computer networks

This project paper will discuss about the most popular network layers and their functionality. Network layer mainly describes how the frames, segments and messages are converted in to packets and how packets are labeled and shared via different networks. The understanding of network layer will give more knowledge about the certain internet protocols and usage of the protocols (IPv4 and IPv6) and also gives an overall idea about the troubleshooting tools - ping, ipconfig, tracert, and netstat. Wireshark helps in clear understanding of the network layer and the analysis of the internet protocols.

The IPv4 set the source IP address and designation IP address, it packs the data in to the IP packets, label the packets and send across the network, in the below screenshot IPv4 source IP address in 10.0.0.156 and destination IP address is 172.217.12.14. The IPv4 header has contain below details like Version determines the IPv4 protocol, header length in the minimum size of the IPv4 header 20bytes, differentiated service determines the packet prioritization (use for VOIP), total length of the packet is 40, fragmentation identification number have unique number of packets, flag’s field determines to fragment or not to fragment, if more fragment set then fragment offset sets the sequence number to order in destination, time to live determines the number of routers the packet can hop and avoids the loopback or circulating in network, protocol determines the data portion in IP datagram, header checksum is 16bit for error checking by the router, if the checksum in router does not match then packet will be destroyed, source IP address 10.0.0.156 and destination IP address 172.217.12.14, this addresses may be modified by transit network address translation (NAT)

The encryption is happened for the data transmitted between client and server with the help of handshake protocol, whenever the client start to interact with the server then client is initiated with Client Hello message TLS version, cryptographic algorithm and data compression method. The servers will response with cryptographic algorithm agreement, session ID, server digital certificate and public key. The Client Key exchange is a share key encrypted with server public key. Client also send encrypted finish message with shared secret hey to handshake complete. The server send back the encrypt finish message to client. The below example clearly explains the handshake between the client and the server

Wireshark packet details window clearly shows how the packets labeled with the source and destination IP address added and the data packet created for TCP or ICMP protocols and sent across the network. The network layer the messages are converted in the packets and labeled with source IP address and destination IP address and send via one or more networks

The Wireshark capture below shows the few network layer protocols. The protocols are internet group management protocol (IGMP), IPv4 and IPv6, and internet control message protocol (ICMP)

In Wireshark, the IP address are shown clearly, it helps to identify computer devices and the packet movement from one device to another device. The IP address found in the network layer is used to identify the source and destination device. IP addresses are connectionless and reassembled in the destination with help of TCP protocol.

Ping: Used to check the response from the server. For example ping www.google.com. The Wireshark gave the clear picture to understand that Echo ping request and echo ping reply with the TTL value.

Ipconfig: This troubleshoot command is used in the command prompt to check the system IP address and other system network details, it is useful to identify the subnet mask, ipv6 address and so on.

Tracert: The command “tracert www.google.com” in command prompt gives the full network path of the portal identified and makes easy to understand the traversal of the request and response. In wireshark all the IP address displayed in the tracert is captured and clearly explains the network path.

Netstat: The command “netstat –an” in the command prompt displayed the active connection with the current computer device, the transmission control protocol and different networks

Due to the more usage of internet, IPV6 is introduced to satisfy the more number of internet address. The IPv4 is readable and easily understandable and it consist of binary number with three dot separator. It is identified with the field IPv4 Address (Vangie, 2017)

For example, IPv4 Address: 10.0.0.55. The IPv6 is hexadecimal value with 128bit colon separated, the IPV6 is identified with the field IPv6 Address for example IPv6 Address: 2601:282:4101:5529:f881:f581:5b9a:8416, below diagram shows the field represents the IPv4 address and Ipv6 address (Vangie, 2017)

Is that on the data link or network layer?

IPv4 and IPV6 are present in network layer. The foremost job of internet protocol is to split the message in to packet and send to the gateway router computer and send across the network. The Internet protocol is connectionless protocol, so each packet takes different routes and reaches the designation in different order and now the connection oriented protocol TCP will make the order of the packet based on the sequence number, this internet protocol has the version of IPV4 and IPv6, and both the internet protocols are present in the network layer (Margaret, 2008)

Is the frame different depending if it IPv4 or IPv6?

Yes, the frame is different based on the IPv4 or IPv6. Consider the below example which is having different frame size that depends on the IPv4 and IPv6. IPv4 having 66 bytes length of frame and IPv6 having 86 bytes length, so the length of the frame is differed based on the IPV4 or IPv6

The ping is administrative command, and used to measure the roundtrip for information sent from the client system and the response from host system. It send small packets as request to host and get the response back with length and time to live (TTL). Work as the principle of echo location

After perform the ping command in command prompt the Wireshark captures network traffic requested from the client system and the response from the host system, below is the example of the ping capture from Wireshark. The domain name system (DNS) identify the IP address for the requested domain name, in the given screenshot 108.177.121.104 is the host IP address. The internet control message protocol (ICMP) transfers the information as request and response (reply)

What's the payload of the "ping" packet? Is the payload important?

The payload is a datagram’s data, it contains only ACSII values. The data length of 32 bytes and it include the 8 bytes of ICMP like 2 bytes type, 2 bytes code, 2 bytes identifier, 2 bytes sequence, the payload calculates the ruondtrip time and append in to packets, payload having Wake on LAN protocol if the host system is in non active state with some configuration, if the host sysetm is in active state then request host to process the reply for the ICMP echo request packet, the same payload will be attached in the ICMP echo response packet, the resoponse will have the same payload why because to reach the same destination clietn system, if there is size difference in the reply packet then ther is chance of ping of death (PoD), so payload is very important in ICMP (paessler, n.d.)

Does the "ping" response have a payload? Is the payload important?

Yes, the ICMP Echo reply packet has the same payload send by the ICMP Echo request packet to identify the destination, to avoid any denial of service attack with oversized packet with some malware so called ping of death. The below example show the response of the ICMP Echo reply packet with the same payload from the request

Can you determine all the "pings" based on the TTL number?

The time to live/hop limit is a value defined by the client system or host system to avoid the looping of the packets in the network, which jams the network. The value represents that how many maximum routing can be done for the current transfer, for each router reached the value will be decremented by 1 or more, if the value is greater than 0 then routing will be continued or else the routing concluded and ICMP message returned to client request system with the error message via payload. Based on the below example, the request ping command given ttl=128 (same continent) value, the reply for the ping command in ttl=45 value, thus all the ping command is are based on ttl value, the packet transmitted with value like 0- same host, 1-same subnet, 32- same site, 64- same region, 128-same continent, 255-unlimited (Margaret, 2015)

The flag enables or disables the fragmentation of the larger data packet in to small packet, if any of the flags are set then that flag will display at root flag option. The over size of the flag is 16 bits, in that first 3 bits are assigned to flags. The flags are

Reserved flag: reserved flags are already reserved for admin purpose and we cannot use the reserved flag (Ipv4-header, 2012). The size is determined as 1 bit, the value is always set to 0, the filter condition is ip.flags.rb==0,

Don’t fragment flag: if the flag is enabled then there won’t be fragmentation, the size of the flag is 1 bit. The filter condition like ip.flags.df==0

More fragments flag: If the more fragments is enabled then the larger packets are identified and fragmented in to small packets, at the same time the offset value is set for each small packets to easy identified in the destination system and ordered in the original order, the size of the flag is 1 bit. The filter condition used like ip.flags.mf==0

After adding the filter condition ip.flags.mf == 1 or ip.frag_offset > 0 and there was no IP packets fragmented in the capture. In earlier days there was DSL modem and dialup modem, that required the packet to fragmented in to small packets and send to the destination due to less number of routers and IP addresses, but in current days there are 4billion IP address and more number of routers used in networking, so very rarely will find the fragmentation of IP address

Fragmentation reduces the larger packet size in small packets and sends across the network and reassembles in the destination, below is the fields used to identify the fragmentation in IPv4 protocol, but in IPv6 the fragmentation is totally removed and the fields identification, flags, and offset not available in IPv6 (RFC-791, 1981, Page 8)

Identification field: it uses the unique field to identify the group of fragmented packet in the destination. Using the source address the packets traced. Filtered like ip.id == 0xdcd2, the size is 16bits. For example, the below diagram show the unique id 56530

Flags: it enables or disables the packets to fragment, there are three flags reserved, don’t fragment and more fragments, the reserved flag is always zero, don’t fragment does not allow fragmenting the packets and more fragments allow the packets to be fragmented below are few filter example and diagram represents the sample structure in IPv4 protocol (RFC-791, 1981, Page 8)

ip.flags.rb==0, ip.flags.df==0, ip.flags.mf==0, ip.frag_offset>0

The Offset field is gives the enough information about the packet original order and reminds the receiver about the position of the packet received at the time of reassembles, the size of the offset is 13bits

From the wireshark capture most of the IP version was IPv4 protocol, the below screen shot represents the total count of IPv4 (26066) and IPv6 (1417) protocol from the overall ethernet packets (27625) and internet protocol count 27483

Ping:

When used the ping for the www.google.com to check the response from the server, the Wireshark gave the clear picture to understand that Echo ping request and echo ping reply with the TTL value

Tracert:

when gave tracert www.google.com in command prompt the full network path of the is identified and made easy to understand the traversal of the request and response, in wireshark all the IP address displayed in the tracert is captured and clearly explain the network path

Below are the IPv4 and IPv6 address are identified in the Wireshark using endpoints and the classification are made according to the IPv4 address and IPv6 address

IPv6 addresses are classified in to three methodologies uincast, multicast and anycast (ReservedIPv6Addresses, n.d.)

The subnet mask of the system is identified using the ipconfig command. The computer and the system IP address is 10.0.0.55 and the subnet mask is 255.255.255.0, so the subnet mask for the system is 10.0.0.0/24, the same searched in the Wireshark and identified the list of subnet mask IP address used in the system

The wireshark displays the total number of packet 27625 and after filtering (ip.addr==10.0.0.0/24) for subnet mask the search count was 26066 packets, below is the screenshot take from the wireshark

This project paper explains the Network layer in detail to understand the basic functionality and the list of protocols involved in the network layer. It details the functionality of internet protocols IPv4 and IPv6, and gives a clear idea about the labeling packets with source IP address and destination IP address and the packet movement. The concept of time to live (TTL) to avoid the data packet circulating inside the network is explained. It also explains about the key fields of fragmentation and payload for the data in encrypted format. The paper helps to understand the basic functionality, protocols and packet movement in the network layer.

Ipv4-header, (Jan 26 2012), “IPv4 Header.”, https://advancedinternettechnologies.wordpress.com/ipv4-header/

Margaret R, (Mar 1 2008,), “What Is Internet Protocol? - Definition from WhatIs.Com.”, https://searchunifiedcommunications.techtarget.com/definition/Internet-Protocol

Margaret R, (Nov 1 2015), “What Is Time-to-Live (TTL)? - Definition from WhatIs.Com.”, https://searchnetworking.techtarget.com/definition/time-to-live

Vangie B, (Oct 27 2017), “What Is The Difference Between IPv6 and IPv4?”, https://www.webopedia.com/DidYouKnow/Internet/ipv6_ipv4_difference.html

Paessler, (n.d.), “Ping - Definition and Details”, https://www.paessler.com/it-explained/ping

ReservedIPv6Addresses, (n.d.), “Reserved IPv6 Addresses”, http://www.cidr-report.org/v6/as2.0/reserved-ipv6.html

RFC-791, (Sep 1 1981), Page 8, “RFC 791 - Internet Protocol”, https://tools.ietf.org/html/rfc791

Page 2 of 22