Reference no: EM133033575

Wire shark analysis

Objectives

Your day-to-day online interactions generate large volumes of packets that are carefully hidden from you, the end user, and from the application. The TCP/IP model enables this abstraction. The goal of Project 2 is to familiarize yourself with the underlying network activity as several day-to-day online activities are carried out To complete this assignment, you will use Wireshark.

Assignment details

The goal of this assignment is to explore the network packets associated with several typical online activities. You will have the chance to analyze bit-by-bit the flows associated with these services and evaluate different application and protocol parameters across the entire TCP/IP stack including Data Link Layer/Medium Access Control (L2), Network Layer (a.k.a. IP or L3), Transport Layer and Application Layer.

To carry out this analysis, you will use Wireshark. (If you haven't already) you will need to install Wireshark on your own computer. Part of finishing this assignment will be learning how to use Wireshark effectively.

While Wireshark allows you to capture packets on a network interface it can also be used to read previously collected packet traces. For this assignment you will be analyzing a trace that I have already captured. You can download the trace from Blackboard. Some of the activity in this trace contains protocols we have not gone over (or will not be going over). Other protocols, we have studied extensively in this class. In either case, there is an abundance of information in your course materials (and online), and I encourage you to read up if you are not sure what a protocol is used for.

The deliverable of this assignment is a report in which you will explain what you saw in the trace. In order to complete the assignment, you need to do two things: (i) make sense of the trace and (ii) write the report. In both these components, there is one advanced question, which will count as extra credit for undergrads and will be mandatory for graduate students.

The remainder of this assignment provides details on how to approach the trace analysis.

1. Making sense of the trace. Begin your analysis by considering the following questions. As you answer the questions, make a note of the methodology you have used (you will need to explain this in your report):
a. Mandatory for everyone
i. How many packets are in the trace?
ii. What types of packets are these?
iii. What DLL/MAC addresses can you see in the trace?
iv. What IP addresses can you see in the trace?
v. How do IP and MAC addresses map to each other?
vi. Can you tell by the trace what kind of network card was used to capture the trace: an Ethernet adapter or a 802.11 wireless card?
vii. Can you conclude anything about the network topology on which the trace was collected? Which was the machine (IP and MAC address) on which the trace was collected? What is the network mask? What is the default gateway? What is the vendor of the default gateway device? What is the DNS server IP? What is the DHCP server IP? Which hosts are on the local network? How many hosts are there on the local network? Can you determine some of the applications these hosts are running? Which hosts are remote (e.g. outside of the local network of the host collecting the trace)?
viii. How many hops away are the remote hosts? Which is the most "remote" host?
ix. What services/applications were accessed?
x. Did any IP fragmentation occur? Were there any packets in which the "Don't fragment" bit was set?

b. Mandatory for graduate students; extra credit for undergraduate students
i. Find the traceroute session. A part of the activity captured in this trace is a traceroute session. Use what you know about traceroute (e.g. packet types and how certain fields in the packets are modified) in order to locate the traceroute packets in the pcap trace. Once you find the packets, reconstruct the entire path from source to destination. More specifically, draw a diagram with all the routers and their respective IP addresses between the traceroute source and the traceroute destination. In addition to the diagram, create a table that contains the average RTT to each hop on the path.

2. Writing your report. Being able to convey what you have learned from the trace is equally important to understanding what is going on in the trace. This section provides you with guidelines on how to organize your understanding of the trace in a nice, coherent story, so your reader can also learn from your knowledge.

a. Paper format: your submission will be a single PDF file.

b. Paper content Your paper will need to answer the questions above plus any other interesting things you have found in the trace. While the above questions provide a nice framework to analyze the trace, answering them one by one in the report will not lead to a nice coherent story; instead it will produce a hard to read and hard to understand bucket list When writing your report consider presenting your findings in multiple levels of detail. For example, you can first provide a summary of the trace including number of packets, number of hosts and a high-level idea of what these hosts are up to. A figure that depicts the local network architecture, and "interesting" internal and external hosts will make your story visually clear. Then describe the different services/applications you see. For each service dive in details about the packet trace associated with this service. What transport layer protocol did it use? Was that aligned with what we studied throughout the semester? Did you see anything unexpected? Describe the packets you see in the flow associated with this service. Include diagrams where appropriate. You can then conclude your report with a brief summary of what you learned from this trace.

Note that reports submitted by graduate student must contain a description of the traceroute session and the RTT to each hop. Undergraduate students who complete the traceroute analysis will be eligible for up to 20 points extra credit.