Link to home
Start Free TrialLog in
Avatar of Software Software
Software SoftwareFlag for Austria

asked on

Wireshark - A few questions 2

Hello,
I have a few questions about Wireshark.
Thank you.

1) What is the duration of package No. 3 from the sender to the recipient?
Runtime = (time stamp No. 4 - time stamp No. 3) / 2

Why have I to divide by 2?

2) How many routers does packet no. 4 go through from sender to receiver?
TTL(packet 3) - TTL(packet 4)

Why have I to subtract TTL(packet 4) from TTL(packet 3) ? Can you explain it in simple words?


3) How can you tell whether the IP header of a packet has optional parameters?

4) What is the maximum length of an IP datagram? From which parameter of the IP header can you derive this maximum length?
Avatar of noci
noci

1) You need to device by 2 because you have 2 packets involved, between the two packets you have the round trip time. (time between an answer on your packet..  Travel / Run time (one direction) is haf that time assuming remote processing time = 0 and speeds both ways are equal.

2) Each router subtracts its own local processing time(in seconds)  from the time to live (TT) field. If the time is  <1 second, at least 1 one MUST be subtracted.
As all routers have processing in the sub milisecond range all routers subtract one from the TTL

3) Analyze the header-segments for IPv6, check the optional fields for non-zero in IPv4.

4) What field would YOU use from all the interface specs.... And did you actually look at the IP headers?

Avatar of Software Software

ASKER

Based on question 3)
I can't find any indication of whether the header has optional parameters
User generated image

Based on question 4)
Is the Total Length(1028 Bytes) field the maximum length of an IP-datagram?
And I still don't know the second question.
From which parameter of the IP header can you derive this maximum length?

You will have to compare the header to the SPECIFICATION of an IP header.....  see RFC describing the IP header, THERE is an indication if a field is mandatory or optional.
One such optional field is priority... There are optional flags...,  optional field MAY be omitted from in a wire capture. They are optional so they may not be present in a printout of found data?...
Hint: how much bits does the header length have, how large a segment of data can be described?

Options/Padding are optional parameters.
But still can't answer question 3 and 4.

3) How can you tell whether the IP header of a packet has optional parameters?
                         
4) What is the maximum length of an IP datagram? From which parameter of the IP header can you derive this maximum length?                         
An IP header has at least 20 bytes. That means if the IP header
is greater than 20 bytes, the header then has optional parameters?
If you KNOW which of the header fields are OPTIONAL and IF they are PRESENT... then you know if they are used. If they are absent in packet header dump, they are shown because they are used then.
With IPv6 they made the header structure different, each field has it's own full descriptor, etc. Then the header grows if optional fields are used.
With IPv4 the header is ALWAYS 20 bytes,
Other  optional data is f.e. DSCP header of 0 it means default class of delivery.

In the IP Header there is a total packet size...., 16 bits: 2^16 = 65535 bytes / packet MAX.  Quite basic knowledge.... if not then start at learning about binary arithmatic, etc.  you WILL need some basic understanding if you want do delve into packets, network lowe levels etc.

This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.