We are supposed to use our own computer to ping another one,and check the results.
We are supposed to try using our own computer to ping another one. And in this practical way, we will know something about ping and computer network.
Two computers
- Open my computer's hotspot and make another computer connect it.
- Check the second computer's IP address.
- Open my computer's command line and input the ping instruction.
- check the result if the second comuper receive the data package.
The second computer successfully received the package.
By using hotspor to connect two computers, their communication is successful.
We are supposed to use our own computer to tracert a server,and check the results.
We are supposed to try using our own computer to tracert a server. And in this practical way, we will know something about tracerting and computer network.
Two computers
- Open my computer's hotspot and make another computer connect it.
- Check the second computer's DNS server.
- Open my computer's command line and input the tracert instruction.
- check the result
The result shows the second computer's DNS server is my own computer.It's successful.
By using hotspot to connect two computers, the computer sharing the hotspot is the DNS server of the other one.
We are supposed to learn some basic skills about using WireShark by visiting college website
We are supposed to learn some basic skills about using WireShark by visiting college website
A computer connected with the Internet with a browser and WireShark
- Start WireShark. Choose WLAN input and start capturing.
- Open the browser and in the browser address bar, type http://cs.whu.edu.cn/.
- After http://cs.whu.edu.cn/index.aspx pages can be rendered by the browser, stop capturing in the WireShark.
- Check the list of captured packets select the message we need.
Telnet two websites
We are supposed to telnet websites and sent GET message.
A computer.
- Open Powershell and input the instruction
telnet mail.hust.edu.cn 25 - Input the instruction
telnet cs.hust.edu.cn 80 - After we connect the server, input the instruction
GET /index.htm HTTP/1.1
host:cs.hust.edu.cn
If we connect a server successfully via telnet instruction, we can sent GET request to the server and get the response.
Use Wireshark to capture the packages while communicating via http, and get the information.
We capture the http packages of different types and we find out the details of these transmissions.
- Start up the web browser.
- Start up the Wireshark packet sniffer, but don’t yet begin packet capture. Enter “http” (just the letters, not the quotation marks) in the display-filter-specification window and press enter, so that only captured HTTP messages will be displayed later in the packet-listing window. (We’re only interested in the HTTP protocol here, and declutter all other uninteresting captured packets).
- Wait a bit more than one minute (we’ll see why shortly), and then begin Wireshark packet capture.
- Surf website http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html in the browser
- the browser should display a very simple, one-line HTML file.
- Stop Wireshark packet capture.
- Both are HTTP 1.1
- zh-CN,zh
- my computer: 10.133.157.108
gaia.cs.umass.edu server: 128.119.245.12 - 200
- Sat, 12 Mar 2022 06:59: 01 GMT
- 128
- No.
• Start up the web browser, and make sure the browser’s cache is cleared, as discussed above. • Start up the Wireshark packet sniffer • Enter the following URL into the browser http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html the browser should display a very simple five-line HTML file. • Quickly enter the same URL into the browser again (or simply select the refresh button on the browser) • Stop Wireshark packet capture, and enter “http” in the display-filter-specification window, so that only captured HTTP messages will be displayed later in the packet-listing window.
8. No
9. Yes. There is content length.
10. Yes. The time the web page was last modified
11. 304, Not Modified. No.
• Start up the web browser, and make sure the browser’s cache is cleared, as discussed above. • Start up the Wireshark packet sniffer • Enter the following URL into the browser http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file3.html the browser should display the rather lengthy US Bill of Rights. • Stop Wireshark packet capture, and enter “http” in the display-filter-specification window, so that only captured HTTP messages will be displayed.
12. One
13. No.53
14. 200, OK
15. Five
• Start up the web browser, and make sure the browser’s cache is cleared, as discussed above. • Start up the Wireshark packet sniffer • Enter the following URL into the browser http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file4.html the browser should display a short HTML file with two images. These two images are referenced in the base HTML file. That is, the images themselves are not contained in the HTML; instead the URLs for the images are contained in the downloaded HTML file. As discussed in the textbook, the browser will have to retrieve these logos from the indicated web sites. The textbook publisher’s logo is retrieved from the gaia.cs.umass.edu web site. The image of the cover for the 5th edition of the textbook is stored at the caite.cs.umass.edu server. (These are two different web servers inside cs.umass.edu). • Stop Wireshark packet capture, and enter “http” in the display-filter-specification window, so that only captured HTTP messages will be displayed.
16. Three
17. According to the order of the respones, I guess its serial.
take a closer look at the client side of DNS. Recall that the client’s role in the DNS is relatively simple – a client sends a query to its local DNS server, and receives a response back.
- Run nslookup to obtain the IP address of Baidu.
- Run nslookup to obtain the IP address of Oxford.
- Run nslookup to obtain the IP address of facebook
- Use ipconfig to empty the DNS cache in the host.
- Open the browser and empty the browser cache.
- Open Wireshark and enter “ip.addr == the_IP_address” into the filter, where you obtain the_IP_address with ipconfig. This filter removes all packets that neither originate nor are destined to the host.
- Start packet capture in Wireshark.
- With the browser, visit the Web page: http://www.ietf.org
- Stop packet capture.
- I looked up Baidu, its IP address is 36.152.44.96 and 36.152.44.95
- I looked up Oxford University
- I used dns0.ox.ac.uk to query yahoo but failed, so I retried facebook and succeeded.
4. UDP
5. Both are 53
6. The DNS query message was sent to 202.114.96.1
Yes, they are the same.
7. Type is A. And it didn't get any answer.
8. It provided 3 answers. They contained ServerName, Type, Class, Time to live, Date length and Cname.
9. No, they had no corresponce.
10. No.
11. Both are 53.
12. The DNS query message was sent to 202.114.96.1
Yes, they are the same.
13. The type is AAAA. And it got no answer.
14. Two. They contained ServerName, Type, Class, Time to live, Date length and Cname.
16. The DNS query message was sent to 202.114.96.1
Yes, they are the same.
17. The type is NS. And it had no answer.
18.
ns7.dnsmadeeasy.com
ns6.dnsmadeeasy.com
ns5.dnsmadeeasy.com
atalante.stanford.edu
avallone.stanford.edu
argus.stanford.edu
No, it didn't provide.
- It was sent to 171.64.7.115. They seemed to have no corresponce.
- The type is A. It didn't contain any answer.
- One. They contained ServerName, Type, Class, Time to live, Date length and Cname.
take a look at the UDP transport protocol
- Start capturing packets in Wireshark
- Stop packet capture, set the packet filter so that Wireshark only displays the UDP packets sent and received at the host.
- pick one of these UDP packets and expand the UDP fields in the details window.
- There are 4 fields and they are Source Port, Destination Port, Length and Checksum.
- There are four header fields and each of them occupies 2 bytes. So, totally, its length is 8 bytes.
- It is the length of header fields plus data fields.
- Length has 2 bytes so it can represent $ 2^{8*2} $ bytes data. And the header occupies 8. So, its maximum number is $ 2^{16}-8 $
- The Port also has 2 bytes. And the port number begins with 0. So, the largest is $ 2^{16}-1 $
- As the picture above shows, its 17. And Hexadecimally, it's 0X11
- Their Source Port is corresponding with the other Destination Port.
investigate the behavior of the celebrated TCP protocol in detail by nalyzing a trace of the TCP segments sent and received in transferring a 150KB file
- Download the attached txt file alice.txt in the lab repository from the website www.github.com/network-distributed, which is an ASCII copy of Alice in Wonderland. Store this file somewhere on the computer.
- Next go to http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark-file1.html.
- Use the Browse button in this form to enter the name of the file on the computer containing Alice in Wonderland
- Now start up Wireshark and begin packet capture and then press OK on the Wireshark Packet Capture Options screen
- Returning to the browser, press the “Upload alice.txt file” button to upload the file to the gaia.cs.umass.edu server.
- Stop Wireshark packet capture.
- source IP:10.133.192.244 prort:52592
- gaia.cs.umass.edu IP: 128.199.245.12 port:80
- the same as the question 1
- seq=0, using [SYN]
- seq=0, ACK=1, the seq of syn +1, using [SYN,ACK]
- seq=43201
-
number 1 2 3 4 5 6 seq 1 1441 2881 4321 4761 7201 send time 3.715887 same same same 4.032636 same receive time 4.032541 same same same 4.350989 same rtt 0.316654 0.318353 EstimatedRTT(a=0.125) 0.316654 0.316866 0.317052 
- all of them are 1440.
- 32128
yes,the content surpass its size will be dropped.
- No. I check the time sequece graphs(strevens). Its sequece number never became smaller.
- almost all of them are 1440. if each sequence number has a related ack number, then all of the segments are acknowleged.
-
$avg(throughput)=149505\div(2.566962)=56.876kb/s$ 
investigate the IP protocol, focusing on the IP datagram.investigate the IP protocol, focusing on the IP datagram. We’ll do so by analyzing a trace of IP datagrams sent and received by an execution of the traceroute program.nvestigate the various fields in the IP datagram, and study IP fragmentation in detail.
- Download and install pingplotter, and test it out by performing a few traceroutes.
- Start up Wireshark and begin packet capture (Capture->Start) and then press OK on the Wireshark Packet Capture Options screen
- start up pingplotter and enter the name of a target destination in the “Address to Trace Window.” Select the menu item Edit-> Options->Default Settings -> Engine and enter a value of 56 in the Packet Size field and then press OK. Then press the Trace button.
- send a set of datagrams with a longer length, by selecting Edit-> Options->Default Settings -> Engine and enter a value of 2000 in the Packet Size field and then press OK. Then press the Resume button.
- send a set of datagrams with a longer length, by selecting Edit-> Options->Default Settings -> Engine and enter a value of 3500 in the Packet Size field and then press OK. Then press the Resume button.
- Stop Wireshark tracing.
- my address is 10.133.192.244
- ICMP
- There are 20 bytes in the packet header. Because there are totally 56 bytes, the packet's payload is 36 bytes.
- No, there are no packets that their ttl is the same.
- ttl,header checksum and identification are always changing.
- must stay contant:
- Version: The versions used by the communication parties must be the same
- Header Length: it is determined by ipv4 protocol.
stay constant:
- Datagram length: This is the total length of the IP datagram (header plus data), measured in bytes.
- source address
- destination address
- Options: The options fields allow an IP header to be extended.
- Identifier, flags, fragmentation offset: These three fields have to do with so-called IP fragmentation, when a large IP datagram is broken into several smaller IP datagrams which are then forwarded independently to the destination, where they are reassembled before their payload data (see below) is passed up to the transport layer at the destination host
must change:
- ttl: every router the diagram passed will substract the value by 1.
- header checksum: judge if it is valid.
- Identification: it is used to uniquely identify all fragments of a message
- data
- the identification of every diagram is different
It is used to uniquely identify all fragments of a packet. Therefore, you need to change this value for different packets to ensure that packets can be uniquely identified.
- idnetification is 0x9947
ttl is 64 - identification changes,but ttl doesn't.
identification is different because every reply is different.
while ttl doesn't change because every reply pass that router experiencing the same numbers of hop.
- yes, it has been fragmented into two pieces.
- it has 2 ipv4 fragments. it's offset is 1480, so it's the second fragment. it's 500 bytes.
- the frag is 0,and its offset isn't 0, indicating it is the second fragment. and frag is 0 shows that there is no more fragment.
- their total length, frag and offset are different.
- there are 3 fragments.
- total length, frag and offset are changing.
capture the packets generated by the Ping program.
- open the Windows Command Prompt
- Start up the Wireshark packet sniffer, and begin Wireshark packet capture.
- Type “ping –n 10 www.stanford.edu” in the command prompt terminal
- When the Ping program terminates, stop the packet capture in Wireshark.
- My source IP address is 10.133.145.200, and the destination IP address is 151.101.78.133.
- Because ICMP packets are carried as IP payloads, they do not need port numbers like TCP or UDP
- Type is 8 and code is 0, which means this is a reply request message.
Other fields include checksum, identifier and sequence number. They all need 4 bytes.
- Type is 0 and code is 0, which shows it is an echo response message.
Other fields include checksum, identifier and sequence number. They all need 4 bytes.
- My source IP address is 10.133.145.200, and the destination IP address is 128.93.162.83.
- According to the information I search on the Internet, the IP protocol number will be 17.
- Yes, it's different. In this case, ICMP packets are TTL packets (type 11, code 0). This is in the Traceroute program. The router checks that the TTL in the IP packet sent by Traceroute just expired, so the router needs to discard the packet and send the warning message back to the source host. This is different from the purpose of the Ping program, which is to request a response.
Compared with the error message, the echo message doesn't have ICMP request packet.
- This is the reply packet returned by the destination host. The principle of the Tracert program is to send packets with increased TTL. When the packet with TTL = 1 reaches the router, the router discards the packet and sends an ICMP error to the requesting machine. The last group of 3 datagrams can reach the destination host. At this time, because it is received by the destination host, the destination host does not lose the packet, but actually receives the datagrams of the detection and makes a response.
- Between the eighth node and the ninth node, the delay of the subsequent nodes all reached 250+ ms. After that, the name of the router is English, and the destination is France, which should be connected to the border router between Asia and Europe.
investigate the Ethernet protocol and the ARP protocol.
- Start up the Wireshark packet sniffer
- Enter the following URL into the browser http://gaia.cs.umass.edu/wireshark-labs/HTTP-ethereal-lab-file3.html
- Stop Wireshark packet capture. First, find the packet numbers of the HTTP GET message that was sent from the computer to gaia.cs.umass.edu, as well as the beginning of the HTTP response message sent to the computer by gaia.cs.umass.edu.
- change Wireshark’s “listing of captured packets” window so that it shows information only about protocols below IP by selecting Analyze->Enabled Protocols. Then uncheck the IPv4 box and select OK.
- Select the Ethernet frame containing the HTTP GET message.
- type arp -a in the Windows powershell
- clear the ARP cache, ny arp –d * command
- Start up the Wireshark packet sniffer
- Enter the following URL into the browser http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-lab-file3.html
- Stop Wireshark packet capture uncheck the IPv4 box and select OK.
- 48-bit Ethernet address of my computer is a8:7e:ea:59:44:cb
- The 48-bit destination address in the Ethernet frame id 14:14:4b:44:fd. It is not the Ethernet address of gaia.cs.umass.edu. Instead, it's the Ethernet address of the router my computer connected to.
- the hexadecimal value for the two-byte Frame type field is 0x0800
the upper layer protocol this correspond to is ipv4 - $ 3\times16+6=54 $
- the value of the Ethernet source address is 14:14:4b:44:fd. It is not the Ethernet address of gaia.cs.umass.edu. Instead, it's the Ethernet address of the router my computer connected to.
- the destination address in the Ethernet frame is a8:7e:ea:59:44:cb. It's my computer's Ethernet address.
- the hexadecimal value for the two-byte Frame type field is 0x0800
the upper layer protocol this correspond to is ipv4 - $ 4\times16+3=67 $
-
- the value of the source address is a8:7e:ea:59:44:cb. the destination address in the frame is 14:14:4b:44:fd.
- the hexadecimal value for the two-byte Frame type field is 0x0806
the upper layer protocol this correspond to is arp
- a.$ 16+5=21$ b.the opcode is 2 c. the IP address of the machine having the Ethernet address whose corresponding IP address is being queried is 10.133.139.149
Some Experiments data cannot be bore by the report. They are updated onto my github https://github.com/RiverUp/networkTR.