by the source and the 10 Ping responses received by the source.Also note that the source's IP address is a private address(behind a NAT)of the form 192.168/12: the destination's IP address is that of the Web server at HKUST.Now let's zoom in on the first packet(sent by the client).in the figure below,the packet contents area provides
• Let’s begin this adventure by opening the Windows Command Prompt application (which can be found in your Accessories folder). • Start up the Wireshark packet sniffer, and begin Wireshark packet capture. • The ping command is in c:\windows\system32, so type either “ping –n 10 hostname” or “c:\windows\system32\ping –n 10 hostname” in the MS-DOS command line (without quotation marks), where hostname is a host on another continent. If you’re outside of Asia, you may want to enter www.ust.hk for the Web server at Hong Kong University of Science and Technology. The argument “-n 10” indicates that 10 ping messages should be sent. Then run the Ping program by typing return. • When the Ping program terminates, stop the packet capture in Wireshark. At the end of the experiment, your Command Prompt Window should look something like Figure 1. In this example, the source ping program is in Massachusetts and the destination Ping program is in Hong Kong. From this window we see that the source ping program sent 10 query packets and received 10 responses. Note also that for each response, the source calculates the round-trip time (RTT), which for the 10 packets is on average 375 msec. Figure 1 Command Prompt window after entering Ping command. Figure 2 provides a screenshot of the Wireshark output, after “icmp” has been entered into the filter display window. Note that the packet listing shows 20 packets: the 10 Ping queries sent by the source and the 10 Ping responses received by the source. Also note that the source’s IP address is a private address (behind a NAT) of the form 192.168/12; the destination’s IP address is that of the Web server at HKUST. Now let’s zoom in on the first packet (sent by the client); in the figure below, the packet contents area provides
information about this packet.We see that the IP datagram within this packet has protocol number 01,which is the protocol number for ICMP.This means that the payload of the IP datagram is an ICMP packet. ▣X 服制解o☑×B回中中。苍&目目。Q。 Exvresson...Cleer Accly 192.168.110 143.89.1 net ))) Field:x (DP:Default:ECN:x0 a Internet Control Message Protocol ntamtConbdMessgePotocd0empl.40bntes 220:20M0 Figure 2 Wireshark output for Ping program with Internet Protocol expanded. Figure 3 focuses on the same ICMP but has expanded the ICMP protocol information in the packet contents window.Observe that this ICMP packet is of Type 8 and Code 0-a so-called ICMP"echo request"packet.(See Figure 5.19 of text.)Also note that this ICMP packet contains a checksum,an identifier,and a sequence number
information about this packet. We see that the IP datagram within this packet has protocol number 01, which is the protocol number for ICMP. This means that the payload of the IP datagram is an ICMP packet. Figure 2 Wireshark output for Ping program with Internet Protocol expanded. Figure 3 focuses on the same ICMP but has expanded the ICMP protocol information in the packet contents window. Observe that this ICMP packet is of Type 8 and Code 0 - a so-called ICMP “echo request” packet. (See Figure 5.19 of text.) Also note that this ICMP packet contains a checksum, an identifier, and a sequence number
国女ace-1-Wireshark 后回X 889股出阳总8的指wR四 et Control Messa Protocol (bte P:22D20M0 Figure 3 Wireshark capture of ping packet with ICMP packet expanded. What to Hand In: You should hand in a screen shot of the Command Prompt window similar to Figure 1 above.Whenever possible,when answering a question below,you should hand in a printout of the packet(s)within the trace that you used to answer the question asked. Annotate the printout3 to explain your answer.To print a packet,use File->Print,choose Selected packet only,choose Packet summary line,and select the minimum amount of packet detail that you need to answer the question. You should answer the following questions: 3 What do we ean by"ann e highlight where in the p you've found the ans Ifyou hnd ineecey
Figure 3 Wireshark capture of ping packet with ICMP packet expanded. What to Hand In: You should hand in a screen shot of the Command Prompt window similar to Figure 1 above. Whenever possible, when answering a question below, you should hand in a printout of the packet(s) within the trace that you used to answer the question asked. Annotate the printout3 to explain your answer. To print a packet, use File->Print, choose Selected packet only, choose Packet summary line, and select the minimum amount of packet detail that you need to answer the question. You should answer the following questions: 3 What do we mean by “annotate”? If you hand in a paper copy, please highlight where in the printout you’ve found the answer and add some text (preferably with a colored pen) noting what you found in what you ‘ve highlight. If you hand in an electronic copy, it would be great if you could also highlight and annotate
1.What is the IP address of your host?What is the IP address of the destination host? 2.Why is it that an ICMP packet does not have source and destination port numbers? 3.Examine one of the ping request packets sent by your host.What are the ICMP type and code numbers?What other fields does this ICMP packet have?How many bytes are the checksum,sequence number and identifier fields? 4.Examine the corresponding ping reply packet.What are the ICMP type and code numbers?What other fields does this ICMP packet have?How many bytes are the checksum,sequence number and identifier fields? 2.ICMP and Traceroute Let's now continue our ICMP adventure by capturing the packets generated by the Traceroute program.You may recall that the Traceroute program can be used to figure out the path a packet takes from source to destination.Traceroute is discussed in Section 1 4 and in section 5 6 of the text Traceroute is implemented in different ways in Unix/Linux/MacOS and in Windows.In Unix/Linux.the source sends a series of UDP packets to the target destination using an unlikely destination port number:in Windows.the source sends a series of ICMP packets to the target destination.For both operating systems,the pr nsends the first packet with TTL=I.the acket with TTl= nd so on re all that a r crem a packet's TTL vale as the packet gh the ute ith TT=1 the n ICMP a packer in the 10 t back to ourc we'll use the native ert program A sha ware much nic d pingplotte Ve'll use pingp ality tha we ll need since it provides ac adion32 Do the following Let's begin by opening the Windows Command Prompt application(which can be found in your accessories folder) Start up the Wireshark packet sniffer,and begin Wireshark packet capture The and is n32g0 typ her“ 32 he Ms-DOS nd line (w ithout quotation marks).where hostname is ah t on and th er continent nable The traces in this zip file were collected by Wireshark running on one of the author's computers.while erforming the st eps indicated in the Wireshark la Once you have downlo ded the e,you can lo ICMP-ererce-ace file You can ther se this trace file to er the aues tions below cting the
1. What is the IP address of your host? What is the IP address of the destination host? 2. Why is it that an ICMP packet does not have source and destination port numbers? 3. Examine one of the ping request packets sent by your host. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields? 4. Examine the corresponding ping reply packet. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields? 2. ICMP and Traceroute Let’s now continue our ICMP adventure by capturing the packets generated by the Traceroute program. You may recall that the Traceroute program can be used to figure out the path a packet takes from source to destination. Traceroute is discussed in Section 1.4 and in Section 5.6 of the text. Traceroute is implemented in different ways in Unix/Linux/MacOS and in Windows. In Unix/Linux, the source sends a series of UDP packets to the target destination using an unlikely destination port number; in Windows, the source sends a series of ICMP packets to the target destination. For both operating systems, the program sends the first packet with TTL=1, the second packet with TTL=2, and so on. Recall that a router will decrement a packet’s TTL value as the packet passes through the router. When a packet arrives at a router with TTL=1, the router sends an ICMP error packet back to the source. In the following, we’ll use the native Windows tracert program. A shareware version of a much nice Windows Traceroute program is pingplotter (www.pingplotter.com). We’ll use pingplotter in our Wireshark IP lab since it provides additional functionality that we’ll need there. Do the following4 : • Let’s begin by opening the Windows Command Prompt application (which can be found in your Accessories folder). • Start up the Wireshark packet sniffer, and begin Wireshark packet capture. • The tracert command is in c:\windows\system32, so type either “tracert hostname” or “c:\windows\system32\tracert hostname” in the MS-DOS command line (without quotation marks), where hostname is a host on another continent. 4 If you are unable to run Wireshark live on a computer, you can download the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract the file ICMP-ethereal-trace-2. The traces in this zip file were collected by Wireshark running on one of the author’s computers, while performing the steps indicated in the Wireshark lab. Once you have downloaded the trace, you can load it into Wireshark and view the trace using the File pull down menu, choosing Open, and then selecting the ICMP-ethereal-trace-2 trace file. You can then use this trace file to answer the questions below