(Solved): Can you solve this  What to Submit: A PDF file or Word doc/doex file that contains the answers ...

What to Submit: A PDF file or Word doc/doex file that contains the answers to the questions in steps \( 2,3,4 \), and 5 below (including the screenshot in Step 4). Step 0: Install Wireshark on your \( \mathbf{P C} \) This project uses the Wireshark software tool to capture and examine a packet trace. A packet trace is a record of traffic at a location on the network, as if a snapshot was taken of all the bits that passed across a particular wire. The packet trace records a timestamp for each packet, along with the bits that make up the packet, from the lower-layer headers to the higher-layer contents. Wireshark runs on most operating systems, including Windows, Mac and Linux. It provides a graphical UI that shows the sequence of packets and the meaning of the bits when interpreted as protocol headers and data. It color-codes packets by their type, and has various ways to filter and analyze packets to let you investigate the behavior of network protocols. Wireshark is widely used to troubleshoot networks. You can download Wireshark from httpsi//wwwwireshark,org/tdownload A note for MAC users: The first time you open Wireshark after installation, it may prompt you to install an additional software named ChmodBPF, and it provides a link to that software, so you will just need to click the link and Wireshark will install it for you. It seems MAC computers will need ChmodBPF in order for Wireshark to run correctly. Step 1: Capture a Trace 1. Launch Wireshark and start a capture with a filter of "udp". Your capture window should be similar to the one pictured below. Perform the following steps: a. Select the interface from which to capture as the main wired or wireless interface used by your computer to connect to the Internet; you will need to single-elick on that interface to select - if you double click it will start capturing right away. (As an example, you can see in the screenshot below that the "WiFi:en0" interface was selected.) b. Enter "udp" in the "Capture... using this filter" field, as highlighted in green in the screenshot below. Note: do NOT enter any text in the "display filter" field on the top at this point (That field should be left blank for now.) c. Click on the purple shark-fin shaped button on the top row to start the capture. Figure 1: Setting up the capture options 2. When the capture is started, open a web browser and enter \( a \) hostname (e.g., w?wingov n?wopec org) that you have not visited recently. This will cause the computer to send out a DNS query to the local DNS server to find out the IP address for the given hostname. Please note; because our computers will "cache" recent DNS replies as a measure to improve performance, if you need to repeat this project multiple times, use a different hostname each time. This is to ensure that your computer will not have a cached answer so that it will send out a query to the local DNS server. 3. Once the webpage loads, you can use the red square button on the top row to stop the capture. You should now have a trace with possibly many UDP packets, Our example is shown below. In the screenshot below we selected a packet which is a DNS query for hostname reddit.com. Note that the DNS query response is also shown, which is three rows below (notice the grey arrows in front of the two rows they indicate query and response packets.) Step 2: Inspect DNS packet header in the trace To explore the details of DNS packets, inspect both a DNS query and the corresponding DNS response in the captured trace. You can apply a "DNS" display filter to quickly find out all the DNS packets. Your display should be similar to the one shown in Figure 2 above. First inspect a DNS query packet. Look for the following details: - The DNS block follows the Ethemet, IP and UDP headers. This is because DNS messages are carried in UDP segments within IP packets within Ethernet frames. - The DNS header starts with a Transaction ID that is used to link a request and the corresponding reply - they both carry the same Transaction ID. - Next come a set of flags that you can expand. They indicate whether the DNS message is a query or response, amongst other details. - Then come the number of question, answer, authority and additional records. These fields conclude the header. - After the DNS header, the remainder of the message consists of the indicated number of question, answer, authority and additional records. A DNS query typically only contains a "question", which is the hostname we are trying to resolve, but a DNS response may contain many of the other records. These records are grouped in sections, such as the Authority section for all of the authority records. Each query has a Type code that indicates the kind of record sought, whether an IP address or otherwise. Each of the other records also has a Type code that indicates whether it carries an IP address of a host, the name of a nameserver, or something else. The format of an individual record depends on its type. The entire DNS message is designed to fit within one UDP message. Repeat the above steps to inspect the corresponding DNS response packet. You should see a larger set of records in this message; while DNS queries mostly serve to carry the query, DNS responses often return a set of useful information. Answer the following questions based on your observation of DNS packet headers: 1. How many bits long is the Transaction ID? 2. Which flag bit and what values signify whether the DNS message is a query or response? (Hint: click on the small triangle expander in front of the "Flags" field to see an explanation of the various flag bits.) 3. How many bytes long is the entine DNS header? (Hint I: the DNS header includes "Transaction ID". "Flags", question count, answer nesource record \( (R R) \) count, authority resource recond (RR) count, and additional resource recond \( (R R) \) count, but does NOT include the (Hint l: the DNS header includes "Transaction ID". "Flags", question count, answer resource record' (RR) count, wuthority resource record (RR) count, and additional resource record (RR) count, but does NOT include the actual queries or answers (they are considered the payload of a DNS packet. Hint 2: To work out sizes, observe that when you click on a protocol block in the middle panel - the block itself, not the triangle expander - then Wireshark will highlight the bytes it corresponds to in the packet in the lower panel and display the length at the bottom of the window:). Step 3: Inspect UDP header in the trace A DNS packet is always encapsulated inside a UDP packet. UDP (user datagram protocol) is one of the two major protocols used at layer 4 (i.e., the "transport layer"). (The other major protocol is TCP, or transmission control protocol.) Inspect the same DNS query packet as you did in Step 2, but this time focus on the UDP header. Pay particular attention to the following header fields: - The source port number and the destination port number; recall that port numbers are the addresses used at layer \( 4 . \) - The "length" field, which specifies the length of the entire UDP packet (header plus payload). Based on your observations, please answer the following questions: 1. How long in bytes is the entire UDP header? (Hint: the size of the UDP header is the size of the entire UDP packet minus the size of the UDP payload.) 2. What are the source and destination port mumbers? Step 4: Inspect the IP header in the trace A UDP packet is always encapsulated inside an IP packet. IP (short for "Internet protocol") is the primary protocol used at layer 3 (i.e., the "network layer") Inspect the same packet as you did in Step 3 but this time focus on the IP header. Particularly, look at the following fields: - Source and destination IP addresses, which identifies the sender and receiver hosts of the packet. - The header length. - The total length, which specifies the size of the entire IP packet (header plus payload); and - The "protocol" field, which identifies the protocol used at layer \( 4 . \) Please answer the following questions based on your observation: 1. What is the size of the IP header in number of bytes? 2. What are the source and destination IP addresses? 3. Give the numeric value of the "protocol" field that - The total length, which specifies the size of the entire IP packet (header plus payload); and - The "protocol" field, which identifies the protocol used at layer \( 4 . \) Please answer the following questions based on your observation: 1. What is the size of the IP header in number of bytes? 2. What are the source and destination IP addresses? 3. Give the numeric value of the "protocol" field that identifies the upper layer protocol as UDP. 4. What are the IP addresses of the local DNS servers configured on your computer? Attached ascreenshot of the local DNS servers similar to the one shown below. Does any of the configured DNS server \( I P \) addresses match the destination \( I P \) address in the IP header? Step 5: Inspect the Ethernet header in the trace Ethernet is the primary protocol used at layer 2 (i.e., the "link layer"). Inspect the same packet as you did in Step 4, but this time focus on the Ethernet header. Particularly, look at the following fields: - Source and destination MAC addresses; and - the "type" field, which identifies the protocol used at layer \( 3 . \) Please answer the following questions: 1. What are the source and destination MAC addresses? 2. Give the numeric value of the "type" field that identifies the upper layer protocol (could be IPv4 or IPv6).