CE3005: Computer Networks Laboratory 3 SNIFFING AND ANALYSING NETWORK PACKETS

Similar documents
EE 610 Part 2: Encapsulation and network utilities

Computer Networks/DV2 Lab

ECE4110 Internetwork Programming. Introduction and Overview

Lecture 17 Overview. Last Lecture. Wide Area Networking (2) This Lecture. Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9.

Review of Important Networking Concepts

Internet Networking recitation #2 IP Checksum, Fragmentation

Lab - Using Wireshark to Examine a UDP DNS Capture

Lab - Using Wireshark to Examine a UDP DNS Capture

Protocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang

Packet Header Formats

Lab Using Wireshark to Examine Ethernet Frames

Lab Assignment for Chapter 1

Lab Using Wireshark to Examine Ethernet Frames

Internet protocols, TCP/IP suite

BSc Year 2 Data Communications Lab - Using Wireshark to View Network Traffic. Topology. Objectives. Background / Scenario

Position of IP and other network-layer protocols in TCP/IP protocol suite

Chapter 7 Internet Protocol Version 4 (IPv4) Kyung Hee University

OSI Network Layer. Network Fundamentals Chapter 5. Version Cisco Systems, Inc. All rights reserved. Cisco Public 1

Interconnecting Networks with TCP/IP

HAI Network Communication Protocol Description

Review of Important Networking Concepts. Recall the Example from last lecture

Course Contents. The TCP/IP protocol Stack

Network Model. Why a Layered Model? All People Seem To Need Data Processing

Concept Questions Demonstrate your knowledge of these concepts by answering the following questions in the space that is provided.

Shortest Path First Example

CHAPTER-2 IP CONCEPTS

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

Internet Protocol (IP)

INTERNET SYSTEM. Internet Protocol. Kent State University Dept. of Computer Science. CS 4/55231 Internet Engineering. Large Scale Networking

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1

Lecture 7: Ethernet Hardware Addressing and Frame Format. Dr. Mohammed Hawa. Electrical Engineering Department, University of Jordan.

Internet. 1) Internet basic technology (overview) 3) Quality of Service (QoS) aspects

STEVEN R. BAGLEY PACKETS

Introduction to Internetworking

The Internet Protocol. IP Addresses Address Resolution Protocol: IP datagram format and forwarding: IP fragmentation and reassembly

Network Layer/IP Protocols

Process-to-Process Delivery:

L6: OSI Reference Model

Lab 1: Packet Sniffing and Wireshark

TRANSMISSION CONTROL PROTOCOL. ETI 2506 TELECOMMUNICATION SYSTEMS Monday, 7 November 2016

CS 457 Lecture 11 More IP Networking. Fall 2011

Introduction to Computer Networks. CS 166: Introduction to Computer Systems Security

Internet Protocols (chapter 18)

DKT 224/3 LAB 2 NETWORK PROTOCOL ANALYZER DATA COMMUNICATION & NETWORK SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 16

Networking Technologies and Applications

Protocol Analysis: Capturing Packets

Lesson 5 TCP/IP suite, TCP and UDP Protocols. Chapter-4 L05: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education

MODULE: NETWORKS MODULE CODE: CAN1102C. Duration: 2 Hours 15 Mins. Instructions to Candidates:

This talk will cover the basics of IP addressing and subnetting. Topics covered will include:

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

Applied Networks & Security

Internetwork Protocols

Chapter 2 Layer Architecture of Network Protocols. School of Info. Sci. & Eng. Shandong Univ.

I. More ARP Week 7. after resolving a hardware address, why not store it?

NETWORK PACKET ANALYSIS PROGRAM

Chapter 5 OSI Network Layer

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

UNI CS 3470 Networking Project 5: Using Wireshark to Analyze Packet Traces 12

TCP/IP Transport Layer Protocols, TCP and UDP

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

ECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

ET4254 Communications and Networking 1

Transport Over IP. CSCI 690 Michael Hutt New York Institute of Technology

Network Security. Introduction to networks. Radboud University, The Netherlands. Autumn 2015

Genie Snoop lab. Laboration in data communication GenieLab Department of Information Technology, Uppsala University

CSCI Networking Name:

IP Protocols. ALTTC/Oct

Overview of Ethernet Networking

Lecture 9: Internetworking

Lecture 8. Basic Internetworking (IP) Outline. Basic Internetworking (IP) Basic Internetworking (IP) Service Model

Ethereal Exercise 2 (Part A): Link Control Protocol

Guide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols

COMP2330 Data Communications and Networking

CIT 380: Securing Computer Systems. Network Security Concepts

Networks. an overview. dr. C. P. J. Koymans. Informatics Institute University of Amsterdam. February 4, 2008

VERSION Lab 3: Link Layer

The Transport Layer. Part 1

Wireshark Lab: Getting Started

ECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

Lecture 8. Reminder: Homework 3, Programming Project 2 due on Thursday. Questions? Tuesday, September 20 CS 475 Networks - Lecture 8 1

Lecture 8. Network Layer (cont d) Network Layer 1-1

CS475 Networks Lecture 8 Chapter 3 Internetworking. Ethernet or Wi-Fi).

Lab: 2. Wireshark Getting Started

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

Introduction to Information Science and Technology 2017 Networking II. Sören Schwertfeger 师泽仁

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

EITF25 Internet Techniques and Applications L7: Internet. Stefan Höst

The Internetworking Problem. Internetworking. A Translation-based Solution

Packetization Layer Path Maximum Transmission Unit Discovery (PLPMTU) For IPsec Tunnels

TCP/IP Protocol Suite

University of Maryland Baltimore County Department of Information Systems Spring 2015

The Internet. 9.1 Introduction. The Internet is a global network that supports a variety of interpersonal and interactive multimedia applications.

TCP/IP Networking Basics

CIS 551 / TCOM 401 Computer and Network Security

The Data Link Layer. 32 PART I Networking Basics

OPTIMIZATION OF IPV6 PACKET S HEADERS OVER ETHERNET FRAME

NETWORK PROGRAMMING. Instructor: Junaid Tariq, Lecturer, Department of Computer Science

Transcription:

SNIFFING AND ANALYSING NETWORK PACKETS 1. OBJECTIVE To further understand how the Internet really works and how the concept of encapsulation is being implemented in the different layers of the TCP/IP protocol suite. 2. LABORATORY Hardware Laboratory I (N4-1a-3). 3. EQUIPMENT PC with Windows OS & Ethereal Network Protocol Analyzer. 4. DURATION 2 hours. 5. EXERCISE 3A: PACKET SNIFFING Network protocol analyzer, also known as packet sniffer, is a useful tool for learning about networking. An example of a good open source network protocol analyzer is the Ethereal, or its newer version known as Wireshark (downloadable freely from http://www.wireshark.org). Double-click on the Ethereal icon from the Windows OS desktop to launch the Ethereal network protocol analyzer. To start capturing network packets, click on the menu Capture/Options Ethereal will pop up the Capture Options dialog box shown in Figure 3.1. Set the fields in the dialog box accordingly. Page 3-1

Figure 3.1 : Dialog box of Ethereal capture options.to ensure that you will have a complete picture of how the Internet works, do the followings before starting capturing: 1. Set the Capture Filter in Ethereal Capture option to capture packet to and from your PC.as shown in fig 3.1 by setting the following a. Select Capture Packet in prosmiscuous mode b. Input at the Capture Filter the following host <IP address of your PC> 2. Clear your DNS cache. ( ipconfig /flushdns.) 2. Clear your ARP cache. ( arp d ) 3. Get ready your Rfc865UdpClient program developed in Laboratory 2. When ready, click the Start button to commence live capturing of network packets. Next, similar as Laboratory 2, run your Rfc865UdpClient to request a quote of the day from the given RFC 865 UDP server. When your client has received the quote, click the Stop button to end capturing. Ethereal will now display all the captured network packets in three windows, or panes: Page 3-2

The top pane is the packet list pane. It displays all the packets captured. By clicking on a packet in this pane, you control what is displayed in the other two panes. The middle pane is the tree view pane. It displays the packet selected in the top pane in more detail. The bottom pane is the data view pane. It displays the data from the packet selected in the top pane, and highlights the field selected in the tree view pane. Recall the networking concepts learnt in the lectures. Before your laboratory PC can actually send the quote of the day request from your Rfc865UdpClient to the given RFC 865 UDP server, additional network packets need to be sent and received. Search the top pane of Ethereal display and list in the following table the sequence of all relevant network packets sent and received by your laboratory PC. ( You shoud be able to see the DNS, ARP and QoD request and reply. The last relevant network packet is the quote of the day packet received from the given RFC 865 UDP server as shown.) Packet Source Destination Purpose of Packet 1. My Computer 2.... Last. RFC865 UDP server My Rfc865UdpClient Quote of the day reply 6. EXERCISE 3B: DATA ENCAPSULATION TCP/IP is loosely characterised as consisting of 5 layers. For each layer, standard protocols are developed for the exchanges of messages. These messages are called protocol data units, or PDUs. How can an application-pdu be transmitted across a physical network that does not understand the application-pdu at all? The answer lies in a technique known as encapsulation, where a lower level protocol accepts a PDU from a higher level protocol and places it in the data portion of the lower layer PDU. Let us say that your Rfc865UdpClient is requesting a quote of the day from the given RFC 865 UDP server. The request data is an application-pdu, which is handled over to the transport layer via an API. The arguments for this API includes the destination computer name or IP address, the port number and the data. The transport layer appends the transport-header (TH) to the data to create a transport-pdu. This is then handled down to the network layer, which in turns creates a network-header (NH) with the transport-pdu as the data to form a network-pdu. Similarly, the data link layer appends a header (DH) and a trailer (DT) with network-pdu as the data to form a data-link-pdu. Then, this data-link-pdu is the actual frame that is being transmitted over the physical media. Page 3-3

Figure 3.2: Encapsulation of PDUs To fully understand the concept of data encapsulation between layers, let us analyse the following network packet: At the top pane of Ethereal display, search for the network packet sent by your Rfc865UdpClient to the given RFC 865 UDP server. Select it, and copy the corresponding hexadecimal representation of the complete captured data below: Complete captured data (in hexadecimal): 7. EXERCISE 3C: DATA LINK PDU - ETHERNET FRAME Several variations of Ethernet currently exist. The widely used industry standard is Ethernet II, which was defined by the Ethernet specification created by Digital, Intel, and Xerox before the IEEE 802.3 specification. The Ethernet II frame format is also known as the DIX (Digital Intel Xerox) frame format. It is of variable length, with no frame smaller than 64 bytes. Preamble Dest Addr Source Addr Ether Type Frame Data CRC 8 6 6 2 46-1500 4 Figure 3.3: Ethernet Frame The Preamble field is 64-bit long and consists of 56 bits of alternating 1s and 0s (each byte is the bit sequence 10101010) to synchronize a receiving station and a last 8-bit of 10101011 sequence that indicates the start of a frame. Note that this field is discarded at the receiving end and hence not shown in Ethereal. The Cyclic Redundancy Check (CRC) field is 32-bit long and provides bit-level integrity verification on the bits in the Ethernet II frame. The 32-bit CRC helps the interface detect transmission errors: the sender computes the CRC as a function of the data in the frame, and the receiver recomputes the CRC to verify that the packet has been received intact. Note that this field is also not shown in Ethereal. Page 3-4

What type of upper layer data is the captured ethernet frame carrying? How do you know? Determine the following from your captured data in Exercise 3B: Destination Address : Source Address : Frame Data : 8. EXERCISE 3D: NETWORK PDU - IP DATAGRAM The IP datagram format is shown in Figure 3.4. 0 4 8 16 19 31 Version IHL Type of Service Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source Address Destination Address Options + Padding Data Figure 3.4: IP Datagram Refer to lecture slides or RFC 791 for an explaination of the fields. What type of upper layer data is the captured IP packet carrying? How do you know? Does the captured IP header have the field: Options + Padding? How do you know? Determine the following from the Frame Data field in Exercise 3C: Version : Total Length : Identification : Flags : Fragment Offset : Source Address : Destination Address : Page 3-5

Packet Data : 9. EXERCISE 3E: TRANSPORT PDU - UDP DATAGRAM The UDP datagram packet is shown in Figure 3.5. 0 16 31 Source port Destination port Length Checksum Data Figure 3.5: UDP Datagram Determine the following from the Packet Data field in Exercise 3D: Source Port : Destination Port : Length : Data : 10. EXERCISE 3F: APPLICATION PDU Interpret the application data from the Data field in Exercise 3E: Message : Page 3-6

Is this the message that you have sent? Page 3-7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback