TELE 3118: Network Technologies: Lab 3 [5 points]
In this lab you will examine IP and ICMP packets. You will use
Wireshark to capture packets and study the fields. As preparation for
the lab, you are required to read the following two hand-outs prior to
your lab session:
In the lab, perform the following steps:
Now start Wireshark packet capture, and perform the following
- [0.5] First determine the following information about your PC
(for Windows use ipconfig /all and for Linux use
- Your PC's Ethernet MAC address,
- Your PC's IP address,
- IP of the default gateway for your PC: You can obtain this by
seeing the routing table on your PC using route -print on
Windows and /sbin/route on Linux,
- MAC address of default gateway of your PC: You can see this by
inspecting the ARP table using arp -a on Windows and
/sbin/arp on Linux.
Stop the packet capture, and answer the following questions based on
the captured packets:
- Ping the host gaia.cs.umass.edu.
- Perform a traceroute to gaia.cs.umass.edu for two different packet
sizes: 64 and 3500.
- Download the web-page http://www-net.cs.umass.edu/wireshark-labs/
Your answers have to be submitted on this
sheet to the lab instructor at the end of your lab session.
-  Examine the IP and Ethernet headers of the first captured
ICMP echo request packet. What are the source and destination IP
addresses, and what devices do these correspond to? What are the
source and destination MAC addresses in the Ethernet frame, and which
devices do these correpond to? Explain why the destination IP and MAC
addresses correspond to different devices.
-  Compare the following fields among the three kinds of packets:
ping packets, the traceroute packets, and the web-page download
packets: (a) version of IP, (b) size (in bytes) of the IP header, (c)
size (in bytes) of the entire IP datagram, (d) the value of the
upper-layer protocol field, (e) the TTL field.
- [0.5] Now look at the ICMP fields of the ping packets. What is the
type field in the echo request and in the corresponding echo reply?
Compare the identifier, sequence number, data, and checksum fields on
the echo request and reply packets - which of these fields match
between the request and reply, and which do not? Explain the
-  Using the captured trace of the 64 byte traceroute packets
sent by your PC, and the ICMP responses from the first three routers,
describe in brief the operation of traceroute for your specific
setting. Namely, specify the sequence of packets, and the relevant
fields, that illustrate how traceroute works.
-  Find a packet sent by your machine corresponding to the
traceroute with packet size 3500. Has this message been fragmented,
and how do you know? Determine the number of fragments, and describe
how these fragments can be put together by listing the appropriate
fields in the IP header.