USA: +1(669)289-8683 
Sign in
The goal of this assignment is to explore the network packets associated with several typical online activities. You will have the chance to analyze bit-by-bit the flows associated with these services and evaluate different application and protocol parameters across the entire TCP/IP stack including Data Link Layer/Medium Access Control (L2), Network Layer (a.k.a. IP or L3), Transport Layer and Application Layer.
To carry out this analysis, you will use Wireshark. (If you haven’t already) you will need to install Wireshark on your own computer. For more information and installation instructions visit https://www.wireshark.org/. Part of finishing this assignment will be learning how to use Wireshark effectively. To do this, you can refer to the User’s Guide available here https://www.wireshark.org/docs/wsug_html_chunked/.
While Wireshark allows you to capture packets on a network interface it can also be used to read previously collected packet traces. For this assignment you will be analyzing a trace that I have already captured. You can download the trace from Blackboard(a file named p2-trace-S22.pcapng). Some of the activity in this trace contains protocols we have not gone over (or will not be going over). Other protocols, we have studied extensively in this class. In either case, there is an abundance of information in your course materials (and online), and I encourage you to read up if you are not sure what a protocol is used for.
The deliverable of this assignment is a reportin which you will explain what you saw in the trace. In order to complete the assignment, you need to do two things: (i) make sense of the trace and (ii) write the report. In both these components, there is one advanced question, which will count as extra credit for undergrads and will be mandatory for graduate students.
The remainder of this assignment provides details on how to approach the trace analysis.
1. Making sense of the trace. Begin your analysis by considering the following questions. As you answer the questions, make a note of the methodology you have used (you will need to explain this in your report):
- Mandatory for everyoneHow many packets are in the trace?What types of packets are these?What DLL/MAC addresses can you see in the trace?What IP addresses can you see in the trace?How do IP and MAC addresses map to each other?Can you tell by the trace what kind of network card was used tocapture the trace: an Ethernet adapter or a 802.11 wireless card?Can you conclude anything about the network topology on which thetrace was collected? Which was the machine (IP and MAC address) on which the trace was collected? What is the network mask? What is the default gateway? What is the vendor of the default gateway device? What is the DNS server IP? What is the DHCP server IP? Which hosts are on the local network? How many hosts are there on the local network? Can you determine some of the applications these hosts are running? Which hosts are remote (e.g. outside of the local network of the host collecting the trace)?How many hops away are the remote hosts? Which is the most “remote” host?What services/applications were accessed?Did any IP fragmentation occur? Were there any packets in whichthe “Don’t fragment” bit was set?
- Mandatory for graduate students; extra credit for undergraduate students
i. Find the traceroute session. A part of the activity captured in this trace is a traceroute session. Use what you know about traceroute (e.g. packet types and how certain fields in the packets are modified) in order to locate the traceroute packets in the pcap trace. Once you find the packets, reconstruct the entire path from source to destination. More specifically, draw a diagram with all the routers and their respective IP addresses between the traceroute source and the traceroute destination. In addition to the diagram, create a table that contains the average RTT to each hop on the path.
2. Writing your report. Being able to convey what you have learned from the trace is equally important to understanding what is going on in the trace. This section provides you with guidelines on how to organize your understanding of the trace in a nice, coherent story, so your reader can also learn from your knowledge.
- Paper format: your submission will be a single PDF file.
- Paper content. Your paper will need to answer the questions above plus anyother interesting things you have found in the trace. While the above questions provide a nice framework to analyze the trace, answering them one by one in the report will not lead to a nice coherent story; instead it will produce a hard to read and hard to understand bucket list. When writing your report consider presenting your findings in multiple levels of detail. For example, you can first provide a summary of the trace including number of
packets, number of hosts and a high-level idea of what these hosts are up to. A figure that depicts the local network architecture, and “interesting” internal and external hosts will make your story visually clear. Then describe the different services/applications you see. For each service dive in details about the packet trace associated with this service. What transport layer protocol did it use? Was that aligned with what we studied throughout the semester? Did you see anything unexpected? Describe the packets you see in the flow associated with this service. Include diagrams where appropriate. You can then conclude your report with a brief summary of what you learned from this trace.
Notethat reports submitted by graduate student must contain a description of the traceroute session and the RTT to each hop. Undergraduate students who complete the traceroute analysis will be eligible for up to 20 points extra credit.
Assignment details
The goal of this assignment is to explore the network packets associated with several typical
online activities. You will have the chance to analyze bit-by-bit the flows associated with
these services and evaluate different application and protocol parameters across the entire
TCP/IP stack including Data Link Layer/Medium Access Control (L2), Network Layer (a.k.a.
IP or L3), Transport Layer and Application Layer.
To carry out this analysis, you will use Wireshark. (If you haven’t already) you will need to
install Wireshark on your own computer. For more information and installation
instructions visit https://www.wireshark.org/. Part of finishing this assignment will be
learning how to use Wireshark effectively. To do this, you can refer to the User’s Guide
available here https://www.wireshark.org/docs/wsug html chunked/.
While Wireshark allows you to capture packets on a network interface it can also be used to
read previously collected packet traces. For this assignment you will be analyzing a trace
that I have already captured. You can download the trace from Blackboard (a file named
p2-trace-S22.pcapng). Some of the activity in this trace contains protocols we have not
gone over (or will not be going over). Other protocols, we have studied extensively in this
class. In either case, there is an abundance of information in your course materials (and
online), and I encourage you to read up if you are not sure what a protocol is used for.
The deliverable of this assignment is a report in which you will explain what you saw in
the trace. In order to complete the assignment, you need to do two things: (i) make sense of
the trace and (ii) write the report. In both these components, there is one advanced
question, which will count as extra credit for undergrads and will be mandatory for
graduate students.The remainder of this assignment provides details on how to approach the trace analysis.
1.
Making sense of the trace. Begin your analysis by considering the following
questions. As you answer the questions, make a note of the methodology you have
used (you will need to explain this in your report):
a.
Mandatory for everyone
How many packets are in the trace?
ii.
What types of packets are these?
iii. What DLL/MAC addresses can you see in the trace?
What IP addresses can you see in the trace?
iv.
v.
How do IP and MAC addresses map to each other?
vi.
vii.
Can you tell by the trace what kind of network card was used to
capture the trace: an Ethernet adapter or a 802.11 wireless card?
Can you conclude anything about the network topology on which the
trace was collected? Which was the machine (IP and MAC address)
on which the trace was collected? What is the network mask? What
is the default gateway? What is the vendor of the default gateway
device? What is the DNS server IP? What is the DHCP server IP?
Which hosts are on the local network? How many hosts are there on
the local network? Can you determine some of the applications these
hosts are running? Which hosts are remote (e.g. outside of the local
network of the host collecting the trace)?
How many hops away are the remote hosts? Which is the most
“remote” host?
viii.
ix. What services/applications were accessed?
x.
Did any IP fragmentation occur? Were there any packets in which
the “Don’t fragment” bit was set?b. Mandatory for graduate students; extra credit for undergraduate students
i. Find the traceroute session. A part of the activity captured in this
trace is a traceroute session. Use what you know about traceroute
(e.g. packet types and how certain fields in the packets are modified)
in order to locate the traceroute packets in the pcap trace. Once you
find the packets, reconstruct the entire path from source to
destination. More specifically, draw a diagram with all the routers
and their respective IP addresses between the traceroute source and
the traceroute destination. In addition to the diagram, create a table
that contains the average RTT to each hop on the path.
2. Writing your report. Being able to convey what you have learned from the trace is
equally important to understanding what is going on in the trace. This section
provides you with guidelines on how to organize your understanding of the trace in
a nice, coherent story, so your reader can also learn from your knowledge.
a. Paper format: your submission will be a single PDF file.
b.
Paper content. Your paper will need to answer the questions above plus any
other interesting things you have found in the trace. While the above
questions provide a nice framework to analyze the trace, answering them
one by one in the report will not lead to a nice coherent story; instead it will
produce a hard to read and hard to understand bucket list. When writing
your report consider presenting your findings in multiple levels of detail. For
example, you can first provide a summary of the trace including number ofpackets, number of hosts and a high-level idea of what these hosts are up to.
A figure that depicts the local network architecture, and “interesting”
internal and external hosts will make your story visually clear. Then
describe the different services/applications you see. For each service dive in
details about the packet trace associated with this service. What transport
layer protocol did it use? Was that aligned with what we studied throughout
the semester? Did you see anything unexpected? Describe the packets you
see in the flow associated with this service. Include diagrams where
appropriate. You can then conclude your report with a brief summary of
what you learned from this trace.
Note that reports submitted by graduate student must contain a description
of the traceroute session and the RTT to each hop. Undergraduate students
who complete the traceroute analysis will be eligible for up to 20 points
extra credit.
