//Group // Sujit Baheti 2008H112119 // Priyank Samdani 2008H112120 // Puneet Jain 2008H112121 Q.1 Trace-route is the program that shows you the route over the network between two systems, listing all the intermediate routers. Open the URL www.traceroute.org in your browser. Trace the internet path (route) from ISP server within India to www.google.com. Answer the following after observing the outputs: Note: Include the trace output in your solutions for reference. Traceroute 1 Content-Type: text/html; charset=ISO-8859-1 1 gw-mum (202.71.136.62) 1.793 ms 0.320 ms 1.376 ms 2 61.8.139.89 (61.8.139.89) 139.707 ms 201.800 ms 204.109 ms 3 125.18.8.9 (125.18.8.9) 3.065 ms 4.316 ms 4.049 ms 4 125.21.167.29 (125.21.167.29) 30.575 ms 29.708 ms 29.713 ms 5 72.14.196.101 (72.14.196.101) 30.353 ms 36.399 ms 32.342 ms 6 216.239.43.228 (216.239.43.228) 32.393 ms 33.159 ms 32.910 ms 7 216.239.43.208 (216.239.43.208) 34.844 ms 31.624 ms 32.838 ms 8 64.233.174.157 (64.233.174.157) 34.624 ms 64.233.174.153 (64.233.174.153) 45.126 ms 64.233.174.157 (64.233.174.157) 43.154 ms 9 im-in-f104.google.com (209.85.153.104) 33.915 ms 33.246 ms 31.459 ms --------------------------------------------------------------------------
Traceroute 2 Content-Type: text/html; charset=ISO-8859-1 1 gw-mum (202.71.136.62) 0.431 ms 0.384 ms 0.806 ms 2 61.8.139.89 (61.8.139.89) 0.958 ms 1.558 ms 0.934 ms 3 125.18.8.9 (125.18.8.9) 3.311 ms 3.844 ms 4.460 ms 4 125.21.167.29 (125.21.167.29) 31.858 ms 30.912 ms 33.337 ms 5 p4-2-0-0.r01.sngpsi02.sg.bb.gin.ntt.net (129.250.12.225) 118.816 ms 119.176 ms 119.775 ms 6 p16-3-3-1.r21.tokyjp01.jp.bb.gin.ntt.net (129.250.4.169) 178.036 ms 176.685 ms 178.830 ms 7 xe-3-0-0.a21.tokyjp01.jp.ra.gin.ntt.net (61.213.162.98) 175.136 ms 176.638 ms 174.432 ms 8 xe-2-1.a17.tokyjp01.jp.ra.gin.ntt.net (61.213.169.70) 180.063 ms 179.881 ms 192.642 ms 9 xe-1-3.a17.tokyjp01.jp.ra.gin.ntt.net (61.213.169.174) 187.727 ms 199.005 ms 189.276 ms 10 209.85.241.96 (209.85.241.96) 188.165 ms 187.893 ms 209.85.241.94 (209.85.241.94) 240.934 ms 11 209.85.250.90 (209.85.250.90) 186.223 ms 186.240 ms 186.436 ms 12 66.249.94.34 (66.249.94.34) 201.037 ms 66.249.94.6 (66.249.94.6) 190.511 ms 209.85.250.123 (209.85.250.123) 153.574 ms 13 66.249.94.34 (66.249.94.34) 192.079 ms 196.847 ms 66.249.94.6 (66.249.94.6) 191.244 ms 14 hk-in-f147.google.com (64.233.189.147) 153.735 ms 153.434 ms 153.374 ms --------------------------------------------------------------------------
Traceroute 3 Content-Type: text/html; charset=ISO-8859-1 1 gw-mum (202.71.136.62) 0.914 ms 0.782 ms 0.729 ms 2 61.8.139.89 (61.8.139.89) 0.960 ms 1.210 ms 1.431 ms 3 125.18.8.9 (125.18.8.9) 3.270 ms 3.521 ms 4.290 ms 4 125.21.167.25 (125.21.167.25) 31.974 ms 32.226 ms 35.373 ms 5 p4-1-2-0.r01.sngpsi02.sg.bb.gin.ntt.net (129.250.12.229) 114.987 ms 114.911 ms 113.909 ms 6 p16-3-3-1.r21.tokyjp01.jp.bb.gin.ntt.net (129.250.4.169) 177.051 ms 176.998 ms 175.717 ms 7 xe-1-0-0.a20.tokyjp01.jp.ra.gin.ntt.net (61.213.162.234) 173.427 ms 172.301 ms 171.357 ms 8 xe-1-1.a17.tokyjp01.jp.ra.gin.ntt.net (61.213.169.66) 274.997 ms 196.461 ms 200.796 ms 9 xe-1-3.a17.tokyjp01.jp.ra.gin.ntt.net (61.213.169.174) 187.284 ms 186.771 ms 189.232 ms 10 209.85.241.94 (209.85.241.94) 186.729 ms 186.491 ms 209.85.241.96 (209.85.241.96) 187.823 ms 11 209.85.252.104 (209.85.252.104) 160.162 ms 156.178 ms 155.505 ms 12 66.249.94.34 (66.249.94.34) 192.276 ms 66.249.94.6 (66.249.94.6) 194.310 ms 209.85.250.123 (209.85.250.123) 154.891 ms 13 66.249.94.34 (66.249.94.34) 203.622 ms hk-in-f99.google.com (64.233.189.99) 155.548 ms 155.227 ms -------------------------------------------------------------------------1. How many intermediate routers did you find between them? Is this number is always fixed for this source destination combination? Yes/No. Why? Note: Run the trace for same pair in different times.
Ans: 8 to 13 Intermediate routers are there in between source destination combination. No, the numbers of intermediate routers are not always fixed between source destination combinations. This number varies due to the different routing algorithm running at different routers or the request may go to some other google server which is based on DNS query. 2. What is the significance of three time value in each output line? Why are they different?
Ans: All the three time values are used for checking the roundtrip time between two routers. That is the time required for packet to reach to the destination and coming back to the source. As three different times together gives average delay between two routers. They are different due to different queuing delay in the intermediate routers of the network. www.google.com has different servers so request is forwarded for different server as per network load. 3. Did you observe any tier-1 ISP router in your trace? If yes, name the ISP.
Ans: We can’t identify any tier one ISP. 4. In your trace most of the output lines having three time values? What are these
values? Some output lines don’t have three time values. What does it mean?
Ans: These three time values indicate the time taken by packet from source to that required router and coming back to the source. It is a roundtrip time of three different packets transferred separately. Those packets that do not have three time values means that, the any one of packet which you forwarded, might be lost somewhere in the network or might be tracked in congestion somewhere. So if all the three time values are not present, indicates that link is congested. 5. Examine these time values and try to find out at which link the network may congest?
Ans: Traceroute 1 example – at second link network may congest for large time. 1 gw-mum (202.71.136.62) 1.793 ms 0.320 ms 1.376 ms 2 61.8.139.89 (61.8.139.89) 139.707 ms 201.800 ms 204.109 ms 3 125.18.8.9 (125.18.8.9) 3.065 ms 4.316 ms 4.049 ms
Q.2 Start up your web browser. Then start up the ethereal packet sniffer and then begin ethereal packet capture. Then open URL http://www.ietf.org. Open one more browser window and open http://www.yahoo.com. Wait for some time before you stop the capture. 2.A Specify filter “dns” in display-filter-specification window, so that only captured DNS packets will be displayed later in the packet-listing window. Now answer the following questions: (a) Locate the DNS query and response messages. What field indicates whether the message is a query or a response? Are then sent over UDP or TCP?
Ans: There is a Response Field in flags of DNS header, which indicates that whether the message is request or response. Here 0 indicates message is Query and 1 indicates message is Response. The both DNS packets are sent over UDP. (b) What is the destination port for the DNS query message? What is the source port of DNS response message?
Ans: The destination port for the DNS query message is 53 The Source port for the DNS response message is 53 (c) To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your local DNS server. Are these two IP addresses the same?
Ans: IP address of DNS Query message is 172.24.2.71 IP address of Local DNS server is 172.24.2.71. Both are same. (d)What is the canonical name for www.ietf.org?
Ans: We cannot see the canonical name because we are running through proxy server. (e) Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”?
Ans: DNS Query is Type A query. The Query Message does not contain any Answers. (f) Examine the DNS response message. How many “answers” are provided? What do each of these answers contain?
Ans: No, We do not found any answers in the DNS Response Message. (g)This web page contains images. Before retrieving each image, does your host issue new DNS queries?
Ans: We can’t determine due to proxy server. But as we know there should not issue any new DNS query since we know IP address of it.
2.B Specify filter “http” in display-filter-specification window, so that only captured HTTP packets will be displayed later in the packet-listing window. Now answer the following questions: (a)What kind of web server is running over www.yahoo.com?
Ans: we cannot see the name of web server is running over www.yahoo.com (b)What languages (if any) does your browser indicate that it can accept to the server?
Ans: Our browser supports the en-us language. (c)Identify a packet that carries the HTTP “GET” message.
(i)
What are the sequence and acknowledgement values in the TCP header?
Ans: Sequence Number = 237 Acknowledgment Number = 1342
(ii)
Examine the flag bits in the TCP header. What flags are set in TCP header and what is the significance of each one? Is these flags are same for all HTTP “GET” messages?
Ans: Acknowledgement Bit and Push bit are Set. Acknowledgement bit ‘1’ signifies that it is significant. Push Bit ‘1’ signifies Push function. Yes. All HTTP ‘GET’ messages have same flags set, and remaining are non set. (d)How much time elapses between the capture of the GET message and the capture of the corresponding Response message?
Ans: The Get Message Capture time = 1.977280 sec The response message capture time = 8.505716 sec The time elapsed between these two packets = 8.505716-1.977280 = 6.528436 sec (e)Determine whether the server responds with an HTTP response message or simply with a TCP ACK segment. Verify that the sequence number in the segment from the server is as expected.
Ans: The Server Responds with HTTP Response Message. Yes. It is expected sequence number. As we forward acknowledgement number in request is 1342, indicates that we received 1341 byte and expecting for 1342. So server’s sequence number is now 1342.
Q2.C Capture FTP packets from prithvi.bits-pilani.ac.in server. Now restart packet capture using ethereal and open your prithvi server account. Use some ftp commands like get, put, and list with your ftp account over Prithvi. Answer the following: (a) Are you able to distinguish between data packets and control packets? How?
Ans: No. Here we are getting only control packets. But the data packets and control packets are identified by port numbers. The control packets are having port number 21 and data packets are having port number 20. (b) Identify the transport layer protocol used for FTP in your capture. What it is it? Why?
Ans: The transport layer protocol used for FTP in our capture is TCP. The FTP needs reliable, congestion controlled, flow controlled services. All these services are provided by connection oriented, transport layer protocol, TCP. So TCP is used in FTP.
(c) Are you able to see the ftp login name and password in the captured packet? Why the password is visible?
Ans: Yes. We are able to see user name and password in the captured packet. Since the password is not in an encrypted format while packet transfers, so that password is visible when we are captured packet.