IT 501 Computer Networks Lab Deadline-19/08/2019

LAB Assignment 2

In this exercise you will familiarize yourself with Wireshark. Wireshark is a free open source
network protocol analyzer. It is used for network troubleshooting and communication pro-
tocol analysis. Wireshark captures network packets in real time and display them in human-
readable format.
• It is available to download using the URL http://www.wireshark.org/download.html un-
der the GNU General Public License.
• There is an excellent tutorial on wireshark ,URL: www.cs.wayne.edu/fengwei/16sp-csc5991/
labs/ lab1-instruction.pdf

Instructions:
• Besides answering all the questions you should hand in a screen shot of the Command Prompt window.

• Whenever possible, when answering a question below, you should hand in a printout of the packet(s) within the trace that
you used to answer the question asked.Along with this the values used from packet trace snapshot must be highlighted.
• Submission Deadline: 10:55 AM, Friday 19 August, 2019 (Hard Deadline)

Experiment 1: Using Wireshark request/response messages to understand basic HTTP, TCP, IP

• Start up the Wireshark software. To begin capture follow: Capture − > Option− > select Interface − > Start
• Start up your favorite web browser, connect to any of the intranet site (make sure you have bypassed proxy).
• Stop Wireshark packet capture by selecting stop in the Wireshark capture window.

By looking at the information in the HTTP GET and response messages, answer the following ques-
tions:
1. Is the client browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?

2. What languages (if any) does the client browser indicate that it can accept to the server?

3. What is the IP address and TCP port number of the computer running the browser? What is the IP address,TCP port
number and host name of the server?

4. What is the status code and phrase returned from the server to the client browser?

5. What kind of browser is the client using? What server software and operating system is the web server using?

6. When was the HTML file that the browser is retrieving last modified at the server? Does the response also contain a
DATE header? How are these two fields different?

7. Is the connection established between the browser and the server persistent or non- persistent? How can you infer this?

8. How many bytes of content are being returned to the browser?

9. What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client
computer and server? What is it in the segment that identifies the segment as a SYN segment?

10. What is the sequence number of the SYN/ACK segment sent by server to the client computer in reply to the SYN?

11. What is the minimum amount of available buffer space advertised at the received for the entire trace? Does the lack of
receiver buffer space ever throttle the sender?

12. Are there any retransmitted segments in the trace file? What did you check for (in the trace) in order to answer this
question?

13. What is the throughput (bytes transferred per unit time) for the TCP connection? Explain how you calculated this
value.
Experiment 2: Exercise on ICMP (ping program)
• Start up the Wireshark packet sniffer, and begin Wireshark packet capture.

• Open the Windows Command Prompt application.

• Ping to your friends machine for 10 times.
• When the Ping program terminates, stop the packet capture in Wireshark.

You should answer the following questions

1. What is the IP address of your host? What is the IP address of the destination host?

2. Why is it that an ICMP packet does not have source and destination port numbers?

3. Examine one of the ping request packets sent by your host. What are the ICMP type and code numbers? What other
fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?

4. Examine the corresponding ping reply packet. What are the ICMP type and code numbers? What other fields does this
ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?

Experiment 3: Generate TCP/UDP traffic logging to different web servers and online video portals. Capture all these
traffic using wireshark.

Calculate the following statistics from your traces while performing experiments at different time of the day and answer the
following:
1. Plot Throughput vs Time

2. Plot Packet size distribution

3. For any TCP stream plot the congestion window evolution with time, compare it with any other UDP stream.

4. Number of UDP & TCP packets, number of responses received with respect to one request sent.