(Note that on a Windows machine, the command is “tracert” and not “traceroute”.) If you?re outside of Europe, you may want to enter www.inria.fr for the Web server at
INRIA, a computer science research institute in France. Then run the Traceroute program by typing return.
? When the Traceroute program terminates, stop packet capture in Wireshark.
At the end of the experiment, your Command Prompt Window should look something like Figure 4. In this figure, the client Traceroute program is in Massachusetts and the target destination is in France. From this figure we see that for each TTL value, the source program sends three probe packets. Traceroute displays the RTTs for each of the probe packets, as well as the IP address (and possibly the name) of the router that returned the ICMP TTL-exceeded message.
Figure 4 Command Prompt window displays the results of the Traceroute program.
Figure 5 displays the Wireshark window for an ICMP packet returned by a router. Note that this ICMP error packet contains many more fields than the Ping ICMP messages.
Figure 5 Wireshark window of ICMP fields expanded for one ICMP error packet.
What to Hand In:
For this part of the lab, you should hand in a screen shot of the Command Prompt window.
Whenever possible, when answering a question below, you should hand in a printout of the packet(s) within the trace that you used to answer the question asked. Annotate the printout to explain your answer. To print a packet, use File->Print, choose Selected packet only, choose Packet summary line, and select the minimum amount of packet detail that you need to answer the question.
Answer the following questions:
5. What is the IP address of your host? What is the IP address of the target destination host? 6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be
01 for the probe packets? If not, what would it be?
7. Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping
query packets in the first half of this lab? If yes, how so?
8. Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo
packet. What is included in those fields?
9. Examine the last three ICMP packets received by the source host. How are these packets
different from the ICMP error packets? Why are they different?
10. Within the tracert measurements, is there a link whose delay is significantly longer than
others? Refer to the screenshot in Figure 4, is there a link whose delay is significantly longer than others? On the basis of the router names, can you guess the location of the two routers on the end of this link?
3. Extra Credit
For one of the programming assignments you created a UDP client ping program. This ping program, unlike the standard ping program, sends UDP probe packets rather than ICMP probe packets. Use the client program to send a UDP packet with an unusual destination port number to some live host. At the same time, use Wireshark to capture any response from the target host. Provide aWireshark screenshot for the response as well as an analysis of the response.