Lab 1:

Objective: To make the students aware about the IT/Network infrastructure of their parent
institute. Introduction to the lab infrastructure, the cabling/cable type and
specifications/switch/topology/router/network infrastructure, Internet Connectivity, Wi-fi
Connectivity of your department (labs and lecture halls) and how it is connected with the
overall institute level IT infrastructure, How the institute obtains Internet Connectivity from
its ISP, The Bandwidth and other specifications, Visit to the Computer Center of the Institute,
Introduction to various Enterprise Servers/Servers of Licensed Software, Server hardware
configuration, Server Management Tools, Enterprise Level Firewall, etc. So, lab 1 is intended
as an in-campus IT infrastructure industrial visit for students. Students are supposed to
prepare a report of this visit. Students are also supposed to note down the model/make of
various network interface devices (NIC card, switch, router) used in their
lab/department/institute, download their technical specifications from their respective web-
site and attach those specifications in the report. The significance and interpretation of these
specifications may be discussed by the faculty member during the corresponding lab/lecture
hours pertaining to that particular device.

The types of CABLES used in networks are:

Unshielded Twisted Pair (UTP) Cable
Shielded Twisted Pair (STP) Cable
Coaxial Cable
Fiber Optic Cable

Twisted pair cabling comes in two varieties: shielded and unshielded.

Unshielded twisted pair (UTP) is the most popular and is generally the best option for school networks
Unshielded twisted pair The quality of UTP may vary from telephone-grade wire to extremely high-
speed cable. The cable has four pairs of wires inside the jacket. Each pair is twisted with a different
number of twists per inch to help eliminate interference from adjacent pairs and other electrical
devices. The tighter the twisting, the higher the supported transmission rate and the greater the cost
per foot. The EIA/TIA (Electronic Industry Association/Telecommunication Industry Association) has
established standards of UTP and rated six categories of wire (additional categories are emerging).

Shielded Twisted Pair (STP) Cable Although UTP cable is the least expensive cable, it may be susceptible
to radio and electrical frequency interference (it should not be too close to electric motors, fluorescent
lights, etc.). If you must place cable in environments with lots of potential interference, or if you must
place cable in extremely sensitive environments that may be susceptible to the electrical current in the
UTP, shielded twisted pair may be the solution. Shielded cables can also help to extend the maximum
distance of the cables. Shielded twisted pair cable is available in three different configurations: Each pair
of wires is individually shielded with foil. There is a foil or braid shield inside the jacket covering all wires

Subject: Computer Networking (Prof. Ketna Patel) Page 1

(as a group). There is a shield around each individual pair, as well as around the entire group of wires
(referred to as double shield twisted pair).

Coaxial Cable
Coaxial cabling has a single copper conductor at its center. A plastic layer provides insulation between
the center conductor and a braided metal shield (See fig. 3). The metal shield helps to block any outside
interference from fluorescent lights, motors, and other computers. Fig. 3. Coaxial cable Although coaxial
cabling is difficult to install, it is highly resistant to signal interference. In addition, it can support greater
cable lengths between network devices than twisted pair cable. The two types of coaxial cabling are
thick coaxial and thin coaxial. Thin coaxial cable is also referred to as thinnet. 10Base2 refers to the
specifications for thin coaxial cable carrying Ethernet signals. The 2 refers to the approximate maximum
segment length being 200 meters. In actual fact the maximum segment length is 185 meters. Thin
coaxial cable has been popular in school networks, especially linear bus networks. Thick coaxial cable is
also referred to as thicknet. 10Base5 refers to the specifications for thick coaxial cable carrying Ethernet
signals. The 5 refers to the maximum segment length being 500 meters. Thick coaxial cable has an extra
protective plastic cover that helps keep moisture away from the center conductor. This makes thick
coaxial a great choice when running longer lengths in a linear bus network. One disadvantage of thick
coaxial is that it does not bend easily and is difficult to install.

Fiber Optic Cable

Fiber optic cabling consists of a center glass core surrounded by several layers of protective materials
(See fig. 5). It transmits light rather than electronic signals eliminating the problem of electrical
interference. This makes it ideal for certain environments that contain a large amount of electrical
interference. It has also made it the standard for connecting networks between buildings, due to its
immunity to the effects of moisture and lighting. Fiber optic cable has the ability to transmit signals over
much longer distances than coaxial and twisted pair. It also has the capability to carry information at
vastly greater speeds. This capacity broadens communication possibilities to include services such as
video conferencing and interactive services. The cost of fiber optic cabling is comparable to copper
cabling; however, it is more difficult to install and modify. 10BaseF refers to the specifications for fiber
optic cable carrying Ethernet signals. The center core of fiber cables is made from glass or plastic fibers
(see fig 5). A plastic coating then cushions the fiber center, and kevlar fibers help to strengthen the
cables and prevent breakage. The outer insulating jacket made of teflon or PVC.
There are two common types of fiber cables -- single mode and multimode. Multimode cable has a
larger diameter; however, both cables provide high bandwidth at high speeds. Single mode can provide
more distance, but it is more expensive.

Subject: Computer Networking (Prof. Ketna Patel) Page 2

SWITCHES
Switches are the connectivity points of an Ethernet network. These are small devices that can receive
data from multiple input ports and send it to the specific output port that takes data to its intended
destination in the network. There are different types of switches in a network. These are: Unmanaged
switches – These are the switches that are mostly used in home networks and small businesses as they
plug-in and instantly start doing their job and such switches do not need to be watched or configured.
These require only small cable connections. It allows devices on a network to connect with each other
such as a computer to a computer or a computer to a printer in one location. They are the least
expensive switches among all categories. Managed switches – These type of switches have many
features like the highest levels of security, precision control and full management of the network. These
are used in organisations containing a large network and can be customized to enhance the functionality
of a certain network. These are the most costly option but their scalability makes them an ideal option
for a network that is growing. They are achieved by setting a simple network management
protocol(SNMP). They are of two types: (I) Smart switches: These switches offer basic management
features with the ability to create some levels of security but have a simpler management interface than
the other managed switches. Thus they are often called partially managed switches. These are mostly
used in fast and constant LANs which support gigabit data transfer and allocations.It can accept
configuration of VLANs (Virtual LAN). (II) Enterprise managed switches: They have features like ability to
fix, copy, transform and display different network configurations along with a web interface SNMP agent
and command line interface. These are also known as fully managed switches and are more expensive
than the smart switches as they have more features that can be enhanced. These are used in
organisations that contain a large number of ports, switches and nodes. LAN switches – These are also
known as Ethernet switches or data switches and are used to reduce network congestion or bottleneck
by distributing a package of data only to its intended recipient. These are used to connect points on a
LAN. PoE switches – PoE switches are used in PoE technology which stands for power over Ethernet that
is a technology that integrates data and power on the same cable allowing power devices to receive
data in parallel to power.Thus these switches provide greater flexibility by simplifying the cabling
process.
TOPOLOGIES
A Network Topology is the arrangement with which computer systems or network devices are
connected to each other. Topologies may define both physical and logical aspect of the network. Both
logical and physical topologies could be same or different in a same network. Point-to-Point Point-to-
point networks contains exactly two hosts such as computer, switches or routers, servers connected
back to back using a single piece of cable. Often, the receiving end of one host is connected to sending
end of the other and vice-versa.

Bus Topology
In case of Bus topology, all devices share single communication line or cable. Bus topology may have
problem while multiple hosts sending data at the same time. Therefore, Bus topology either uses
CSMA/CD technology or recognizes one host as Bus Master to solve the issue. It is one of the simple
forms of networking where a failure of a device does not affect the other devices. But failure of the

Subject: Computer Networking (Prof. Ketna Patel) Page 3

shared communication line can make all other devices stop functioning. Both ends of the shared channel
have line terminator. The data is sent in only one direction and as soon as it reaches the extreme end,
the terminator removes the data from the line.

Star Topology
All hosts in Star topology are connected to a central device, known as hub device, using a point-to-point
connection. That is, there exists a point to point connection between hosts and hub. The hub device can
be any of the following: Layer-1 device such as hub or repeater Layer-2 device such as switch or bridge
Layer-3 device such as router or gateway As in Bus topology, hub acts as single point of failure. If hub
fails, connectivity of all hosts to all other hosts fails. Every communication between hosts, takes place
through only the hub.Star topology is not expensive as to connect one more host, only one cable is
required and configuration is simple.

Subject: Computer Networking (Prof. Ketna Patel) Page 4

Ring Topology
In ring topology, each host machine connects to exactly two other machines, creating a circular network
structure. When one host tries to communicate or send message to a host which is not adjacent to it,
the data travels through all intermediate hosts. To connect one more host in the existing structure, the
administrator may need only one more extra cable. Failure of any host results in failure of the whole
ring.Thus, every connection in the ring is a point of failure. There are methods which employ one more
backup ring.

Mesh Topology
In this type of topology, a host is connected to one or multiple hosts.This topology has hosts in point-to-
point connection with every other host or may also have hosts which are in point-to-point connection to
few hosts only. Hosts in Mesh topology also work as relay for other hosts which do not have direct
point-to-point links. Mesh technology comes into two types: Full Mesh: All hosts have a point-to-point
connection to every other host in the network. Thus for every new host n(n-1)/2 connections are
required. It provides the most reliable network structure among all network topologies. Partially Mesh:
Not all hosts have point-to-point connection to every other host. Hosts connect to each other in some
arbitrarily fashion. This topology exists where we need to provide reliability to some hosts out of all.

Subject: Computer Networking (Prof. Ketna Patel) Page 5

Tree Topology
Also known as Hierarchical Topology, this is the most common form of network topology in use
presently.This topology imitates as extended Star topology and inherits properties of bus topology. This
topology divides the network in to multiple levels/layers of network. Mainly in LANs, a network is
bifurcated into three types of network devices. The lowermost is access-layer where computers are
attached. The middle layer is known as distribution layer, which works as mediator between upper layer
and lower layer. The highest layer is known as core layer, and is central point of the network, i.e. root of
the tree from which all nodes fork. All neighboring hosts have point-to-point connection between
them.Similar to the Bus topology, if the root goes down, then the entire network suffers even.though it
is not the single point of failure. Every connection serves as point of failure, failing of which divides the
network into unreachable segment.

Subject: Computer Networking (Prof. Ketna Patel) Page 6

Daisy Chain
This topology connects all the hosts in a linear fashion. Similar to Ring topology, all hosts are connected
to two hosts only, except the end hosts.Means, if the end hosts in daisy chain are connected then it
represents Ring topology. Each link in daisy chain topology represents single point of failure. Every link
failure splits the network into two segments.Every intermediate host works as relay for its immediate
hosts.

Hybrid Topology
A network structure whose design contains more than one topology is said to be hybrid topology.
Hybrid topology inherits merits and demerits of all the incorporating topologies. The above picture
represents an arbitrarily hybrid topology. The combining topologies may contain attributes of Star, Ring,
Bus, and Daisy-chain topologies. Most WANs are connected by means of Dual-Ring topology and
networks connected to them are mostly Star topology networks. Internet is the best example of largest
Hybrid topology

Subject: Computer Networking (Prof. Ketna Patel) Page 7

ROUTER
A router is a networking device that forwards data packets between computer networks. Routers
perform the traffic directing functions on the Internet. Data sent through the internet, such as a web
page or email, is in the form of data packets. A packet is typically forwarded from one router to another
router through the networks that constitute an internetwork until it reaches its destination node
A router is connected to two or more data lines from different networks.[b] When a data packet comes
in on one of the lines, the router reads the network address information in the packet to determine the
ultimate destination. Then, using information in its routing table or routing policy, it directs the packet
to the next network on its journey. The most familiar type of routers are home and small office routers
that simply forward IP packets between the home computers and the Internet. An example of a router
would be the owner's cable or DSL router, which connects to the Internet through an Internet service
provider (ISP). More sophisticated routers, such as enterprise routers, connect large business or ISP
networks up to the powerful core routers that forward data at high speed along the optical fiber lines of
the Internet backbone. Though routers are typically dedicated hardware devices, software-based
routers also exist. Routers are also often distinguished on the basis of the network in which they
operate. A router in a local area network (LAN) of a single organisation is called an interior router. A
router that is operated in the Internet backbone is described as exterior router. While a router that
connects a LAN with the Internet or a wide area network (WAN) is called a border router, or gateway
router

Network Infrastructure
Network infrastructure is the hardware and software resources of an entire network that enable
network connectivity, communication, operations and management of an enterprise network. It
provides the communication path and services between users, processes, applications, services and
external networks/the internet. ork Infrastructure Definition - What does Network Infrastructure mean?
Network infrastructure is the hardware and software resources of an entire network that enable
network connectivity, communication, operations and management of an enterprise network. It
provides the communication path and services between users, processes, applications, services and
external networks/the internet. Techopedia explains Network Infrastructure Network infrastructure is
typically part of the IT infrastructure found in most enterprise IT environments. The entire network
infrastructure is interconnected, and can be used for internal communications, external communications
or both. A typical network infrastructure includes: Networking Hardware: Routers Switches LAN cards
Wireless routers Cables Networking Software: Network operations and management Operating systems
Firewall Network security applications Network Services: T-1 Line DSL Satellite Wireless protocols IP
addressing

Every computer that is connected to the Internet is part of a network, even the one in your home. For
example, you may use a modem and dial a local number to connect to an Internet Service Provider (ISP).
At work, you may be part of a local area network (LAN), but you most likely still connect to the Internet
using an ISP that your company has contracted with. When you connect to your ISP, you become part of

Subject: Computer Networking (Prof. Ketna Patel) Page 8

their network. The ISP may then connect to a larger network and become part of their network. The
Internet is simply a network of networks. Most large communications companies have their own
dedicated backbones connecting various regions. In each region, the company has a Point of Presence
(POP). The POP is a place for local users to access the company's network, often through a local phone
number or dedicated line. The amazing thing here is that there is no overall controlling network.
Instead, there are several high-level networks connecting to each other through Network Access Points
or NAPs.

When you connect to the Internet, your computer becomes part of a network.

Internet Network Example Here's an example. Imagine that Company A is a large ISP. In each major city,
Company A has a POP. The POP in each city is a rack full of modems that the ISP's customers dial into.
Company A leases fiber optic lines from the phone company to connect the POPs together (see, for
example, this UUNET Data Center Connectivity Map). Imagine that Company B is a corporate ISP.
Company B builds large buildings in major cities and corporations locate their Internet server machines
in these buildings. Company B is such a large company that it runs its own fiber optic lines between its
buildings so that they are all interconnected. In this arrangement, all of Company A's customers can talk
to each other, and all of Company B's customers can talk to each other, but there is no way for Company
A's customers and Company B's customers to intercommunicate. Therefore, Company A and Company B
both agree to connect to NAPs in various cities, and traffic between the two companies flows between
the networks at the NAPs. In the real Internet, dozens of large Internet providers interconnect at NAPs
in various cities, and trillions of bytes of data flow between the individual networks at these points. The
Internet is a collection of huge corporate networks that agree to all intercommunicate with each other
at the NAPs. In this way, every computer on the Internet connects to every other
In computing, a server is a computer program or a device that provides functionality for other programs
or devices, called "clients". This architecture is called the client–server model, and a single overall
computation is distributed across multiple processes or devices. Servers can provide various
functionalities, often called "services", such as sharing data or resources among multiple clients, or
performing computation for a client. A single server can serve multiple clients, and a single client can
use multiple servers. A client process may run on the same device or may connect over a network to a

Subject: Computer Networking (Prof. Ketna Patel) Page 9

server on a different device.[1] Typical servers are database servers, file servers, mail servers, print
servers, web servers, game servers, and application servers.[2] Client–server systems are today most
frequently implemented by (and often identified with) the request–response model: a client sends a
request to the server, which performs some action and sends a response back to the client, typically
with a result or acknowledgement. Designating a computer as "server-class hardware" implies that it is
specialized for running servers on it. This often implies that it is more powerful and reliable than
standard personal computers, but alternatively, large computing clusters may be composed of many
relatively simple, replaceable server components.

Server management can be defined as the tasks and services that are done on a server in order to
manage it. This usually entails: Monitoring of the server and apps running on the server. Checking their
status, uptime, and monitoring for any new or recurring issues.
Some of the Server Management tools are:
Wireshark / Tshark.
iPerf / JPerf
Nmap / Zenmap
Paessler SNMP Tester
Angry IP Scanner

This is a no-brainer for most but needs to be mentioned for integrity’s sake. Wireshark is an unparalleled
network protocol analyzer, and honestly, one of the best free network tools ever made. When you’re
troubleshooting an issue and actually need to get into the weeds to find out what’s going on – this is
your microscope. Never leave home without it! If you’re looking for some command-line capturing, or
maybe you want to programmatically trigger packet captures, don’t forget to check out TShark. It’s
included with Wireshark, and totally awesome.

iPerf / JPerf Between any two nodes is a network – be it vast or small. A simple ping between the two
nodes is only good for general reachability and understanding the round-trip time for the small packets.
If you want to measure actually achievable bandwidth, you need another tool such as iPerf. iPerf3 is the
latest iteration of this tool. You run the client on two ends of a network, configuring the parameters
needed to measure performance. It supports tuning of many parameters related to timing, buffers, and
protocols (TCP, UDP, SCTP with IPv4 and IPv6). Upon execution, it actively measures and reports on
bandwidth, loss, latency, jitter, and so on. You can initiate multiple simultaneous connections to truly

Subject: Computer Networking (Prof. Ketna Patel) Page 10

simulate load across the network. Very handy tool! If you’re more of a GUI person, check out Jperf. It’s
up there in age but still works like a champ

Nmap / Zenmap
I personally use Nmap at least once a week. Almost verbatim from their website: Nmap (Network
Mapper) is a security scanner used to discover hosts and services on a computer network, thus creating
a “map” of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host
and then analyzes the responses. Nmap provides an incredible number of features for probing networks,
including host discovery, service discovery and operating system detection. These features are
extensible by scripts that provide more advanced service detection, vulnerability detection, and other
features. In fact, Nmap is used in the backend for various security assessment tools such as Nexpose.
Again, if you’re more a fan of GUIs, make sure the download the bundle with Zenmap.

Paessler SNMP Tester SNMP can be hard. This is why you need a good tester. There are a few out there,
but I’ve found great success with Paessler’s SNMP tester. The idea of this program is to have a tool that

Subject: Computer Networking (Prof. Ketna Patel) Page 11

enables the user to debug SNMP activities in order to find communication and/or data problems in
SNMP monitoring configurations. Are your devices configured properly? Are you using the correct keys?
Use this tool to validate if your SNMP configuration will function with programs like PRTG Network
Monitor.

Paessler SNMP
Tester SNMP can be hard. This is why you need a good tester. There are a few out there, but I’ve found
great success with Paessler’s SNMP tester. The idea of this program is to have a tool that enables the
user to debug SNMP activities in order to find communication and/or data problems in SNMP
monitoring configurations. Are your devices configured properly? Are you using the correct keys? Use
this tool to validate if your SNMP configuration will function with programs like PRTG Network Monitor.

Angry IP Scanner: Angry IP scanner is an open-source, multi-threaded IP address and port scanner.
Similar to Nmap, and used by millions, it’s become a standard tool for network admins. Angry IP Scanner
first rapidly pings, then checks port status, then starts resolving hostnames, gathering MAC addresses,
OSs and whatever it can discern based on the data gathered. It can collect NetBIOS info like workgroup
and domain names, as well as logged-in users if you happen to have to privileged rights to retrieve this

Subject: Computer Networking (Prof. Ketna Patel) Page 12

information. Like Nmap, it’s extensible with plugins. Scanning results can be saved to CSV, TXT, XML or
IP-Port list files.

Enterprise Network Firewall: A network firewall is a device that acts as a barrier to keep destructive
forces away from computers on a network behind the firewall. A network firewall is similar to a physical
firewall that keeps a fire from spreading from one area to the next. Firewalls can help protect against a
wide range of security threats, including unauthorized remote logins, denial of service attacks, and
viruses and worms that are spread over a network. Enterprise Network Firewalls are managed by Pitt
Information Technology and help protect sensitive information, research data, and support critical
University operations. Departments may request changes to firewall rules in order to provide access to
departmental resources or new systems. All network ports at the Pittsburgh campus and the four
regional campuses are protected behind Enterprise Network Firewalls. Firewalls can prevent the
following security threats: Remote login by unauthorized users (such as hackers). Backdoors, which are
programs that establish features that allow for hidden access. Denial of service, where a network is
inundated with generated network traffic, causing computers on the network to slow down or crash.
Network-spread viruses and worms, which are small programs that can spread over the network to
other unprotected computers. Firewalls, however, cannot prevent the following security threats:
Viruses, worms and Trojan horses from emails and downloaded files Spam Spyware The Enterprise
Security Controls policy requires all University departments and units to use Enterprise Network
Firewalls. Other security controls may be needed to complement the protection a network firewall
provides. For example, individuals are also encouraged to enable the Microsoft Windows Personal
Firewall on their PCs. While firewalls can stop network-spreading viruses, antivirus software should also
still be installed on computers.

Network Interface Devices: Hardware devices that are used to connect computers, printers, fax
machines and other electronic devices to a network are called network devices. These devices transfer
data in a fast, secure and correct way over same or different networks. Network devices may be inter-
network or intra-network. Some devices are installed on the device, like NIC card or RJ45 connector,
whereas some are part of the network, like router, switch, etc.

Modem
Modem is a device that enables a computer to send or receive data over telephone or cable lines. The
data stored on the computer is digital whereas a telephone line or cable wire can transmit only analog
data. Analog-Digital Waveform The main function of the modem is to convert digital signal into analog
and vice versa. Modem is a combination of two devices − modulator and demodulator. The modulator
converts digital data into analog data when the data is being sent by the computer. The demodulator
converts analog data signals into digital data when it is being received by the computer. Types of

Subject: Computer Networking (Prof. Ketna Patel) Page 13

Modem Modem can be categorized in several ways like direction in which it can transmit data, type of
connection to the transmission line, transmission mode, etc. Depending on direction of data
transmission, modem can be of these types − Simplex − A simplex modem can transfer data in only one
direction, from digital device to network (modulator) or network to digital device (demodulator). Half
duplex − A half-duplex modem has the capacity to transfer data in both the directions but only one at a
time. Full duplex − A full duplex modem can transmit data in both the directions simultaneously.

RJ45 Connector
RJ45 is the acronym for Registered Jack 45. RJ45 connector is an 8-pin jack used by devices to physically
connect to Ethernet based local area networks (LANs). Ethernet is a technology that defines protocols
for establishing a LAN. The cable used for Ethernet LANs are twisted pair ones and have RJ45 connector
pins at both ends. These pins go into the corresponding socket on devices and connect the device to the
network.

Ethernet Card Ethernet card, also known as network interface card (NIC), is a hardware component used
by computers to connect to Ethernet LAN and communicate with other devices on the LAN. The earliest
Ethernet cards were external to the system and needed to be installed manually. In modern computer
systems, it is an internal hardware component. The NIC has RJ45 socket where network cable is
physically plugged in.

Subject: Computer Networking (Prof. Ketna Patel) Page 14

Ethernet card speeds may vary depending upon the protocols it supports. Old Ethernet cards had
maximum speed of 10 Mbps. However, modern cards support fast Ethernets up to a speed of 100 Mbps.
Some cards even have capacity of 1 Gbps

Router
A router is a network layer hardware device that transmits data from one LAN to another if both
networks support the same set of protocols. So a router is typically connected to at least two LANs
and the internet service provider (ISP). It receives its data in the form of packets, which are data frames
with their destination address added. Router also strengthens the signals before transmitting them. That
is why it is also called repeater. Router Routing Table A router reads its routing table to decide the best
available route the packet can take to reach its destination quickly and accurately. The routing table may
be of these two types − Static − In a static routing table the routes are fed manually. So it is suitable only
for very small networks that have maximum two to three routers. Dynamic − In a dynamic routing table,
the router communicates with other routers through protocols to determine which routes are free. This
is suited for larger networks where manual feeding may not be feasible due to large number of routers.

Subject: Computer Networking (Prof. Ketna Patel) Page 15

Switch
Switch is a network device that connects other devices to Ethernet networks through twisted pair
cables. It uses packet switching technique to receive, store and forward data packets on the network.
The switch maintains a list of network addresses of all the devices connected to it. On receiving a packet,
it checks the destination address and transmits the packet to the correct port. Before forwarding, the
packets are checked for collision and other network errors. The data is transmitted in full duplex mode
Switches Data transmission speed in switches can be double that of other network devices like hubs
used for networking. This is because switch shares its maximum speed with all the devices connected to
it. This helps in maintaining network speed even during high traffic. In fact, higher data speeds are
achieved on networks through use of multiple switches.

Subject: Computer Networking (Prof. Ketna Patel) Page 16

Gateway
Gateway is a network device used to connect two or more dissimilar networks. In networking
parlance, networks that use different protocols are dissimilar networks. A gateway usually is a
computer with multiple NICs connected to different networks. A gateway can also be configured
completely using software. As networks connect to a different network through gateways, these
gateways are usually hosts or end points of the network. Gateway Gateway uses packet switching
technique to transmit data from one network to another. In this way it is similar to a router, the only
difference being router can transmit data only over networks that use same protocols.

Wi-Fi Card
Wi-Fi is the acronym for wireless fidelity. Wi-Fi technology is used to achieve wireless connection to any
network. Wi-Fi card is a card used to connect any device to the local network wirelessly. The physical
area of the network which provides internet access through Wi-Fi is called Wi-Fi hotspot. Hotspots can
be set up at home, office or any public space. Hotspots themselves are connected to the network
through wires. A Wi-Fi card is used to add capabilities like teleconferencing, downloading digital camera
images, video chat, etc. to old devices. Modern devices come with their in-built wireless network
adapter.

Subject: Computer Networking (Prof. Ketna Patel) Page 17

 Lab 2:
Objective: To make the students aware about and learn the detailed use of the following OS
level TCP/IP diagnostic and troubleshooting commands: ping, ns lookup:

Ping: The ping command is a command prompt command used to test the ability of the source
computer to reach a specified destination computer. The ping command is usually used as a simple way
to verify that a computer can communicate over the network with another computer or network device.

The ping command operates by sending Internet Control Message Protocol (ICMP) Echo Request
messages to the destination computer and waiting for a response. How many of those responses are
returned, and how long it takes for them to return, are the two major pieces of information that the
ping command provides.

Subject: Computer Networking (Prof. Ketna Patel) Page 18

Item Explanation
-t Using this option will ping the target until you force it to stop by using ctrl+c.
-a This ping command option will resolve, if possible, the hostname of an IP addresstarget.
-n This option sets the number of ICMP Echo Requests to send, from 1 to 4294967295. The
(count) ping command will send 4 by default if -n isn't used.
Use this option to set the size, in bytes, of the echo request packet from 32 to 65,527. The
-l size
ping command will send a 32-byte echo request if you don't use the -l option.
Use this ping command option to prevent ICMP Echo Requests from being fragmented by
-f routers between you and the target. The -f option is most often used to troubleshoot Path
Maximum Transmission Unit (PMTU) issues.
-i TTL This option sets the Time to Live (TTL) value, the maximum of which is 255.
This option allows you to set a Type of Service (TOS) value. Beginning in Windows 7, this
-v TOS
option no longer functions but still exists for compatibility reasons.
Use this ping command option to specify the number of hops between your computer and
thetarget computer or device that you'd like to be recorded and displayed. The maximum
-r count
value for count is 9, so use the tracert command instead if you're interested in viewing all
the hops between two devices.
Use this option to report the time, in Internet Timestamp format, that each echo request
-s count is received and echo reply is sent. The maximum value for count is 4, meaning that only
the first four hops can be time stamped.
Specifying a timeout value when executing the ping command adjusts the amount of time,
-w
in milliseconds, that ping waits for each reply. If you don't use the -w option, the default
timeout
timeout value of 4000 is used, which is 4 seconds.
-R This option tells the ping command to trace the round trip path.
-S
Use this option to specify the source address.
src addr
-p Use this switch to ping a hyper-v Network Virtualization provider address.
This forces the ping command to use IPv4 only but is only necessary if target is a
-4
hostname and not an IP address.
This forces the ping command to use IPv6 only but as with the -4option, is only necessary
-6
when pinging a hostname.
target This is the destination you wish to ping, either an IP address or a hostname.
Use the help switch with the ping command to show detailed help about the command's
/?
several options.

Subject: Computer Networking (Prof. Ketna Patel) Page 19

Ns lookup: name server lookupTo illustrate the use of nslookup we are going to use it to:
Find the IP address of a host.
Find the domain name of an IP address.
Find mail servers for a domain.
These are probably the most common usage scenarios.

Find the IP address of a host.

To find the ip address of a host e.g. www.google.com type: nslookupwww.google.com at a command
prompt.

Subject: Computer Networking (Prof. Ketna Patel) Page 20

Find the domain name of an IP address.

Find mail servers for a domain.

Type nslookup -querytype=mx domain name

Subject: Computer Networking (Prof. Ketna Patel) Page 21

 Lab 3:
Objective: To make the students aware about and learn the detailed use of the following OS
level TCP/IP diagnostic and troubleshooting commands: ipconfig, arp, netstat, tracert, telnet:

Ipcofig:
Ipconfig is a DOS utility that can be used from MS-DOS and the Windows Command Line to display the
network settings currently assigned and given by a network. This command can be utilized to verify a
network connection as well as to verify your network settings.

/all Display full configuration information.

/release Release the IPV4 address for the specified adapter.
/release6 Release the IPV6 address for the specified adapter.
/renew Renew the IPv4 address for the specified adapter.
/renew6 Renew the IPv6 address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names.
/displaydns Display the contents of the DNS Resolver cache.
/showclassid Displays all the DHCP class IDs allowed for adapter.
/setclassid Modifies the DHCP class id.
/showclassid6 Displays all the IPv6 DHCP class IDs allowed for an adapter.
/setclassid6 Modifies the IPv6 DHCP class id.

Eg.
C:\Users\maulik>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Maulik

Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Unknown adapter VPN - VPN Client:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VPN Client Adapter - VPN
Physical Address. . . . . . . . . : 5E-AC-37-84-44-CA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Subject: Computer Networking (Prof. Ketna Patel) Page 22

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS
6.30)
Physical Address. . . . . . . . . : 4C-CC-6A-DF-25-F6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Npcap Loopback Adapter:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Npcap Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e974:1ce6:e8f5:3805%7(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.56.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 654442572
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-92-2C-96-4C-CC-6A-DF-25-F6
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : B0-35-9F-04-E0-62
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 3168
Physical Address. . . . . . . . . : B0-35-9F-04-E0-61
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e805:eca4:b4bd:c39e%5(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.43.163(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 12 April 2019 16:12:00

Subject: Computer Networking (Prof. Ketna Patel) Page 23

 Lease Expires . . . . . . . . . . : 12 April 2019 17:12:00
Default Gateway . . . . . . . . . : 192.168.43.1
DHCP Server . . . . . . . . . . . : 192.168.43.1
DHCPv6 IAID . . . . . . . . . . . : 45102495
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-92-2C-96-4C-CC-6A-DF-25-F6
DNS Servers . . . . . . . . . . . : 192.168.43.1
NetBIOS over Tcpip. . . . . . . . : Enabled

C:\Users\maulik>

arp:
arp displays and modifies entries in the Address Resolution Protocol (ARP) cache, which contains one or
more tables that are used to store IP addresses and their resolved Ethernet or Token Ring physical
addresses. There is a separate table for each Ethernet or Token Ring network adapter installed on your
computer. Used without parameters, arp [displays help.
You can use the arp command to view and modify the ARP table entries on the local computer. This may
display all the known connections on your local aream network segment (if they have been active and in
the cache). The arp command is useful for viewing the ARP cache and resolving address resolution
problems.
Syntax (Inet means Internet address)
arp [-a [InetAddr] [-NIfaceAddr]] [-g [InetAddr] [-NIfaceAddr]] [-dInetAddr [IfaceAddr]] [-sInetAddr
EtherAddr [IfaceAddr]]
Here are the switch definitions:

-a [InetAddr] [-NIfaceAddr] : Displays current ARP cache tables for all interfaces. To display the ARP
cache entry for a specific IP address, use arp -a with the InetAddr parameter, where InetAddr is an IP
address. To display the ARP cache table for a specific interface, use the -NIfaceAddr parameter where
IfaceAddr is the IP address assigned to the interface. The -N parameter is case-sensitive.

-g [InetAddr] [-NIfaceAddr] : Identical to -a.

-dInetAddr [IfaceAddr] : Deletes an entry with a specific IP address, where InetAddr is the IP address. To
delete an entry in a table for a specific interface, use the IfaceAddr parameter where IfaceAddr is the IP
address assigned to the interface. To delete all entries, use the asterisk (*) wildcard character in place of
InetAddr. So "arp -d *" will flush your ARP cache.

-sInetAddr EtherAddr [IfaceAddr] : Adds a static entry to the ARP cache that resolves the IP address
InetAddr to the physical address EtherAddr. To add a static ARP cache entry to the table for a specific
interface, use the IfaceAddrparameter where IfaceAddr is an IP address assigned to the interface.
/?: Displays help at the command prompt.
Using arp on Windows
To run the arp command in Windows click START> RUN> CMD. Now enter 'arp -a' at the > prompt:

Subject: Computer Networking (Prof. Ketna Patel) Page 24

Subject: Computer Networking (Prof. Ketna Patel) Page 25
There are two types of ARP entries- static and dynamic. Most of the time, the computer will use dynamic
ARP entries. This means that the ARP entry (the Ethernet MAC to IP address link) has been learned
(usually from the default gateway) and is kept on a device for some period of time, as long as it is being
used. A static ARP entry is the opposite of a dynamic ARP entry. With a static ARP entry, the computer is
manually entering the link between the Ethernet MAC address and the IP address. Software in your
computer will predefine these static entries such as multicast addresses and broadcast addresses.
Because of management headaches and the lack of significant negatives to using dynamic ARP entries,
dynamic ARP entries are used most of the time.

Netstat:
Execute the netstat command alone to show a relatively simple list of all active TCP connections which,
for each one, will show the local IP address (your computer), the foreign IP address (the other
computer or network device), along with their respective port numbers, as well as the TCP state.

Netstat Command Syntax

netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p protocol] [-r] [-s] [-t] [-x] [-y] [time_interval] [/?]

Subject: Computer Networking (Prof. Ketna Patel) Page 26

Option Explanation
Execute the netstat command alone to show a
relatively simple list of all active TCP connections
which, for each one, will show the local IP
netstat address (your computer), the foreign IP address
(the other computer or network device), along
with their respective port numbers, as well as the
TCP state.
This switch displays active TCP connections, TCP
-a connections with the listening state, as well as
UDP ports that are being listened to.
This netstat switch is very similar to the -o switch
listed below, but instead of displaying the PID,
will display the process's actual file name. Using -
-b b over -o might seem like it's saving you a step or
two but using it can sometimes greatly extend
the time it takes netstat to fully execute.
Use this switch with the netstat command to
show statistics about your network connection.
-e This data includes bytes, unicast packets, non-
unicast packets, discards, errors, and unknown
protocols received and sent since the connection
was established.
The -f switch will force the netstat command to
-f display the Fully Qualified Domain Name(FQDN)
for each foreign IP addresses when possible.
Use the -n switch to prevent netstat from
attempting to determine host namefor foreign IP
-n addresses. Depending on your current network
connections, using this switch could considerably
reduce the time it takes for netstat to fully
execute.
A handy option for many troubleshooting tasks,
the -o switch displays the process identifier (PID)
-o associated with each displayed connection. See
the example below for more about using netstat -
o.

Subject: Computer Networking (Prof. Ketna Patel) Page 27

 Execute netstat with -r to show the IP routing
-r table. This is the same as using the route
command to execute route print.
The -s option can be used with the netstat
command to show detailed statistics by protocol.
You can limit the statistics shown to a particular
-s protocol by using the -soption and specifying that
protocol, but be sure to use -s before -p protocol
when using the switches together.
-t Use the -t switch to show the current TCP
chimney offload state in place of the typically
displayed TCP state.
Use the -x option to show all NetworkDirect
-x listeners, connections, and shared endpoints.
The -y switch can be used to show the TCP
-y connection template for all connection. You
cannot use -y with any other netstat option.
This is the time, in seconds, that you'd like the
time_interval netstat command to re-execute automatically,
stopping only when you use ctrl-c to end the
loop.
/? Use the help switch to show details about the
netstat command's several options.
Use the -p switch to show connections or
statistics only for a particular protocol. You can
-p not define more than one protocol at once, nor
can you execute netstat with -p without defining
a protocol.
Protocol When specifying a protocol with the -p option,
you can use tcp, udp, tcpv6, or udpv6. If you use -
s with -p to view statistics by protocol, you can
use icmp, ip, icmpv6, or ipv6 in addition to the
first four I mentioned.

Subject: Computer Networking (Prof. Ketna Patel) Page 28

Tracert:

The tracert command is a Command Prompt Command that's used to show several details about the
path that a packet takes from the computer or device you're on to whatever destination you specify.
You might also sometimes see the tracert command referred to as the trace route command or
traceroute command.
Tracert Command Syntax:

tracert [-d] [-hMaxHops] [-wTimeOut] [-4] [-6] target [/?]

Subject: Computer Networking (Prof. Ketna Patel) Page 29

Item Description
This option prevents tracert from resolving IP addresses to hostname, often
-d
resulting in much faster results.
This tracert option specifies the maximum number of hops in the search for the
-h MaxHops target. If you do not specify MaxHops, and a target has not been found by 30 hops,
tracert will stop looking
You can specify the time, in milliseconds, to allow each reply before timeout using
-w TimeOut
this tracert option.
-4 This option forces tracert to use IPv4 only.
-6 This option forces tracert to use IPv6 only.
target This is the destination, either an IP address or hostname.
Use the help switch with the tracert command to show detailed help about the
/?
command's several options.

Subject: Computer Networking (Prof. Ketna Patel) Page 30

Subject: Computer Networking (Prof. Ketna Patel) Page 31
Telnet:
telnet is a protocol to provide communication over the Internet or a LAN a using a virtual terminal
connection.
It is installed by default on Linux and older Mac operating systems, but must be installed on Windows
and macOS High Sierra 10.13 and later.
The terminal provides a way to remotely log on to another device, just as if you were sitting in front of it
and using it like any other computer. This method of communication is, of course, done via Telnet.

To connect to a Telnet server, you need to enter a command that follows this syntax:
Telnet host portnumber

t elnet
hostname port

Subject: Computer Networking (Prof. Ketna Patel) Page 32

 Lab 4a:
Objective: Implement a simple TCP socket based client server program in Python in which the
client connects to the server. The server displays the ip address and port number of client and
sends an acknowledgement message back to client. The client displays the received
acknowledgement message on screen

Code:
(1)Client.py
import socket
host='localhost'
port = 5555
sok = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sok.connect((host,port))
msg = sok.recv(1024) #1024 size of buffer
while msg:
print(msg.decode())
msg = sok.recv(1024)
sok.close()

(2)Server.py
import socket
host = "localhost"
port =5555
sok = socket.socket()#also valid instead of following statement
#sok = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sok.bind((host,port))
print("server start")
sok.listen(1)
client,addr = sok.accept()
print("client address: ", addr)
msg = "Hello client how are you?"
client.send(msg.encode())
client.send(b'Bye')
client.close()
print("Close")

output :-

Subject: Computer Networking (Prof. Ketna Patel) Page 33

Subject: Computer Networking (Prof. Ketna Patel) Page 34
 Lab 4b:
Objective: Implement a simple UDP socket based client server program in Python in which
the client connects to the server. The server displays the ip address and port number of client
and sends an acknowledgement message back to client. The client displays the received
acknowledgement message on screen.

(1)server.py
import socket

sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM) # For UDP

udp_host = socket.gethostname() # Host IP

udp_port = 12345 # specified port to connect

#print type(sock) ============> 'type' can be used to see type

# of any variable ('sock' here)

sock.bind((udp_host,udp_port))

while True:
print ("Waiting for client...")
data,addr = sock.recvfrom(1024) #receive data from client
print ("Received Messages:",data," from",addr)

(2)client.py

import socket

sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM) # For UDP

udp_host = socket.gethostname() # Host IP

udp_port = 12345 # specified port to connect

msg = "Hello Python!".encode()

print ("UDP target IP:", udp_host)
print ("UDP target Port:", udp_port)

sock.sendto(msg,(udp_host,udp_port)) # Sending message to UDP server

Subject: Computer Networking (Prof. Ketna Patel) Page 35

output:

Subject: Computer Networking (Prof. Ketna Patel) Page 36

 Lab 5:
Objective: Wireshark Installation, understanding the Wireshark Environment / Menu System,
to start and stop live capture of traffic from given wired ethernet network interface,
capturing options, store captured data in different supported file formats, to open already
stored captured data file.

WIRESHARK INSTALLATION –

STEP 1: Download Wireshark as per the OS and its version. In the image below, wireshark has
been installed for Windows 32-bit compuer.

Subject: Computer Networking (Prof. Ketna Patel) Page 37

STEP 2: Go to downloads and open the downloaded software for installation.

STEP 3: The given popup will appear. Click Run.

Subject: Computer Networking (Prof. Ketna Patel) Page 38

STEP 4: Click Next.

Click I Agree.

Subject: Computer Networking (Prof. Ketna Patel) Page 39

STEP 5: Click Next.

STEP 6: Click Next.

Subject: Computer Networking (Prof. Ketna Patel) Page 40

STEP 7: Click Next after selecting the path of the location where you want to store the software.

STEP 8: If installation of WinPcap is left than install it otherwise unclick the box and Click
Next.

Subject: Computer Networking (Prof. Ketna Patel) Page 41

STEP 9: Click Install.

STEP 10: The installation for the Wireshark will start along with the installation of WinPcap.

Subject: Computer Networking (Prof. Ketna Patel) Page 42

STEP 11: If installation of WinPcap is selected then the process to install it will start. Click Next.

STEP 12: Click I Agree

Subject: Computer Networking (Prof. Ketna Patel) Page 43

STEP 13: Click Install.

STEP 14: This box appears when installation completes. Click Finish.

Subject: Computer Networking (Prof. Ketna Patel) Page 44

STEP 15: On completion of installation Click Finish after selecting Run Wireshark CheckBox.

Subject: Computer Networking (Prof. Ketna Patel) Page 45

The Wireshark after installation shows this page.

Subject: Computer Networking (Prof. Ketna Patel) Page 46

Since we have been given access to internet through a wireless network, we select the Wireless
Network Connection.

Now the traffic automatically hits the start and continues till we stop it. To stop the Red Square
on the top left corner is clicked.

Subject: Computer Networking (Prof. Ketna Patel) Page 47

To start the traffic again, the symbol of the fin of the shark in blue besides the stop box is used.

Capture Options-

The capture options field will be found on the Capture Menu list with Options as the Menu Item.

Subject: Computer Networking (Prof. Ketna Patel) Page 48

On Click of which the Capture Interfaces box will appear.

The Promiscuous Check Box should be checked if we want to see the traffic of the device also
from with the connectivity is provided. If unchecked it will only display the traffic of our PC.

To Store the data in different format, the save as menu item is selected from the File Menu.

Subject: Computer Networking (Prof. Ketna Patel) Page 49

The default format will be .pcapng but which can be selected from the options given in the save
as type. After selection of format click Save.

To open the stored capture data file select the name of the file to be opened from the Open menu
item from the File menu and Click Open.

Subject: Computer Networking (Prof. Ketna Patel) Page 50

And the stored traffic will be displayed.

Subject: Computer Networking (Prof. Ketna Patel) Page 51

 Lab 6:
Objective: Learn and use view level filters and capture level filters in Wireshark for different
traffic types like Ethernet, ARP, IP, TCP, UDP, DNS, HTTP, etc. For each captured category,
observe how different headers are encapsulated within each other. Eg. TCP encapsulated
within IP, HTTP encapsulated within TCP, etc.

ETHERNET

ARP

Subject: Computer Networking (Prof. Ketna Patel) Page 52

IP

TCP

Subject: Computer Networking (Prof. Ketna Patel) Page 53

UDP

DNS

Subject: Computer Networking (Prof. Ketna Patel) Page 54

HTTP

Subject: Computer Networking (Prof. Ketna Patel) Page 55

 Lab 7:
Objective: Capture the following traffic types and Interpret/ Analyze the corresponding
header and payload: Ethernet and ARP

Ans: ARP:-
Address Resolution Protocol (ARP) is a predominant protocol for finding a host’s hardware address when
only its network layer address is known. This protocol operates below the network layer as a part of the
interface between the OSI network and OSI link layer. The format of ARP packet can be discussed as
follows:-

HARDWARE TYPE: - Each data link layer protocol is assigned a number used in this field. For Ethernet it
is 1.

PROTOCOL TYPE: -Each protocol is assigned a number used in this field. For example, IPv4 is 0x0800.

HARDWARE LENGTH: - Length in bytes of a hardware address. Ethernet addresses are 6 bytes long.

PROTOCOL LENGTH: - Length in bytes of a logical address. IPv4 addresses are 4 bytes long.

OPERATION: - It specifies the operation the sender is performing: 1 for request, and 2 for reply. There
are actually four types of ARP messages that may be sent by the ARP protocol. These are identified by
four values in the “operation” field of an ARP message. The types of message are:-
1. ARP request
2. ARP reply
3. RARP request
4. RARP reply

Subject: Computer Networking (Prof. Ketna Patel) Page 56

SENDER HARDWARE ADDRESS: - Hardware address of the sender.

SENDER PROTOCOL ADDRESS: - Protocol address of the sender.

TARGET HARDWARE ADDRESS: - Hardware address of the intended receiver. This field is zero on
request.

TARGET PROTOCOL ADDRESS: - Protocol address of the intended receiver.

Output:-

Ethernet:-
An Ethernet frame is made up of five fields: the Destination and the Source MAC address field, the Ether
type field that contains some control information, a Payloadfield, and a trailing Frame Check Sequence
field that holds a checksum for the frame. The Ethernet frame starts with preamble and start frame
delimiter, followed by an Ethernet header containing MAC address of source and destination devices.
The middle section of the frame consists of payload data includingheaders for other protocols such as
internet protocol, carried in the frame. The end part of the frame consist a 32-bit cyclic redundancy
check which detects the errors in transmission. The standard data frame has a maximum length of 1518
bytes, and contains a Payload field of at least 46 and up to 1500 bytes.

Subject: Computer Networking (Prof. Ketna Patel) Page 57

Preamble: – Ethernet frame starts with 7-Bytes Preamble. This is pattern of alternative 0’s and 1’s which
indicates starting of the frame and allow sender and receiver to establish bit synchronization. Initially,
PRE (Preamble) was introduced to allow for the loss of few bits due to signal delays. But todays high-
speed Ethernet don’t need Preamble to protect the frame bits. PRE (Preamble) indicates the receiver
that frame is coming and allow the receiver to lock onto the data stream before the actual frame begins.

Start of frame delimiter (SFD): – This is a 1-Byte field which is always set to 10101011. SFD indicates
that upcoming bits are starting of frame, which is destination address. Sometimes SFD is considered the
part of PRE, this is the reason Preamble is described as 8 Bytes in many places.

Destination Address: – This is 6-Byte field which contains the MAC address of machine for which data is
destined.

Source Address: – This is a 6-Byte field which contains the MAC address of source machine. As Source
Address is always an individual address (Unicast), the least significant bit of first byte is always 0.

Length: – Length is a 2-Byte field, which indicates the length of entire Ethernet frame. This 16-bit field
can hold the length value between 0 and 65534, but length cannot be larger than 1500 because of some
own limitations of Ethernet.

Data: – This is the place where actual data is inserted, also known as Payload. Both IP header and data
will be inserted here, if Internet Protocol is used over Ethernet. The maximum data present may be as
long as 1500 Bytes. In case data length is less than minimum length i.e. 46 bytes, then padding 0’s is
added to meet the minimum possible length.

Cyclic Redundancy Check (CRC): – CRC is 4 Byte field. This field contains 32-bits hash code of data, which
is generated over Destination Address, Source Address, Length and Data field. If the checksum
computed by destination is not same as sent checksum value, data received is corrupted.

Subject: Computer Networking (Prof. Ketna Patel) Page 58

Output:-

Subject: Computer Networking (Prof. Ketna Patel) Page 59

 Lab 8:
Objective: Capture the following traffic types and Interpret/ Analyze the corresponding
header and payload: IP and ICMP

ANS:-
IP

IP traffic using command prompt

Subject: Computer Networking (Prof. Ketna Patel) Page 60

ICMP

Subject: Computer Networking (Prof. Ketna Patel) Page 61

 Lab 9
Objective: Capture the following traffic types and Interpret/ Analyze the corresponding header and
payload: TCP and UDP
TCP
Header

PayLoad

Subject: Computer Networking (Prof. Ketna Patel) Page 62

UDP :

Header

PayLoad

Subject: Computer Networking (Prof. Ketna Patel) Page 63

 Lab 10:
Objective: Capture the following traffic types and Interpret/ Analyze the corresponding
header and payload: HTTP and DNS.

Ans: HTTP:-
The Hypertext Transfer Protocol (HTTP) is a wildly successful protocol. However, the way HTTP/1.1 uses
the underlying transport has several characteristics that have a negative overall effect on application
performance today.All frames begin with a fixed 9-octet header followed by a variable-length payload.
Furthermore, HTTP header fields are often repetitive and verbose, causing unnecessary network traffic
as well as causing the initial TCP congestion window to quickly fill. This can result in excessive latency
when multiple requests are made on a new TCP connection.

The fields of the frame header are defined as: -

Length: - The length of the frame payload expressed as an unsigned 24-bit integer. Values greater than
214 (16,384) MUST NOT be sent unless the receiver has set a larger value for
SETTINGS_MAX_FRAME_SIZE.
The 9 octets of the frame header are not included in this value.

Type: - The 8-bit type of the frame. The frame type determines the format and semantics of the frame.
Implementations MUST ignore and discard any frame that has a type that is unknown.

Flags: - An 8-bit field reserved for Boolean flags specific to the frame type. Flags are assigned semantics
specific to the indicated frame type. Flags that have no defined semantics for a particular frame type
MUST be ignored and MUST be left unset (0x0) when sending.

R: - A reserved 1-bit field. The semantics of this bit are undefined, and the bit MUST remain unset (0x0)
when sending and MUST be ignored when receiving.

Stream Identifier: - A stream identifier (see Section 5.1.1) expressed as an unsigned 31-bit integer. The
value 0x0 is reserved for frames that are associated with the connection as a whole as opposed to an
individual stream.
The structure and content of the frame payload is dependent entirely on the frame type.

Subject: Computer Networking (Prof. Ketna Patel) Page 64

Output:-

DNS:-
The client/server information exchange in DNS is facilitated using query/response
messaging. Both queries and responses have the same general format, containing up to five individual
sections carrying information. All DNS packets have a structure that is:-

Subject: Computer Networking (Prof. Ketna Patel) Page 65

 The header describes the type of packet and which fields are contained in the packet.
Following the header are a number of questions, answers, authority records, and additional records. For
this project, we will be ignoring the authority and additional fields - your client program must accept
packets with such fields, but must ignore them. DNS packets have a header that is shown below. Note
that requests and replies follow the same header format.

Where each of these fields is as described below:-

ID: - A 16 bit identifier assigned by the program that generates any kind of query. This identifier is
copied the corresponding reply and can be used by the requester to match up replies to outstanding
queries. You should always use 1337 for this field.
QR: - A one bit field that specifies whether this message is a query (0), or a response (1). Obviously, you
should use 0 for your requests, and expect to see a 1 in the response you receive.
OPCODE: - A four bit field that specifies kind of query in this message. You should use 0, representing a
standard query.
AA Authoritative Answer: - This bit is only meaningful in responses, and specifies that the responding
name server is an authority for the domain name in question section. You should use this bit to report
whether or not the response you receive is authoritative.
TC Truncation: - specifies that this message was truncated. Forth is project, you must exit and return an
error if you receive a response that is truncated.
RD Recursion Desired: - this bit directs the name server to pursue the query recursively. You should use
1, representing that you desire recursion.

RA Recursion Available: - this be is set or cleared in a response, and denotes whether recursive query
support is available in the name server. Recursive query support is optional. You must exit and return
an error if you receive a response that indicates the server does not support recursion.

Z: - Reserved for future use. You must set this field to 0.

Subject: Computer Networking (Prof. Ketna Patel) Page 66

RCODE Response code: - this 4 bit field is set as part of responses. The values have the following
interpretation:-

0 No error condition
1 Format error - The name server was unable to interpret the query.
2 Server failure - The name server was unable to process this query due to a problem with the name
server.
3 Name Error - Meaningful only for responses from an authoritative name server, this code signifies that
the domain name referenced in the query does not exist.
4 Not Implemented - The name server does not support the requested kind of query.
5 Refused - The name server refuses to perform the specified operation for policy reasons.

QDCOUNT: - an unsigned 16 bit integer specifying the number of entries in the question section. You
should set this field to 1, indicating you have one question.

ANCOUNT: - an unsigned 16 bit integer specifying the number of resource records in the answer section.
You should set this field to 0, indicating you are not providing any answers.

NSCOUNT: - an unsigned 16 bit integer specifying the number of name server resource records in the
authority records section. You should set this field to 0, and should ignore any response entries in this
section.

ARCOUNT: - an unsigned 16 bit integer specifying the number of resource records in the additional
records section. You should set this field to 0, and should ignore any response entries in this section.

Output:-

Subject: Computer Networking (Prof. Ketna Patel) Page 67

 Lab 11:
Objective: Capture the following traffic types and Interpret/ Analyze the corresponding
header and payload: FTP, SMTP and Telnet.

1.FTP

Subject: Computer Networking (Prof. Ketna Patel) Page 68

2.SMTP

Subject: Computer Networking (Prof. Ketna Patel) Page 69

3.Telnet

Subject: Computer Networking (Prof. Ketna Patel) Page 70

Subject: Computer Networking (Prof. Ketna Patel) Page 71
 Lab 12:
Objective: Capture the following traffic types and Interpret/ Analyze the corresponding
header and payload: Ethernet and ARP

Ans: - Same as Lab-7.

Lab 13:
Objective: Capture Wi-FI and Bluetooth Traffic and Interpret/ Analyze the corresponding
header and payload using Wireless Traffic Sniffing tools like WireShark-USB/AirCrack-
ng/Kismet, etc.

1.wifi

2.Bluetooth

Subject: Computer Networking (Prof. Ketna Patel) Page 72

 Lab 14:
Objective: Analyze Email Traffic: Normal POP Communications, POP Problems, Dissect the
POP Packet Structure, Filter on POP Traffic, Normal SMTP Communications, SMTP
Problems, Dissect the SMTP Packet Structure, Filter on SMTP Traffic

POP: Post Office Protocol (POP) is an application layer protocol used by email systems to retrieve mail
from email servers. The email client uses POP commands such as LOGIN, LIST, RETR, DELE, QUIT to
access and manipulate (retrieve or delete) the email from the server. POP3 uses TCP port 110 and wipes
the mail from the server once it is downloaded to the local client.

POP communications

Subject: Computer Networking (Prof. Ketna Patel) Page 73

POP packet structure

Filter on POP Traffic

Subject: Computer Networking (Prof. Ketna Patel) Page 74

Flow graph of POP

IO graph of POP

Subject: Computer Networking (Prof. Ketna Patel) Page 75

SMTP: Simple Mail Transfer Protocol (SMTP) is an application layer protocol that is used to send email
from the client to the mail server. When the sender and receiver are in different email domains, SMTP
helps to exchange the mail between servers in different domains. It uses TCP port 25:

SMTP Communication

Filter on SMTP Traffic

Subject: Computer Networking (Prof. Ketna Patel) Page 76

Flow graph of SMTP

IO graph of SMTP

Subject: Computer Networking (Prof. Ketna Patel) Page 77

 Lab 15:
Objective: Analyze IEEE 802.11 (WLAN): Wireless LANs (WLANs) Traffic, Signal Strength
and Interference, Capture WLAN Traffic, 802.11 Traffic Basics like Data Frame, Normal
802.11 Communications

802.11 Communication

Filter on 802.11 Traffic

Subject: Computer Networking (Prof. Ketna Patel) Page 78

Flow graph of 802.11

IO graph of 802.11

Subject: Computer Networking (Prof. Ketna Patel) Page 79