Overview

We will examine how "ping" works and learn to find ICMP packet information in a trace. We will try "ping" to different hosts to see the differences in RTT. Many hosts do not return "ping". The lab will direct you to use certain sites. The sites chosen should allow the lab to be done either in CL-24 or on your own machine on or off campus.

A Wireshark display filter of "icmp" will be helpful.

ping options in Windows

The ping command has a number of options. We will be using two options. Thus the format of "ping" is:

• -n count - count is the number of pings to do before stopping. The default is 4.

• -l size - the number of bytes of data. The default is 64 bytes.

• host - an ip-address or DNS name to send the ping to.

ping options in LINUX

The ping command has a number of options. We will be using two options. Thus the format of "ping" is:

• -c count - count is the number of pings to do before stopping. Without this parameter, ping will continue indefinitely until you use CTRL-c to stop it.

• -s size - the number of bytes of data. The default is 64 bytes.

• host - an ip-address or DNS name to send the ping to.

Saving screen output to print in Windows.

There are other ways to save command line screen output in Windows, but one way is to use "powershell" with the "tee" command like this:

powershell "ping -n 5 malone.edu | tee C:\Users\Me\filea"

Saving screen output to print in LINUX.

In LINUX, you can pipe output to the "tee" command like this:

   ping -c5 earl.rodd.us | tee /tmp/a

Output Printing

The various lab steps show output to file with names "a" through "f". You may use a prefix to your file names but be sure they end with the "a" etc. as shown.

In this lab, you need to printout two things:

1. The output of the "ping" command. The method of getting the output to a file was discussed above. You can print files by editing (e.g. notepad) and printing from the editor or your favorite ways to print.

2. The Wireshark summary. Since we don't want to be "logged on" (with mnet) because this causes a lot of extra network traffic, we want to perform the traces while not logged on. But to print in the lab, you must be logged on with mnet. Therefore we first save output to a file, and later print the files.

   To do this, follow these steps:

   • In Wireshark use File-->Print and then:

     1. uncheck every option except the "Wireshark Summary Line" to print just summary lines.

     2. Check "Plain text" and "Output to File". The instructions will suggest file names to use.

     Note: Using File-->save does not do the same thing. This saves the raw binary trace data to a file. This is not printable.

   • After performing all lab steps, then print the text file you created using your favority way to print.

The individual steps will tell you what to print. Please use the saved filenames suggested since these will be printed with the file and you (and I) can easily identify which trace is which.

Lab Steps

For each step, first start Wireshark, then perform the "ping", then stop the trace, then answer the questions, and finally print the trace if you are so directed. These instructions use the Windows versions of "ping" options using powershell and "tee" to save the output. You should be a directory in Windows (like your home) where you have write access.

1. Be sure the browser is NOT running. This can also cause excess traffic.

2. Start Wireshark

3. Ping google: powershell "ping -n5 google.com | tee a"

4. Stop Wireshark

5. Save (Print) the summary to a file: a.w

   • 1. For the first ping, compute the RTT from the trace. _________________

   • 2. Is this the same as the ping command showed? ____________

   • 3. Were any ping's lost? ____________________

   • 4. What is the ICMP message type of the ping? __________ of the Ping response? ___________

   • 5. Look at the last ping. What is the sequence number? ________

   • 6. Is it the same in the ping and response? __________

   • 7. In the last ping, what is the Identifier? __________ Is it the same in the ping reply? _______

   • 8. Can you think of a reason why pings have a sequence number?

     _______________________________________________

   • 9. In the IP header what is the Protocol field (hex) _____________ Interpretation: ____________

   • 10. In the IP header of the first ping, what is the TTL field? ________ What is the TTL field in the reply? _______________

   • 11. Speculate on how many hops there are from you to google.com. ________ Describe your logic.

     ____________________________________________________________

     ____________________________________________________________

   • 12. What happens to the ICMP numbers through the set of 5 pings?

     ____________________________________________________________

   • 13. Is there a UDP or TCP header on the ping? ____________

6. Ping yahoo.com powershell "ping -n5 yahoo.com | tee /tmp/b"

   • 14. What is the RTT of the first ping? _________

   • 15. Is the ping time generally faster or slower than google? _________

7. Ping www.optuszoo.com.au powershell "ping -n5 www.optuszoo.com.au | tee c"

   • 16. Compare the RTT time to other cases?

   • 17. What is the TTL on the returned pings? __________

   • 18. Why is this different than the TTL returned from google?

   • 19. Speculate on how many hops there are from you to www.optuszoo.com.au

     ______________________________________________

8. Ping 4.2.2.2 powershell "ping -n5 4.2.2.2 | tee d"

   • 20. Open a browser and use "whois" to find out who owns 4.2.2.2 ___________________________
     "whois" means going to the URL "whois.icann.org" and using the service. First, you need to use "nslookup" to find the name that goes with the IP address 4.2.2.2.

   • 21. Compare the RTT time to other cases. _____________________

   • 22. What might cause the difference in RTT?

     ______________________________________

   • Close the browser.

9. Start Wireshark

10. Ping ibm.com powershell "ping -n5 ibm.com | tee e"

11. After ping ends, stop Wireshark.

12. Save (Print) the summary to a file: e.w

    • 23. What does the trace show happened?

      ___________________________________________________

    • 24. Is ping sequence 1 retransmitted? _____________________

    • 25. What is the time between sinding ping requests? _____________________

13. Start Wireshark

14. ping 4.2.2.2 with a large packet so we can see fragmentation. powershell "ping -n2 -l5000 4.2.2.2 | tee f"

15. Save (Print) the summary to a file: f.w

    • 26. How does the RTT compare to our earlier ping to 4.2.2.2? ______________________________

    • 27. From this information discuss which delay seems to be most significant from propagation, nodal, transmission, and queueing.

      ________________________________________________________

      ________________________________________________________

      ________________________________________________________

      ________________________________________________________

    • 28. How many fragments are needed to send the ICMP echo? ______

    • 29. What value (hex) of the IP Header flag byte indicates that this is a fragment other than the last? _______

    • 30. What are the fragment offsets of the fragments of the first ICMP echo (ping)? ______ ______ _______ ______ _______ ______

    • 31. What are the fragment offsets of the fragments of the first ICMP echo reply (ping reply)? ______ ______ _______ ______ _______ ______

16. Print the files: a a.w b c d e e.w f f.w