Computer Networking _Project

Annual Report FY [Year] [Add a quote here from one of your company executives or use this space for a brief summary of the document content.]

Computer Networks IT210

 

Name: ### Name: ### Name: ###   ID: ### ID: ### ID: ###   CRN: ### CRN: ### CRN: ###

Instructions:

·       You must submit two separate copies (one Word file and one PDF file) using the Assignment Template on Blackboard via the allocated folder. These files must not be in compressed format. ·       It is your responsibility to check and make sure that you have uploaded both the correct files. ·       Zero mark will be given if you try to bypass the SafeAssign (e.g. misspell words, remove spaces between words, hide characters, use different character sets or languages other than English or any kind of manipulation). ·       Email submission will not be accepted. ·       You are advised to make your work clear and well-presented. This includes filling your information on the cover page. ·       You must use this template, failing which will result in zero mark. ·       You MUST show all your work, and text must not be converted into an image, unless specified otherwise by the question. ·       Late submission will result in ZERO mark. ·       The work should be your own, copying from students or other resources will result in ZERO mark. ·       Use Times New Roman font for all your answers.

 

10 Marks

Learning Outcome(s): CLO2:Outline the physical layer & associated hardware and software integration. CLO3:Recognize the layered approach for networking. CLO4: Analyze & design Local and Wide Area Networks. CLO5:Illustrate network protocols including Transport Control Protocol / Internet Protocol. CLO6:Demonstrate protocol configuration, network-addressing schemes and analyze packet transmission.

Project

     I.        Project objective:

In phase l of IT210 project, you searched about packet sniffers, how they work, and their importance in understanding internet routing. You learned that a packet sniffer is a piece of software that runs in parallel with the application whose packets needed to be analyzed, such as a browser. Using a packet sniffer, we can capture and analyze the packets at four layers: application, transport, network, and data-link.

The purpose of phase ll of IT210 project, is to get an in-depth knowledge of the networking concepts and protocols by using a packet-sniffer software that captures and analyzes the packets sent and received from our host.

   II.        Tools

A packet-sniffer software is needed to complete this project. For illustration purposes, a packet-sniffer software called Wireshark is used. For more information on Wireshark, please see the attached file (Wireshark Manual). Feel free to use any software you are comfortable with as long as it provides the same needed information to answer the project questions. Keep in mind that all your answers must be based on the packets you captured on your host, and that you must provide screenshots of them.

 

  III.        Project Description:

Read the following instructions. Then, answer all the questions in text format and support each answer with a screenshot of the supporting captured information.

Instructions	Questions
1.      Open your browser and clean cash history, but do not access any website yet. 2.      Open your packet sniffer software (for instance, Wireshark) and start capturing. 3.      Go back to your browser, access the following web site: http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html 4.      After the page is fully loaded and opened at your browser, go back to Wireshark and stop capturing. 5.      Answer question 1.	Q1. List 3 different protocols that appear in the protocol column in the unfiltered packet-listing window.
6.      Use the filter box to filter out all frames except if the source or the sink protocol is http. 7.      Using the first frame with the source protocol http, answer the following question from 2 to 5:	Q2. What is the source and the destination IP addresses of the network-layer header in the frame? Is the frame an outgoing or an incoming frame?
	Q3. What is the total number of bytes in the whole frame?
	Q4. What is the number of bytes in the following: – The Ethernet header (data-link layer header)? – The IP header? – The TCP header? – The message (at the application layer)?
	Q5: Calculate the total number bytes of the Ethernet header, IP header, TCP header and the message. Is the total of them equal to the total number of bytes in the whole frame?
8.      In the filter field of the Wireshark window type arp, and click enter. 9.      From the packet list window, select the first ARP request packet. 10.  From the packet detail pane, select the Address Resolution Protocol. Then answer the questions 6 and 10.	Q6. What is the hardware type and the protocol type?
	Q7. What is the value of the operation field. What is the meaning of this field?
	Q8: what is hexadecimal values for the source and destination address in the Ethernet frame containing the ARP request message?
	Q9: What is the type of the destination in the Ethernet frame containing the ARP request message (unicast, multicast, broadcast)?
	Q10: Checking the packet byte pane, you will notice that the ARP request is followed by zero-bytes. How many 0s are there? Explain the reason for the existence of these 0s.

 

 IV.        Marking Criteria

 

Question	Answer in text format	support the answer with screenshot/s	total
Q1.	0.25	0.25	0.5
Q2.	0.25	0.25	0.5
Q3.	0.25	0.25	0.5
Q4:	0.25	0.25	0.5
Q5:	0.25	0.25	0.5
Q6.	0.25	0.25	0.5
Q7:	0.25	0.25	0.5
Q8:	0.25	0.25	0.5
Q9:	0.25	0.25	0.5
Q10:	0.25	0.25	0.5
Final Grade			5

 

 

 

Important Notes:

The number of students in each group: Same as Phase I  

IT210_Project document:

1. The student must use the same file(IT210_Project_Phase_II.docx) to prepare his/her answer.
2. Prepare and upload both (PDF and DOC) version of this file.
3. Attach each answer with a screenshot of the necessary information that support your answer.

 

 

 

Answer

Note: Below is a sample answer to guide you on how to answer the questions properly and provide all information and evidence needed. Please note that your answer will be different because the addresses will definitely be different.

 

Q2 Sample Answer:

Using the first frame from the list of the captured frames with the source protocol HTTP, we can see in figure 1 in the packet list window the source and destination IP addresses of the network-layer header in the frame as follow:

-The source address of the first frame is: 192.168.100.51,

-The destination address of the first frame is: 128.119.245.12

Checking my network properties in figure 2, we can see that my host IP address is: 192.168.100.51, which matched the source address in the frame. Therefore, the first frame is an outgoing frame.

Figure 1

Figure 2

  

 

Wireshark Manual

 

• What is Wireshark?

. A packet-sniffer software has normally two components: a packet-capturer and a packet-analyzer. The packet-capturer captures a copy of all outgoing and incoming frames (at the data-link layer). In an outgoing situation, a packet created at any upper-layer is encapsulated in a frame (at the data-link layer); in an incoming situation, a packet intended for any layer is decapsulated from the received frame. This means we need to capture only outgoing or incoming frames. The captured frames are then passed to the packet-analyzer. The packet analyzer can then extract different headers and the ultimate message for analysis.

 

Wireshark is a packet-sniffer software. It is a great educational tool for computer-network students who can use it to see details of protocol operations in real time. It captures packets from a network interface and displays them with detailed protocol information. It is available for Windows, Mac, Unix, Linux, and Solaris operating systems.

 

 

• To download the Wireshark software

https://www.wireshark.org/download.html

 

• Working with Wireshark

The Wireshark window is made of seven sections as shown in (Figure 1): Title Bar, Menu Bar, Filter Bar, Packet list, Packet Detail, Packet byte, and Status Bar. We briefly discuss the functionality of each section below:

Figure 1: Wireshark window

Section	Functionality
Title Bar	Shows the title of the window, the closing, maximizing, and minimizing icons.
Menu Bar	Is made of several standard pulldown menus. Of interest to us now are the File, Capture and View menus: ·         The File menu is used to perform some actions on the file itself such as save captured packets data or open a file containing previously captured packet data. ·         The Capture menu is used to start and capturing packets. The View menu is useful to show or hide some of the sections in the window.
Packet List	This window list all the captured frames that will be passed for analyzing to the packet analyzer. It displays a one-line summary for each captured packet. The summary includes: 1.      The packet number (assigned by the Wireshark and not part of the packet). 2.      The time at which the packet was captured. 3.      The source and destination IP addresses of the packet (at the network layer). 4.      The packet source or sink protocol. This field lists the highest level protocol that sent or received this packet, i.e., the protocol that is the source or ultimate sink for this packet (final destination protocol) 5.      Additional information about the packet contents. Sorting packets: The packet can be sorted according to any of these categories by clicking on a column name. Selecting a packet: Clicking on a packet in this window will highlights the packet and shows its details in the packet detail window below.
Packet Detail	It provides a detailed analysis for the selected packet. The information is limited to the selected packet, which means we need to select one of the packets in the packet list (above) to see its details. Information exhibited in this window for each packet is made of a tree structure and can be expanded or minimized by clicking on the arrow signs to the left as shown in (Figure 2). The Information include: ·         A general information at the data-link layer (frame). ·         Then, the information contained in each header from the data-link layer (H2) up to the source or sink protocol (final destination protocol). ·         Finally, it shows details about the highest level protocol that sent or received this packet. Figure 2: Details of a selected packet   In Figure 2, we see the following details (all can be expanded or minimized): 1.      Some general information. 2.      The Ethernet frame (the packet was sent/received over an Ethernet interface) 3.      Internet protocol version 4(IPv4) datagram that contains this packet. 4.      The packet has been carried over TCP, so TCP details are also displayed. Hypertext Transfer Protocol: highest level protocol that received this packet.
Packet byte	Displays the entire contents of the captured frame, in both ASCII and hexadecimal format as follow: 1.      The number in the left field shows the offset in the packet data. 2.      The hexadecimal of the packet is shown in the middle field. 3.      The corresponding ASCII characters are shown in the right field. If we need the byte (or ASCII equivalent) of any line in the packet detail window, we can click on the line in the packet detail window and the byte contents will be highlighted. Figure 4 shows an example of a packet byte window. It shows all the bytes in the frame, but we can select the bytes in any protocol header by highlighting it in the packet detail window section. Figure 3: Packet byte window
Filter Bar	When we start capturing frames, Wireshark captures and analyze any outgoing and incoming frame no matter what is the source or sink protocol. Sometimes, this is not what we want. We may want to limit the analysis to a specific source or sink protocol. The Filter Bar allows us to display packet we are interested in while hiding the rest. A protocol name or other information can be entered to filter the information displayed in the packet-listing window (and hence the packet-header and packet-contents windows). For example, we may want to analyze only packets sent or receive by the HTTP protocol at the application layer or the ARP protocol at the network layer. After packets have been captured, we can type the name of the protocol in lowercase and click Apply. In Figure 3 below, we used the packet-display filter field to have Wireshark hide packets except those that correspond to TCP. Figure 4: Filtering packets.
Status Bar	The last section of the window (at the bottom) is the status bar which shows the current protocol, the total number of packets captured, and so on.

 

 

• Start Capturing:

We’ll assume that your computer is connected to the Internet via a wireless network interface. Do the following:

1. Start up your web browser (preferably not a browser that you usually work with) and clear the browser’s cache memory (For instance, use the following website if you don’t know how to clear the cash memory for FireFox):

https://support.mozilla.org/en-US/kb/how-clear-firefox-cache

2. Start up the Wireshark software. You will initially see a window similar to that shown in Figure 1, except that no packet data will be displayed in the packet list, packet-detail, or packet-byte window, since Wireshark has not yet begun capturing packets.
3. To begin packet capture, select the Capture pull down menu and select Options to open the Wireshark capture options dialog box, as shown in figure 5.
4. In case your computer has more than one active network interface, you will need to select an interface that is being used to send and receive packets (mostly likely the wireless interface Wi-Fi as shown in Figure 5). After selecting the network interface, click Start.
5. Packet capture will now begin: all packets being sent/received from/by your computer are now being captured by Wireshark. a packet capture summary window will appear, as shown in Figure 1. If, after a minute, Wireshark does not capture any packet, there must be a problem.

Figure 5: Start capturing packets in Wireshark

 

Note: The default interface chosen by Wireshark is not always right. You need to make sure that you are choosing the right interface card. Otherwise, Wireshark will not be able to capture any packets and you will get the following error shown in Figure 6 when clicking on (Stop Capture):

Figure 6: “No packet captured” error

• Stop Capturing

Whenever you feel you have captured all the packets that you need, you can stop capturing. To do so, you can click in the button (Stop capturing packets), or you can use the Capture pulldown menu and click Stop.

Figure 7: “Stop capturing packets” button.

 

• Saving the Captured File

After you have stopped capturing, you may want to save the captured file for future use.

 

• Incoming and Outgoing packets

 

When we see the list of the captured frames, we often wonder which frames are the incoming and which ones are outgoing. This can be found by looking at the frame in packet list window. The packet list window shows the source and destination addresses of the frame (generated and inserted at the network layer). If the source address is the address of the host you are working with, the frame is the outgoing frame; if the destination address is the address of your host, the frame is the incoming frame.

 

Figure 8: Incoming and Outgoing packet

To find your IP address: Start > Network Status > properties > scroll down to find your IPv4 address.

 

 

Let us test everything out…

1. Start up your web browser and clear the browser’s cache memory.
2. Start up the Wireshark software> select the Capture pull down menu> select Options > select the active interface network card you are currently using > click Start> now all sent/received packets are now being captured by Wireshark a packet capture summary window will appear.
3. While capturing is running, enter the URL: http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html and have that page displayed in your browser. In order to display this page, your browser will contact the HTTP server at gaia.cs.umass.edu and exchange HTTP messages with the server in order to download this page. The Ethernet frames containing these HTTP messages will be captured by Wireshark.
4. After your browser has displayed the INTRO-wireshark-file1.html page, stop Wireshark packet capture by selecting stop in the Wireshark capture window. The main Wireshark window should now look similar to Figure 9 below.

Figure 9: Captured packet after displaying INTRO-wireshark-file1.html page

 

5. The HTTP message exchanges with the gaia.cs.umass.edu web server should appear somewhere in the listing of packets captured. But there will be many other types of packets displayed as well (see, e.g., the many different protocol types shown in the Protocol column in Figure 2). Even though the only action you took was to download a web page, there were evidently many other protocols running on your computer that are unseen by the user.
6. Filter the packets. Type in “http” in the filter bar and press enter (all protocol names should be are in lower case in Wireshark). This will cause only HTTP message to be displayed in the packet-listing window.
7. Select the first http message shown in the packet-listing This should be the HTTP GET message that was sent from your computer to the gaia.cs.umass.edu HTTP server. When you select the HTTP GET message, the Ethernet frame, IP datagram, TCP segment, and HTTP message header information will be displayed in the packet-header window
8. By clicking on the arrows to the left side of the packet details window, you can minimize/maximize the amount of Frame, Ethernet, Internet Protocol, and Transmission Control Protocol information displayed.
9. Maximize the information displayed about the HTTP protocol. Your Wireshark display should now look roughly as shown in Figure 5.
10. Exit Wireshark. Congratulations! You’ve run your first packet sniffer successfully.

Figure 10: Wireshark display after step 9