Wireshark TCP/IP Layers Study: Packet Traces Analysis

Task 1: Frame Structure [6 marks]

The learning outcomes that are assessed by this coursework are:
1 The student will be able to differentiate between, and explain the characteristics of, different types of network.
2 Explain the fundamental functions of networking, e.g., the rationale and application of different data compression algorithms, synchronisation, addressing, flow control, error detection and correction, line utilisation, routing, applications, etc.

Aim: In this assignment, you will use Wireshark to study TCP/IP layers by capturing and examining packet traces.
What to submit: Your coursework must be submitted as a report. Snapshots of the Wireshark interface showing the details of the captured traces should be included in the report. You must submit the report electronically in Word or PDF format to Turnitin. All references must be in IEEE format. 

Task 1: Frame Structure [6 marks]
Find the GET HTTP packet in the trace similar to the snapshot presented in Fig. 1. Examine the details of the Frame presented in the middle panel of the Wireshark graphical interface. 1) To demonstrate your understanding of hierarchy protocols, present the packet you examined showing the size in bytes of the TCP, IP, and Ethernet protocol header fields, their payloads, and their relative position to each other in the Frame as observed using Wireshark. [4 marks]
2) By examining the details of the Ethernet and IP headers in your trace, answer the following questions:
a. Which Ethernet header field is the demultiplexing key that indicates the next higher layer is IP? What value is used in this field to indicate “IP”? [1 mark]
b. Which IP header field is the demultiplexing key that indicates the next higher layer is TCP? What value is used in this field to indicate “TCP”? [1 mark]

Task 2: Ethernet [6 marks]
Find a GET HTTP packet in the trace similar to the snapshot presented in Fig. 1. Examine the details of the packet presented in the middle panel of the Wireshark graphical interface.

1) Sketch a figure of the GET message that shows the position and size in bytes of the Ethernet header fields (show the range of the Ethernet header and the Ethernet payload). [2 marks]
2) Draw a figure that shows the relative positions of your computer, the router, and the remote server. Label your PC/laptop and the router with their Ethernet addresses. Label your PC/laptop and the remote server with their IP addresses. [2 marks]

Change the display filter to arp, which denotes ‘address resolution protocol’.
Choose a packet, expand the Ethernet header field (using the “>” expander or icon) andexamine the details.
3) What is the broadcast Ethernet address and which bit of the Ethernet address is used to determine whether it is unicast or multicast/broadcast? Show a snapshot of your trace that supports your answer. [2 mark]

Task 3: IP Packet Structure [12 marks]
Change the display filter to “ip”.
1) Select any packet in the trace and expand the IP header fields (using the “+” expander or icon) to see the details similar to the snapshot presented in Fig. 2. Examine the details of the IP header fields presented in the middle panel of the Wireshark graphical interface. By examining the details of the IP packets in your trace, answer the following questions:
a. What does the TTL field represent and what is its initial value? Discuss the importance of this field. [2 mark]
b. What does the Total Length field include? Provide an example from the trace to support your answer. [2 mark]
c. How can you check whether a packet has been fragmented? Discuss all possible cases. [3 mark]

2) What is the percentage of TCP packets in your captured trace to the total traffic? What is the percentage of UDP ones? Generate an I/O Graph that shows the traffic of each of those transport protocols. [Your answer should be supported by appropriate snapshot(s) of Wireshark.] [3 marks]
3) Use Wireshark to measure the average bit rate of your captured trace (or the trace you obtained from the BB module shell) [2 marks]
Task 4: IP Header Checksum [5 marks]
1) Pick a packet from the trace captured in the previous task, and check that the IP header checksum is correct. Your answer should clearly show the summation process and a snapshot. [2 marks]
2) Explain why the checksum in IP covers only the header and not the data. [3 marks]
Task 5: IEEE 802.11 Standards [7 marks]
Among the recent advances in 802.11 is the introduction of IEEE 802.11ax also known as WiFi 6.
Describe IEEE 802.11ax highlighting its underlying technologies
Compare the main features of IEEE 802.11ax to those of IEEE 802.11ac and the proposed IEEE 802.11ay
The development of the next WiFi generation, WiFi 7, has attracted a lot of research interest recently. Highlight the main specifications projected to be met by WiFi 7 or IEEE 802.11be and its potential features.