Data Networking Protocol Analysis and Networking Application Performance

Part A: Protocol Analysis using Wireshark

The aim of this coursework is to give opportunity to the students to obtain skills in the areas of data networking protocol analysis and networking application performance evaluation using both emulation and simulation tools.

The aim of this coursework is to understand the protocol analysis that must be carried out in a network by parsing information from different layers.

Coursework Specification Carry out the following tasks:

Clear the ARP Cache of your host (https://www.technipages.com/windows-10-flush-arpcache)

Open the Wireshark program

Start capturing the packets in the Wireshark

Open the Web browser, clear the history (cache) of the Web browser. If your studentid is even use the following URL http://www.tesco.com, otherwise type http://www.sainsburys.co.uk

After 2 minutes close the Web browser

Stop capturing the packets in the Wireshark

1. Display all the packets of:
a. TCP
b. UDP
c. HTTP

2. TCP uses a three-way handshake to establish a reliable connection. In the captured data, provide a screenshot that shows the TCP handshake process. Describe the packets exchanged during this process.

3. Apply a filter mechanism for the TCP packet used by HTTP for the communication between the Web browser and the Web Server. Find the following information:
a. IP address of the sender
b. IP address of the receiver
c. Segment size
d. Port numbers at both sender and receiver,
e. Sequence Number
f. ACK No and Window Size from Acknowledgment.

4. The User Datagram Protocol, or UDP, is a communication protocol used across the Internet for especially time-sensitive transmissions such as video playback or DNS lookups. Explain the various fields of a UDP header of the captured data. By default, the checksum is unverified. How can we set the checksum verified for all the UDP packets?

Latency is a measurement of how long it takes to transmit a packet from one point to another. Network latency bogs down the network and can create delays. In addition, it can cause the loading of web pages to slow down and can also have a negative effect on voice and video applications as well. Latency can be measured using Round-Trip Time (RTT), which is how long it takes to make a complete round trip from A to B, and then from B to A. Throughput is how much data is sent and received (typically in bits per second) at any given time. In Wireshark, we can measure this as well as goodput, which is useful information that is transmitted.

Clearing ARP Cache

Go to the URL https://www.cloudshark.org/captures/9a5385b43846 and download the clientfast-retrans.pcap file. Once download is completed, open the file in Wireshark and find the following:

5. Display the RTT graph and explain the behaviour of the network.

6. Display the throughput and explain it with respect to time. What are the factors that can affect the network throughput?

The IP provides addressing and routing to get data to its final destination. Once the data is at the desired network, the IP address is no longer needed. The reason is that on a LAN, the data link layer uses the MAC address of the destination machine, rather than the IP address. ARP resolves an IP address to a MAC address on a LAN so that the frame can be delivered
to the appropriate host.

7. The following figure shows the information of the first 2 ARP packets. Describe in your own words the information displayed in each column.

8. Apply ARP filter on the captured data and explain the ARP header fields with a figure/screenshot.

9. ARP spoofing is also known as an ARP cache poison and is used in man-in-the-middle attacks. The attacker will spoof its MAC address so instead of traffic going to the actual host, traffic will go to the host with the spoofed MAC address. The attacker can launch ARP storm by making large number of ARP requests (Denial of Service (DoS attack).

Wireshark can be used to monitor or spot the ARP storm attack. How we can setup the ARP in Wireshark to detect ARP storm? Support your answer by appropriate description and screenshot.

10. The File Transfer Protocol is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. How can we capture the FTP operations in Wireshark? Provide the description each step with appropriate screenshot.

Using the packet tracer, provide step by step description of the following activities.

1. Create a simple network consisting of two PCs communicating using cross over cable. (See above figure)

2. Ping PC2 from PC1 and check the connectivity.

A hub is a physical layer networking device which is used to connect multiple devices in a network. They are generally used to connect computers in a LAN. Using the packet tracer, provide step by step description of the following activities.

3. Create a network consisting of 4 PCs connected with a central hub as shown in figure.

4. Send a packet from PC6 to PC9.

5. Describe in your own words the limitations of Hub by simulating the network in the given figure.

A network switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A network switch is a multiport network bridge that uses MAC addresses to forward data at the data link layer of the OSI model.