计网实验IP and TCP Protocoal Analysis with WireShark

IP and TCP Protocoal Analysis with

WireShark

Learning Objectives

At completion of this lab, you will be able to:

1.Understand the IP protocol, IP fragmentation and re-assembly

2.Understand TCP 3-way handshake for connection setup and termination, as well as data

exchange

3.Understand ICMP protocol and how the ping program works

4.Understand how tracert (traceroute) program works

Report and Feedback on this lab

This lab should be done individually.

If you do not want to capture the live packets in this lab, you can download my data files for analysis (lab4.zip).

Answer all questions with supporting screenshots. Please also fill in the following feedback form and append it to the report. Your feedback is valuable to us so that we can improve this lab, and make the lab better.

For each task, please rate the following in the scale of 1 through 5:

∙T he degree of difficulty: 1 = too easy; 5 = too difficult

∙T he learning experience: 1 = learned nothing; 5 = learned a lot

∙Y our interest: 1 = no interest; 5= high interest

∙T ime used for the task: in minutes

Task Difficulty (1—5) Learning (1—5) Interest (1—5) Time ( min)

backgroun

d

Task 1

Task 2

Task 3

Your suggestion/comment:

Background

You need to read and answer the questions in this background part before the lab.

Read Lectures on IP and ICMP protocols. Read Lectures on TCP protocol.

Question 1: In IP header, there is a field called “protocol (type)”. What is it used for?

用来规范数据传输方法，使不同电脑之间可以通信

Question 2: How an ICMP message is transported (encapsulation)?

ICMP信息封装在IP报文当中。

Question 3: Which ICMP messages are used to implement the Ping program?

Echo request and echo response。Ping使用type 8 requests 和type 0 replies。Question 4: Use a figure to show the 3-way handshake to establish a connection in the TCP protocol.

第一次握手：主机A发送位码为syn＝1,随机产生seq number=1234567的数据包到服务器，主机B由SYN=1知道，A要求建立联机；第二次握手：主机B收到请求后要确认联机信息，向A发送ack number=(主机A的seq+1),syn=1,ack=1,随机产生

seq=7654321的包第三次握手：主机A收到后检查ack number是否正确，即第一次发送的

seq number+1,以及位码ack是否为1，若正确，主机A会再发送ack number=(主机B的seq+1),ack=1，主机B收到后确认seq值与ack=1则连接建立成功。完成三次握手，主机A 与主机B开始传送数据

Traceroute (tracert) is an important and useful utility tool for network testing and debugging. Read more on it and learn how to use it:

MS Windows tracert command,

/resources/documentation/windows/xp/all/proddocs/en-

us/tracert.mspx?mfr=true

Task 1 Study Windows tracert program and how to find a route

In MS Windows, tracert can be used to find a route from the source host, via routers, to destination host. This task is about how tracert works and how we can use it for. Follow the steps to start up the programs and capture the packets.

(1) Start up a command window

Click Start on the left corner of your desktop, and choose Run. Then type cmd to start up a DOS command window. In this window, you can also type command "tracert /?" to learn more on the command, or read more via the link above.

(2) Start up the WireShark program

Start up Wireshark and begin packet capture.