1 Assigned 29th Aug 2022 Due 10th Sep 2022 University of Missouri – St. Louis Department of Computer Science (Fall 2022: CMP SCI 4730 Computer Network And Communications) Lab Assignment 1 Max Points:...

attached


1 Assigned 29th Aug 2022 Due 10th Sep 2022 University of Missouri – St. Louis Department of Computer Science (Fall 2022: CMP SCI 4730 Computer Network And Communications) Lab Assignment 1 Max Points: 100 The purpose of this lab is to familiarize the class with network analysis and diagnostic utilities. 1. The PING (Packet Internet Groper) command [20] Description: This Ping command is a command line utility to verify network connectivity between the source host and the specified destination server or a host. It can, therefore, be used to verify and troubleshoot accessibility of devices over the Internet. The host sends one or more messages called ping and waits for the echo reply called pong. The response may also indicate the round-trip delay, packet size and packet loss. Study the general form of Ping command using man (Mac) or help (/ or -h) (Windows) as the case may be. Do the following exercise based on Ping Exercise: From the command line interface (command window), ping 8.8.8.8 (www.google.com) and include a snapshot of the screen with the write up. Answer the following questions based on the output of the command: i) How many packets are sent? What is the default size of each packet ii) Change the packet size to 128. What size does google accept? iii) What is the TTL value indicated and what does it mean? iv) What is the minimum and the average time for accessing Google server in the default case? v) Which protocol does ping use, give the full form of the protocol? Now Ping www.boeing.com with 20 pings vi) What is the IP address of the Boeing server? vii) Ping the Boeing IP address with TTL value of 10? Explain the result. viii) Increase the size of the test packet to 1024 bytes and note the difference in average time taken. ix) What is the percentage of packet loss? x) Give two factors on which the minimum RTT depends. 2. The Traceroute/Tracert utility [20] Description: This utility allows the user to examine the path a packet takes across the Internet from the source to the destination. It uses the Internet Control Message Protocol (ICMP) error-reporting function and UDP packets. traceroute provides information about the routers that handle the packets and also gives transit delays (network latency) for delivering packets to each router. It thus provides the NOC http://www.google.com/ http://www.boeing.com/ 2 engineers in diagnosing network issues like packet loss and latency. This functionality is available as a command line tool in Unix variants and Windows. Tracing paket routes is an important tool for network engineers and your skill to interpret it’s output will improve as you practice more. Exercise: Trace the route to 8.8.8.8 (or any other public site if this does not work on your system) and include a snapshot of the output with your submission. Answer the following questions based on the output of the command: i) Give the number of hops and the number of routers to the destination. (2) ii) What is the maximum number of hops that are traced by traceroute? (2) iii) What is the maximum and minimum time taken to reach the destination? (2) iv) Look up the last IP address on the route before 8.8.8.8 using a ‘whoisip’ look up tool (like https://www.whatismyip.com/ip-whois-lookup/) give the owner’s name and postal address. (2) v) How does the traceroute/tracert discover the path? Get help from ‘man’ or help pages depending on whether you are using a mac or windows. (2) vi) For this part traceroute/tracert to 18.31.0.200 (MIT Server) and attach a snapshot of the output. Explain the asterisk signs on some hops. (2) vii) In vi) which ISP’s network does the packet start in? Can you spot any change in the ISP before the packet reaches its destination? (4) viii) What are the effective throughputs of the link up to the first router and the last router? (4) 3. Wireshark [40+20] Brief Description: Wireshark is one of the most popular network protocol analyzers. It allows examination of packet flows and their contents. Using this tool network administrators can troubleshoot network problems and security engineers can find security issues. It can be used to learn protocol behavior and also debug them. Download Wireshark from https://www.wireshark.org/download.html and install it (choose to install npcap as well). The Wireshark Users’ Guide is available at http://www.wireshark.org/docs/wsug_html_chunked/. Please read the initial parts on description of Wireshark and usage. Keep referring to the manual as required. Exercise: [A] Start Wireshark and click on the interface through which your computer is connected to the Internet (It will generally be the wireless interface “Wi-Fi en0” or the Ethernet LAN interface). Start packet capture and answer the following: a) See the contents of the three main parts of the Wireshark interface: The packet- listing pane, the packet details pane, and the packet-contents pane. Familiarize yourself with the menu options. (i) Look at the protocol field and list three different protocols displayed. (6) b) (i) Select any packet in the packet-listing pane and briefly describe the contents of the other two panes. (ii)Take a screenshot of the Wireshark interface showing the details of the packet you described and include it in the submission (iii) What is the final encapsulation layer of the message being sent on the physical or wireless media? (10) https://www.whatismyip.com/ip-whois-lookup/ https://www.wireshark.org/download.html http://www.wireshark.org/docs/wsug_html_chunked/ 3 c) Exit Wireshark. Open your favorite browser. Start Wireshark again and start capture. On the browser navigate to the site apache.org click any hyperlink on the page. Click another hyperlink. Wait a few seconds and stop capture. You now have live packet data containing protocol messages that have been exchanged between your computer and the network/website. Submit a screenshot of the Wireshark output. Carry out the following: (i) Type http in the ‘Apply a display filter’ field so that only HTTP packets are displayed? Give the first three bytes of the HTTP message. (4) (ii) Since the HTTP message was carried inside a TCP segment, which was carried inside an IP datagram, which was carried within an Ethernet frame, in the packet details window Wireshark displays the Frame, Ethernet, IP, and TCP packet information as well. Maximize HTTP and minimize the other details. From the details give the version of HTTP that your browser is running. (4) (iii) Find an HTTP GET message in the captured packets that shows the URL you entered. Expand the Ethernet frame, IP datagram, TCP segment, and HTTP message header information in the packet-header window, take a screenshot and include it with your submission. From the details find what is the IP address of your computer and that of the site you accessed? (4) (iv) Print the two HTTP messages (GET and OK). Submit the output. (4) (v) Calculate the time between sending of the HTTP GET message and receipt of the corresponding HTTP OK reply. (4) (vi) How many bytes of content are being returned to your browser? (4) (B) HTTP Authentication: Exit and re-start Wireshark. Start packet capture. Download the password protected file http://gaia.cs.umass.edu/wireshark- labs/protected_pages/HTTP-wireshark-file5.html using your browser. The username is wireshark-students, and the password is network. Answer the following. (i) What is the server’s response (status code and phrase) in response to the initial HTTP GET message from your browser? (5) (ii) When your browser’s sends the HTTP GET message for the second time, what new field is included in the HTTP GET message? (5) (iii) The username wireshark-students and the password network that you entered are encoded in the string of characters (d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=) following the “Authorization: Basic” header in the client’s HTTP GET message. Use a Base64 to text decoder (like https://www.base64decode.org) and enter this part of the string d2lyZXNoYXJrLXN0dWRlbnRz you can see the username! Now enter the remainder of the string Om5ldHdvcms= and your password is shown in cleartext. This is how an intruder can sniff your password. Comment about the security at this layer? (10) http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html https://www.base64decode.org/