9
Network Architecture & Protocols Assignment CS-652-101 Team Members Swaminathan Krithivas Patel Achal Shah Mihir Rajasekaran Angugoutham

Assignment_Wireshark

Embed Size (px)

Citation preview

Page 1: Assignment_Wireshark

Network Architecture & Protocols

Assignment

CS-652-101

Team Members

Swaminathan Krithivas

Patel Achal

Shah Mihir

Rajasekaran Angugoutham

Page 2: Assignment_Wireshark

Answer to Question 1.

Type “icmp.type==8” in the filter box . Click on Apply to display only the Echo request ICMP messages captured at Host B in Fig.1.

Below screenshot displays the Echo request ICMP messages captured in the Switch-B.cap file

Page 3: Assignment_Wireshark

Answer to Question 2.

Click on View and Select Coloring Rules. Select New button from the left pane which will open the Wireshark Edit Color filter dialog Box.

1. Give the Name as Echo Reply and Click on the Expression button in the dialog box. 2. Select the Field name as icmp.type, Relation as == and type Value as 0 in the Wireshark

Filter Expression Dialog box. Click on OK. 3. Click on Foreground Color button, select a Color (selected Red) and Click on OK 4. Click OK from the Edit Color Filter dialog Box. 5. Select Apply and then OK from the Coloring Rules Dialog box to apply this rule.

Below screenshot shows the Wireshark Edit Color Filter dialog box with Name as Echo Reply in Foreground color “Red” and the filter expression formed “icmp.type==0”

Page 4: Assignment_Wireshark

To display the Echo Reply ICMP messages .

1. Type “icmp.type==0” in the filter box 2. Click on Apply to display only the Echo reply ICMP messages as below.

Below screenshot displays only the Echo reply ICMP messages in foreground color Red captured in the Switch-B.cap file.

Page 5: Assignment_Wireshark

Answer to Question 3.

1. Opcode for an ARP reply is 2. Filter arp.opcode==2 will display the ARP reply packets 2. ICMP reply message has a type value of 0. Filter icmp.type==0 will display the ICMP reply

packets 3. In order to display both the ARP reply and ICMP reply packets we have to use the “or”

operator or the || symbol between the two filters. 4. Type (arp.opcode==2)||(icmp.type==0) in the filter box and Click on Apply, to display both

ARP reply and ICMP reply packets in Switch-B.cap file.

Below screenshot displays the ARP reply and the ICMP reply packets captured in the Switch-B.cap file.

Page 6: Assignment_Wireshark

Answer to Question 4.

HOST A (192.168.0.104) generates echo request packets for the ethernet switch network (Fig.1) which can be inferred from the capture files Switch-B.cap and Switch-C.cap.

HOST A (192.168.0.104) generates echo request packets for hub network (Fig.2) which can be inferred from the capture files Hub-B.cap and Hub-C.cap.

Considering All 4 files we can sum up that Host A (192.168.0.104) sends the Echo request packets.

Answer to Question 5.

Captured packets at Hub-B.cap and Hub-C.cap have the same packets.

The function of Hub is that it simply broadcasts all the requests and replies (ARP or ICMP) it receives in one port to all the other ports connected to it, this is the reason why Host B & Host C receive the same packets in the hub network.

Scenario 1 Host A sends an ARP request to Host B and C. Host B sends and ARP reply intended to Host A which goes though the Hub. Hub sends this to Host C as per its function.

Scenario 2 1. Host A sends an ICMP echo request to Host B which goes through the hub. Hub sends this

message to Host C as well. 2. Host B sends an ICMP echo reply directed to Host A. Hub sends this message to Host C as

well.

Answer to Question 6.

• Host B receives 1 ARP request packet (from Host A) and sends 1 ARP reply packet(to Host A) as shown in Hub-B.cap file

• Host C receives 1 ARP request packet (from Host A) and 1 ARP reply packet as shown in Hub-C.cap file.

1. Host A sends the ARP request to both Host B and C since its a broadcast request. This is captured in Hub-B.cap and Hub-C.cap respectively.

2. Host B sends an ARP reply to Host A (destination address as 192.168.0.104) and sends via the Hub. The Hub sends this ARP reply packet to Host C as well which is directly connected to it. This ARP reply packet is captured in the Hub-C.cap file.

So to sum up, Host B and Host C receive 1 ARP request and 1 ARP reply packet each.

Page 7: Assignment_Wireshark

Answer to Question 7.

• Host B receives 1 ARP request packet (from Host A) and sends 1 ARP reply packet to Host A which is captured in the Switch-B.cap file

• Host C receives 1 ARP request packet from Host A. It does not get any ARP reply packets.

ARP request packet is sent by Host A (192.168.0.104) to all the ports connected to the switch. ARP request is a broadcast packet sent to both Host B and C which is captured in both Switch-B.cap and Switch-C.cap files respectively.

The Host C does not receive the ARP reply because:- The ARP reply is sent directly from Host B (192.162.0.105) to Host A (192.162.0.104) and is not broadcasted to all the ports since it is connected through a switch. Switch forwards the packet from the source to the corresponding destination and does not flood the packet to all the ports connected to it. This is the reason why the ARP reply is not captured in the Switch-C.cap file.

Answer to Question 8.

No, Switch-B.cap and Switch-C.cap does not have the same packets.

Switch-B.cap

• Host B receives the ARP request(broadcast) “who has 192.168.0.105? Tell 192.168.0.104” from Host A.

• Host B then sends it MAC address 00:06:5b:e3:4d:1d directly to HOST A as an ARP reply. Host C does not receive this message. Switch forwards the packet from the source to the corresponding destination and does not flood the packet to all the ports connected to it.

• Host B also receives the ICMP request messages from Host A directed to it at IP 192.168.0.105. Host C does not receive these ICMP request messages as these are unicast messages directly sent to Host B.

Switch-C.cap

In the capture file we can see that , Host C receives only the broadcast messages sent by Host A. It does not receive any ARP replies or ICMP reply messages as those packets are messages sent directly from Host B to Host A.

So Host C only receives

1. ARP request which is a broadcast request from Host A. 2. ICMP requests from Host A to broadcast address 192.168.0.255

Page 8: Assignment_Wireshark

Answer to Question 9.

Yes, Host B in Fig.3. will receive the same traffic as HostB in Fig.2.

Host A and Host B are connected to the same Hub in both Fig.3. and Fig.2.

Considering all the scenarios

ARP reply or ICMP messages (reply or request) from Host C in Fig.3 must go through the hub to reach Host A. When these messages goes through the hub to reach Host A, a copy of the message is sent to Host B as well. This case same with Host B in Fig.2.

To Sum up, Considering both Fig.2 and Fig.3

A packet sent from Host A to Host C or vice-versa a copy of the packet is sent to Host B as well, which is because the packet has to go through a Hub. And function of the hub is that it will forward the packet received in one port to all the other ports connected to it.

Therefore, Host B in Fig.2 and Fig.3 will receive the same traffic.

Answer to Question 10.

No, Host C in Fig.3 will not receive the same traffic as in Fig.2

Hub will forward the packet it receives in one port to all the other ports connected to it. On the other hand switch only forwards the packet from a source port to the corresponding destination port. Keeping this basic definition in mind we can conclude that:-

Since Host C (192.168.0.100) in Fig.3 is connected to a Switch it will receive:- 1. ARP request from Host A, Since it is broadcast message 2. ICMP request messages from Host A sent to broadcast address 192.168.0.255 3. ICMP request messages directed to its address 192.168.0.100 (Host C)

Whereas in Fig.2 the Host C is connected to a Hub, So it will receive all the ICMP and ARP messages (requests or replies) sent by Host A and Host B.

Page 9: Assignment_Wireshark

Answer to Question 11.

Yes, Host C in Fig.3 will receive the same traffic as in Fig.1

In Fig.3 Switch connected to Host C limits the unwanted broadcasts sent by the Hub which is directly connected to it.

Switch connected Host C in Fig.3 will only allow

1. ARP request from Host A, since it is a broadcast message. 2. ICMP requests from Host A sent to broadcast address 192.168.0.255 3. ICMP messages directed to 192.168.0.100 (Host C) These cases are similar to Host C in Fig.1

Switch connected Host C in Fig.3 will not allow. 1. ARP reply from Host B to Host A. Hub will forward this message to the Switch, but the

switch will drop it since it was not meant for Host C. 2. ICMP request messages from Host A (192.168.0.104) to Host B(192.168.0.105). This request

messages will be broadcasted by the hub to the switch directly connected to it. But the switch will drop these messages since they were not meant for Host C(192.168.0.100).

3. ICMP reply messages from Host B to Host A. Hub will send this message to switch as well. But the switch will drop it since it not meant for Host C.

Above cases are also similar to Host C in Fig.1


Plato - Symposium

Plato - Symposium

Documents
Who Killed God

Who Killed God

Documents
Personality Development

Personality Development

Documents
(Tesla) - The Tesla Magnetic Car Engine

(Tesla) - The Tesla Magnetic Car Engine

Documents
Rubik's cube solution

Rubik's cube solution

Documents
How Computer Keyboards Work

How Computer Keyboards Work

Documents
Chapter-01

Chapter-01

Documents
Explore The Levels of Creation

Explore The Levels of Creation

Documents
Improve the Color Quality Of Your Monitor

Improve the Color Quality Of Your Monitor

Documents
Keyboard Shortcuts for the Opera Browser for Mac OS X

Keyboard Shortcuts for the Opera Browser for Mac OS X

Documents
Venture Capital

Venture Capital

Documents
Chapter 23

Chapter 23

Documents
Star Wars Trivia!

Star Wars Trivia!

Documents
Physical Modelling Synthesis Overview

Physical Modelling Synthesis Overview

Documents
Tragic Heroes

Tragic Heroes

Documents
Iron Mills Essay

Iron Mills Essay

Documents
Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Documents
xCDC14a

xCDC14a

Documents
Steve Jobs' Commencement Speech at Stanford

Steve Jobs' Commencement Speech at Stanford

Documents
Simple Functions in Haskell

Simple Functions in Haskell

Documents
Jan Van Eyck and the Man In A Red Turban

Jan Van Eyck and the Man In A Red Turban

Documents
The Best American Humorous Short Stories

The Best American Humorous Short Stories

Documents
Barclays1

Barclays1

Documents
Star Wars Prequel Trilogy Trivia (Episodes I-III)

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Documents
18 Tricks to Teach Your Body

18 Tricks to Teach Your Body

Documents
Basic Buffer Overflows Explained

Basic Buffer Overflows Explained

Documents
Oedipus The King: The Ideal Tragic Play

Oedipus The King: The Ideal Tragic Play

Documents
Do you admire Leonardo da Vinci?

Do you admire Leonardo da Vinci?

Documents
Heidegger Kritik

Heidegger Kritik

Documents
Fortran

Fortran

Documents