Wire
Shark Lab: IP
1.
Capturing packets from an execution of traceroute
Do the following:
• Start
up Wireshark and begin packet capture (Capture->Start)
and then press OK on the Wireshark
Packet Capture Options screen (we’ll not need to select any options here).
Atur Value Packet size menjadi 56 bytes. Edit > option
> engine
Mulai Capture , misal alamat riowenda.blogspot.com
Tampilan
Packet Size 56
In your trace, you should be able to see
the series of ICMP Echo Request (in the case of
windows machine) or the UDP segment (in
the case of Unix) sent by your computer and
the ICMP TTL-exceeded messages returned
to your computer by the intermediate routers. In
the questions below, we’ll assume you
are using a Windows machine; the corresponding
questions for the case of a Unix machine
should be clear. Whenever possible, when answering a
question below you should hand in a
printout of the packet(s) within the trace that you used to
answer the question asked. When you hand
in your assignment, annotate the output so that it’s
clear where in the output you’re getting
the information for your answer (e.g., for our classes,
we ask that students markup paper copies
with a pen, or annotate electronic copies with text
in a colored font).To print a packet,
use File->Print, choose Selected packet only, choose Packet
summary
line, and
select the minimum amount of packet detail that you need to answer the
question.
1. Select
the first ICMP Echo Request message sent by your computer, and expand the
Internet Protocol part of the packet in the packet details window. What is the
IP address of your computer?
Jawab
: alamat
ip computer saya 192.168.1.17
2. Within the IP packet header, what is
the value in the upper layer protocol field?
Jawab
:
Protocol:
ICMP
(1)
3.
How
many bytes are in the IP header? How many bytes are in the payload of the IP
datagram? Explain how you determined the number of payload bytes.
Jawab:
20 bytes are in the IP header
Ip header = 20 bytes
Payload = total length - header
56 – 20 = 36
Payload = 36
4. Has
this IP datagram been fragmented? Explain how you determined whether or not the
datagram has been fragmented.
Jawab
Tidak , fragment offset
Next,
sort the traced packets according to IP source address by clicking on the Source column header; a small downward
pointing arrow should appear next to the word Source. If the arrow points up, click on the Source column header again. Select the first ICMP Echo Request
message sent by your computer, and expand the Internet Protocol portion in the
“details of selected packet header” window. In the “listing of captured packets”
window, you should see all of the subsequent ICMP messages (perhaps with
additional interspersed packets sent by other protocols running on your
computer) below this first ICMP. Use the down arrow to move through the ICMP
messages sent by your computer.
5. Which
fields in the IP datagram always change from on datagram to the next within
this series of ICMP messages sent by your computer?
Jawab:
Frame,
Identification dan TTL
6. Which
fields says constant? Which of the fields must stay constant? Which fields must
change? Why?
Jawab:
Field yg konstan: Header length,
Protocol, Source dan Destination( jika pada alamat ip yg sama)
Field yg harus berubah : TTL karena waktu untuk terus atau menggunakan paket
atau data berbeda- beda
7. Describe the pattern you see in the
values in the Identification of the IP datagram.
Jawab:
TTL dan identification naik satu tiap
paket selanjutnya.
Next
(with the packets still sorted by source address) find the series of ICMP TTL
exceeded replies sent to your computer by the nearest (first hop) router.
8. What
is the value in the Identification field and the TTL field?
Jawab:
Identification: 0xe632 (58930)
TTL
: 254
9. Do
these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your
computer by the nearest (first hop) router? Why?
Jawab: Identifikasi
dan TTL berubah. Setelah ping kembali, TTL memberikan default 254 hop pertama
dan hop berikutnya mengubah nilai TTL
Pada Tahap soal berikut gunakan pingplotter , ganti value packet size menjadi 2000bytes, Kemudian
Capture wireshark terlebih dahulu , lalu di ikuti dengan trace pingplotter.
10. Find
the first ICMP Echo Request message that was sent by your computer after you
changed the Packet Size in pingplotter to be 2000. Has that message
been fragmented across more than one IP datagram?
Jawab: memiliki lebih dari satu datagram IP
11. Print
out the first fragment of the fragmented IP datagram. What information in the
IP header indicates that the datagram been fragmented? What information in the
IP header indicates whether this is the first fragment versus a latter fragment?
How long is this IP datagram?
Jawab:
jumlah Fragment: 2, Total 1980 bytes
Frame: 1, payload: 0-1479 (1480 bytes)
Frame: 2, payload: 1480-1979 (500 bytes)
12. Print out the second fragment of the fragmented IP
datagram. What information in the IP header indicates that this is not the
first datagram fragment? Are the more
fragments? How can you tell?
Jawab : Kita bisa tahu bahwa ini bukan fragmen
pertama, karena offset fragmennya 1480. Ini adalah fragmen terakhir, karena
lebih banyak fragmen bendera tidak ditentukan.
13. What fields change in the IP header between the first
and second fragment?
Jawab :
Field header IP yang berubah antar fragmen adalah : total length, Flags,
Fragment offset, dan checksum
4.
Now
find the first ICMP Echo Request message that was sent by your computer after
you changed the Packet Size in pingplotter to be 3500.
Pada tahap soal ini ganti value packet size menjadi 3500
14. How
many fragments were created from the original datagram? Jawab:
Jumlah
Fragment : 3, Total 3480 bytes
1) Frame: 1, payload: 0-1479 (1480
bytes)
2) Frame: 2, payload: 1480-1979 (1480
bytes)
3) Frame: 3, payload: 2960-3479 (520
bytes)
Jawab: Identification
and fragment offset changed