ET 577

ADVANCED
COMPUTER
NETWORKING.
PRACTICAL WORK, SPRING 2021.

Instructor: Dr. Oladayo Bello.

Department of Engineering Technology.
 TABLE OF CONTENTS.
1. INTRODUCTION.
1.1 General Instructions
1.2 Grading: Points Allocation.
2. Activity 1: FILTERING BASED ON HOST, SUBNET
ADDRESS OR CONVERSATION.
3. Activity 2: FILTERING AN APPLICATION BASED ON
PORT NUMBER AND APPLICATION NAME.
4. Activity 3: EXAMINING ENCAPSULATION AND
PROTOCOL DISTRIBUTION.
5. Optional Activity: EXPLORING CRC MECHANISM.

2
ET 577 ADVANCED NETWORKING
 INTRODUCTION.
1.1 General Instructions.
1. Answer ALL questions for FULL points.
2. Ensure that you are concise and that your explanation is comprehendible. Focus on providing direct
(straight to the point) answers to specific questions, do not “beat around the bush”.
3. Points will be given to answers that are concise, understandable, and clear.
4. For any activity involving calculation or coding, ensure that your steps are neatly done.
5. Ensure that all non-personal contents are cited, and references listed appropriately using the Harvard
citation format.
6. Create a Worksheet with your Name and Practical #. Hand-in a pdf file of your worksheet on Canvas. Note
that worksheet presentation will be awarded points.
7. Always provide appropriate labels and captions for figures and required snips for the practical tasks.

1.2 Grading: Points Allocation.

Activity Answers to questions

Activity 1 Q2.1 3
Activity 1 Q2.2 2
Activity 1 Q3.1 2
Activity 1 Q3.2 2
Activity 1 Q3.3 4
Activity 1 Q4.1 2
Activity 1 Q4.2 3
Activity 1 Q5.1 2
Activity 1 Q6.1 3
Activity 2 Q1.1 5
Activity 2 Q2.1 2
Activity 2 Q2.2 5
Activity 2 Q3.1 3
Activity 2 Q3.2 4
Activity 2 Q4.1 5
Activity 2 Q4.2 3
Activity 2 Q4.3 5
Activity 3 Q5 20
Activity 3 Q6 15
Referencing (citing and listing) 5
Work sheet presentation. 5

Final point 100

3
ET 577 ADVANCED NETWORKING
Activity 1: FILTERING BASED ON HOST, SUBNET ADDRESS OR CONVERSATION

Introduction
When traffic is captured, the trace file will contain conversations between many hosts (devices) on the
network. However, only the traffic between specific hosts (client and server) maybe of interest. To view such
traffic of interest, a display filter based on host address, subnet address or conversation can be applied.
Objective
• To explore and use the filter function of Wireshark.
Requirements
• Textbook
• Internet connectivity.
• Download and install Wireshark software.
Tasks
• Examine the address resolution details and filter based on the subnet address used by cnn.com.
Answer the activity’s questions.
Step 1: Download and open tr-cnn.pcapng.
Step 2: Examine the name resolution information in the trace file. Select STATISTICS->RESOLVED
ADDRESSES.
2.1. Extract and list the conversations between the client and cnn.com servers. (3 points)
2.2. Take a snip of the Window displayed, paste it on your workbook, click "OK" to close window. (2 points)
Step 3: Open the trace file if it closes and Navigate to the DISPLAY FILTER area, enter
ip.addr==157.166.0.0/16 and click APPLY. Look into the STATUS BAR.
3.1. How many packets matches this filter? (2 points)
3.2. Circle the DISPLAY FILTER section and the area on the STATUS BAR that gives this information. Take a
snip of the Window and paste it on your worksheet. (2 points)
3.3. Give a relevance or use of this information. (4 points)
Step 4: Select FILE, then EXPORT SPECIFIED PACKETS. The DISPLAYED button should be selected by default.
Name the file as “tr-cnntraffic.pcapng“ and save.
4.1. Take a snip of the window and paste it on your worksheet. (2 points)
4.2. Upload this file with your worksheet submission. (3 points)
Step 5: Open “tr-cnn.pcapng" right click on PACKET 3 in the PACKET LIST pane and select CONVERSATION
FILTER, then TCP.
5.1 How many packets matches this filter? (2 points)
Step 6: Select FILE, EXPORT SPECIFIED PACKETS. Name the file "tr- cnncov1pcapng”, click save.
6.1 Upload this file with your worksheet submission. (3 points)

4
ET 577 ADVANCED NETWORKING
 Activity 2: FILTERING AN APPLICATION BASED ON PORT NUMBER AND
APPLICATION NAME.
Introduction
A display filter can also filter based on an application's name or the port number in use. For example, filtering
can be done for UDP-based applications using the application name to view UDP traffic. However, if an
application is TCP-based, traffic should be filtered based on port numbers in other to view the TCP overhead
and the application traffic.

Objective
• To explore and use the filter function of Wireshark.

Requirements
• Textbook
• Internet connectivity.
• Download and install Wireshark

Tasks
• Filter traffic based on port number and application name and examine the benefit of port-based
filtering. Answer the activity’s questions.

Step 1: Download and open "tr-twohosts pcapng".

1.1 Examine the trace file and do an internet search. List all information that could constitute or contribute
to TCP overhead. (5 points)

Step 2: Filter all traffic to and from 192.168.1.119, by entering “ip.addr==192.168.1.119“ in the DISPLAY
FILTER AREA and click APPLY. Look for packet 3959. Expand the FTP section in the PACKET DETAILS pane.
2.1 Which port number is the server listening on for the FTP data? (2 points)
2.2 Circle the port number to identify it and take a snip of the Window that appears and paste it on your
worksheet. (5 points)

Step 3: Enter “tcp.port == 39757” in the DISPLAY FILTER, click APPLY.

3.1 How many packets matches this filter? (3 points)
3.2 View the trace file. What can you observe about the FTP data channel traffic? (Hint: what does port-based
filtering enable us to view?) (4 points)

Step 4: Filter traffic based on application name. Replace the TCP port filter with “ftp-data” then click APPLY.
4.1 Take a snip of the window that appears and paste it on your worksheet. (5 points)
4.2 Explain your observation? (Hint: Does application name filtering display TCP overhead information?) (3
points)
4.3 Why is application filtering method more applicable for UDP traffic? (5 points)

5
ET 577 ADVANCED NETWORKING
 Activity 3: EXAMINING ENCAPSULATION AND PROTOCOL DISTRIBUTION.
Introduction
Encapsulation is the process by which the protocol layers interact and pass information up and down the
protocol stack. Encapsulation is done by creating a wrapper for the PDU of each layer and then appending a
header information to identify and describe it.
Objective
• To explore how encapsulation and view protocol distribution in a network connection using
Wireshark.
Requirements
• Textbook
• Internet connectivity.
• Download and install Wireshark.
Tasks
Step 1: Start a capture on Wireshark.
Step 2: Complete several different Internet transactions from your computer, i.e. browse different websites
for several minutes (the longer the better).
Step 3: Stop the capture and save the file as “Your Initials-Encaps”.
Step 4: Examine the packets captured and find examples of ARP, ICMP, TCP, UDP AND IP.
Step 5: Filter each type of protocol in the file,
a) Take a snip of the filtered protocols (at least 4) and label each snip as “Protocol name (e.g., ARP). Paste
all snips in your worksheet. (8 points)
b) Describe these protocols in terms of their encapsulation and protocol stacks. (12 points)
Step 6: From the statistics menu in Wireshark, select Protocol Hierarchy.
a) Examine and determine the distribution of protocols and the compute the percentage of each generated
protocol (5 points).
b) What is the most common upper layer protocol? (5 points)
c) What caused it (b) to be generated? (5 points)

Optional Activity: EXPLORING CRC MECHANISM.

Answer the following questions for 20 extra credit.
• Assuming the generator polynomial x 5 + x 3 + x0, what is the CRC code for the following bit sequence:
0110111001111011110111111010111?
1. Manually compute the solution for the question show your steps. (5 points)
2. Manually encode the message bits 10010011011 with a Cyclic Redundancy Check (CRC) scheme using
polynomial 𝑥 4 + 𝑥 + 1. Show your steps. (5 points)
3. If an error pattern of 100010000000000 is introduced. Manually compute the bits received. Show your
steps. (4 points). Will the error be detected? (1 points)
4. If an error pattern of 100110000000000 is introduced. Manually compute the bits received. Show your
steps (4 points). Will the error be detected? (1 points)

6
ET 577 ADVANCED NETWORKING