Name: Đỗ Minh Bảo Huy

ID: N22DCCN133

IP
1. Select the first UDP segment sent by your computer via the traceroute command
to gaia.cs.umass.edu. (Hint: this is 44th packet in the trace file in the ip-wireshark-
trace1-1.pcapng file in footnote 2). Expand the Internet Protocol part of the packet
in the packet details window. What is the IP address of your computer?

- The IP address of my computer is 192.168.86.1

2. What is the value in the time-to-live (TTL) field in this IPv4 datagram’s header?

- Time to Live : 1
3. What is the value in the upper layer protocol field in this IPv4 datagram’s
header? [Note: the answers for Linux/MacOS differ from Windows here].

- Protocol: UDP (17)

4. How many bytes are in the IP header?
- There are 20 bytes in the IP header
5. How many bytes are in the payload of the IP datagram? Explain how you
determined the number of payload bytes.
- There are 56 bytes total length (including 20 bytes in IP header), this gives 36
bytes in the payload of the IP datagram.
6. Has this IP datagram been fragmented? Explain how you determined whether or
not the datagram has been fragmented.
- The more fragments bit = 0, so the data is not fragmented.
7. Which fields in the IP datagram always change from one datagram to the next
within this series of UDP segments sent by your computer destined to
128.119.245.12, via traceroute? Why?
- Identification, Time to live and Header checksum always change.
8. Which fields in this sequence of IP datagrams (containing UDP segments) stay
constant? Why?
- The fields that stay constant across the IP datagrams are:
• Version (since we are using IPv4 for all packets)
• Header length (since these are ICMP packets)
• Source IP (since we are sending from the same source)
• Destination IP (since we are sending to the same dest)
• Differentiated Services (since all packets are ICMP they use the same Type of
Service class)
• Upper Layer Protocol (since these are ICMP packets)
9. Describe the pattern you see in the values in the Identification field of the IP
datagrams being sent by your computer.
- The pattern is that the IP header Identification fields increment with each ICMP
Echo (ping) request.
10. What is the upper layer protocol specified in the IP datagrams returned from
the routers? [Note: the answers for Linux/MacOS differ from Windows here].
- ICMP ( Internet Control Mesage Protocol)
11. Are the values in the Identification fields (across the sequence of all of ICMP
packets from all of the routers) similar in behavior to your answer to question 9
above?
- Yes, there are.
12. Are the values of the TTL fields similar, across all of ICMP packets from all of
the routers?
- The TTL field remains unchanged because the TTL for the first hop router is
always the same.
13. Find the first IP datagram containing the first part of the segment sent to
128.119.245.12 sent by your computer via the traceroute command to
gaia.cs.umass.edu, after you specified that the traceroute packet length should be
3000. (Hint: This is packet 179 in the ip-wireshark-trace1-1.pcapng trace file in
footnote 2. Packets 179, 180, and 181 are three IP datagrams created by
fragmenting the first single 3000-byte UDP segment sent to 128.119.145.12). Has
that segment been fragmented across more than one IP datagram? (Hint: the
answer is yes4!)
- Yes, It had 3 fragment
14. What information in the IP header indicates that this datagram been
fragmented?
- In the IP header of the first fragment the more fragment flag was set. It indicates
that it has another fragment.
15. What information in the IP header for this packet indicates whether this is the
first fragment versus a latter fragment?
- Since the fragment offset is 0, we know that this is the first fragment.
16. How many bytes are there in is this IP datagram (header plus payload)?
- 1480 bytes
17. Now inspect the datagram containing the second fragment of the fragmented
UDP segment. What information in the IP header indicates that this is not the first
datagram fragment?
- The flag is 0x0. That means it has not any fragment.
18. What fields change in the IP header between the first and second fragment?
- Total length.- Flag.4 Note: if you find your packet has not been fragmented, you
should download the zip file in footnote 2 and extract the trace file ip-wireshark-
trace1-1.pcapng . If your computer has an Ethernet or WiFi interface, a packet size
of 3000 should cause fragmentation.
- More fragement.- Fragement offset.
19. Now find the IP datagram containing the third fragment of the original UDP
segment. What information in the IP header indicates that this is the last fragment
of that segment?
- More fragement and fragement offset.
20. What is the IPv6 address of the computer making the DNS AAAA request?
This is the source address of the 20th packet in the trace. Give the IPv6 source
address for this datagram in the exact same form as displayed in the Wireshark
window5.

21. What is the IPv6 destination address for this datagram? Give this IPv6 address
in the exact same form as displayed in the Wireshark window.
- 2402:800:63a9:f381:5349:bd50:3c4:61bf
22. What is the value of the flow label for this datagram?
- Flow label: 0x5e10 (24080)
23. How much payload data is carried in this datagram?
- Payload data is carried in this datagram with 351 length.
24. What is the upper layer protocol to which this datagram’s payload will be
delivered at the destination?

- Destination address: 2001:558:feed::1

25. How many IPv6 addresses are returned in the response to this AAAA request?
- It has 2 IPv6 address are returned in the response to this AAAA request
26. What is the first of the IPv6 addresses returned by the DNS for youtube.com
(in the ip-wireshark-trace2-1.pcapng trace file, this is also the address that is
numerically the smallest)? Give this IPv6 address in the exact same shorthand form
as displayed in the Wireshark window.

- The first of the IPv6 addresses returned by the DNS for youtube.com is AAAA -
2402:800:63a9:f381:5349:bd50:3c4:61bf.