Packet Tracing -- Putting it all together

About This Presentation

Title:

Packet Tracing -- Putting it all together

Description:

36 h-207-200-71-52.netscape.com - cfl02 TCP D=1977 S=80 Syn Ack=1011632 Seq ... 272: 6c69 7665 0d0a 0d0a 4749 4638 3961 0b00 live....GIF89a. ... – PowerPoint PPT presentation

Number of Views:24

Avg rating:3.0/5.0

Slides: 26

Provided by: Willis5

Category:

more less

Transcript and Presenter's Notes

Title: Packet Tracing -- Putting it all together

1
Packet Tracing -- Putting it all together

Packet tracing the actions of observing packets
as they appear on the media and deriving the
activities occuring on hosts or, knowing the
top-level commands issued and predicting the
packets that will appear on the media.

2
Motivations for Packet Tracing

Understanding network protocols
Debugging your network
Debugging applications that work over the network

3
Layer Protocols
DNS Query
DNS Reply
SYN
SYN/ACK
Caller
Callee
ACK
TCP Establishment
ARP Request
ARP Reply
4
Examples - 1

Assumptions
Host A, IP Address 128.194.1.2
Host B, IP Address 128.194.1.3
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3
Trace command DNS Query initiated on Host A

B
A
1
5
Answer - 1

Seg DAE SAE type SAIP DAIP
1 FF EA ARP Req 1.2 1.3
1 EA EB ARP Reply 1.3 1.2
1 EB EA DNS Q 1.2 1.3
1 EA EB DNS R 1.3 1.2

6
Examples - 2

Assumptions
Host A, IP Address 128.194.1.2
Host B, IP Address 128.194.1.3
Host C, IP Address 128.194.1.4
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3
Trace command DNS Query initiated on Host A

B
C
2
7
Answer - 2

Seg DAE SAE type SAIP DAIP
1 FF EA ARP Req 1.2 1.3
2 FF EA ARP Req 1.2 1.3
1 EA EB ARP Reply 1.3 1.2
1 EB EA DNS Q 1.2 1.3
1 EA EB DNS R 1.3 1.2

8
Examples - 3

Assumptions
Host A, IP Address 128.194.1.2
Host B, IP Address 128.194.1.3
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3
Trace command telnet 128.194.1.3 initiated on
Host A

B
A
1
9
Answer - 3

Seg DAE SAE type SAIP DAIP
1 FF EA ARP Req 1.2 1.3
1 EA EB ARP Reply 1.3 1.2
1 EB EA TCP SYN 1.2 1.3
1 EA EB SYN/ACK 1.3 1.2
1 EB EA TCP ACK 1.2 1.3

10
Examples - 4

Assumptions
Host A, IP Address 128.194.1.2
Host B, IP Address 128.194.1.3
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3
Trace command telnet B initiated on Host A

B
A
1
11
Answer - 4

Seg DAE SAE type SAIP DAIP
1 FF EA ARP Req 1.2 1.3
1 EA EB ARP Reply 1.3 1.2
1 EB EA DNS Q 1.2 1.3
1 EA EB DNS R 1.3 1.2
1 EB EA TCP SYN 1.2 1.3
1 EA EB SYN/ACK 1.3 1.2
1 EB EA TCP ACK 1.2 1.3

12
Examples - 5

Assumptions
Host A, IP Address 128.194.1.1
Host B, IP Address 128.194.2.2
Host X, IP Address 128.194.1.254 on segment 1
Host X, IP Address 128.194.2.254 on segment 2
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3
Trace command telnet 128.194.2.2 initiated on
Host A

3
2
2
1
1
B
A
1
2
13
Examples - 5 cont.

Routing table on A
Net Mask Router
0.0.0.0 0.0.0.0 128.194.1.254
Routing table on B
Net Mask Router
0.0.0.0 0.0.0.0 128.194.2.254
Routing table on X
Net Mask Router

14
Answer - 5

Seg DAE SAE type SAIP DAIP
1 FF EA ARP Req 1.1 1.254
1 EA EX1 ARP Reply 1.254 1.1
1 EX1 EA TCP SYN 1.1 2.2
2 FF EX2 ARP Req 2.254 2.2
2 EX2 EB ARP Reply 2.2 2.254
2 EB EX2 TCP SYN 1.1 2.2
2 EX2 EB SYN/ACK 2.2 1.1
1 EA EX1 SYN/ACK 2.2 1.1
1 EX1 EA TCP ACK 1.1 2.2
2 EB EX2 TCP ACK 1.1 2.2

15
Problem A -1

Use the data and diagram to show the packets
resulting from the command "telnet B" being
executed on host C. Assumptions The diagram
consists of 8 numbered ethernet segments,
5 bridges (unlabeled rectangles), two routers
(X, Y) and hosts A, B, C. ARP caches are
empty. Tables on bridges are empty. Routing
entries are as shown below. Host A is the
DNS nameserver and its IP address is known to
all machines.
Netmask for 128.194 is 255.255.255.0.
A- 128.194.15.1, ethernet e1
B- 128.194.99.2, ethernet e2
C- 128.194.12.3, ethernet e3
X- seg 7128.194.15.100, ethernet e5
seg 3128.194.12.100, ethernet e6
Y- seg 8128.194.99.101, ethernet e7
seg 4128.194.12.101, ethernet e8

16
Problem A - 2
17
Problem A - 3

Host Network Netmask Router
A 0.0.0.0 0.0.0.0 128.194.15.100
B 128.194.12.0 255.255.255.0 128.194.99.101
128.194.15.0 255.255.255.0 128.194.99.101
C 128.194.15.0 255.255.255.0 128.194.12.100
0.0.0.0 0.0.0.0 128.194.12.101
X 128.194.99.0 255.255.255.0 128.194.12.101
0.0.0.0 0.0.0.0 128.194.12.101
Y 128.194.15.0 255.255.255.0 128.194.12.100
0.0.0.0 0.0.0.0 128.194.12.100

18
Decode Example - 1

33 cfl02 -gt h-207-200-71-52.netscape.com TCP
D80 S1977 Syn Seq1011631 Len0 Win0
0 0000 ef03 efb0 00a0 2435 5343 0800 4500
........5SC..E.
16 002c 6f03 0000 3c06 f2c2 80c2 8547 cfc8
.,o...lt......G..
32 4734 07b9 0050 000f 6faf 0000 0000 6002
G4...P..o......
48 0000 036d 0000 0204 05a0 0000
...m........

19
Decode Example - 2

36 h-207-200-71-52.netscape.com -gt cfl02
TCP D1977 S80 Syn Ack1011632 Seq1144453529
Len0 Win49152
0 00a0 2435 5343 0000 ef03 efb0 0800 4500
..5SC........E.
16 002c 914c 4000 3206 9a79 cfc8 4734 80c2
.,.L_at_.2..y..G4..
32 8547 0050 07b9 4436 f999 000f 6fb0 6012
.G.P..D6ù...o..
48 c000 0577 0000 0204 05b4 15f8
...w.......ø

20
Decode Example - 3

37 cfl02 -gt h-207-200-71-52.netscape.com TCP
D80 S1977 Ack1144453530 Seq1011632 Len0
Win2880
0 0000 ef03 efb0 00a0 2435 5343 0800 4500
........5SC..E.
16 0028 6f04 0000 3c06 f2c5 80c2 8547 cfc8
.(o...lt......G..
32 4734 07b9 0050 000f 6fb0 4436 f99a 5010
G4...P..o.D6ù.P.
48 0b40 d1f4 0000 0204 05a0 0000
._at_..........

21
Decode Example - 4

56 cfl02 -gt h-207-200-71-52.netscape.com TCP
D80 S1977 Ack1144453530 Seq1011632
Len374 Win2880
0 0000 ef03 efb0 00a0 2435 5343 0800 4500
........5SC..E.
16 019e 6f08 0000 3c06 f14b 80c2 8547 cfc8
..o...lt..K...G..
32 4734 07b9 0050 000f 6fb0 4436 f99a 5018
G4...P..o.D6..P.
48 0b40 a905 0000 4745 5420 2f65 7363 6170
._at_....GET /escap
64 6573 2f73 6561 7263 682f 696d 6167 6573
es/search/images
80 2f68 6f72 697a 6f6e 7461 6c62 6172 2e67
/horizontalbar.g
96 6966 2048 5454 502f 312e 300d 0a49 662d
if HTTP/1.0..If-
112 4d6f 6469 6669 6564 2d53 696e 6365 3a20
Modified-Since
128 5765 646e 6573 6461 792c 2031 362d 4170
Wednesday, 16-Ap
144 722d 3937 2030 303a 3430 3a31 3620 474d
r-97 004016 GM
160 543b 206c 656e 6774 683d 3534 0d0a 5265
T length54..Re
176 6665 7265 723a 2068 7474 703a 2f2f 686f
ferer http//ho
192 6d65 2e6e 6574 7363 6170 652e 636f 6d2f
me.netscape.com/
208 6573 6361 7065 732f 7365 6172 6368 2f6e
escapes/search/n
224 7473 7263 6872 6e64 2d31 2e68 746d 6c0d
tsrchrnd-1.html.
240 0a43 6f6e 6e65 6374 696f 6e3a 204b 6565
.Connection Kee
256 702d 416c 6976 650d 0a55 7365 722d 4167
p-Alive..User-Ag

22
Decode Example - 5

58 h-207-200-71-52.netscape.com -gt cfl02
TCP D1977 S80 Ack1012006 Seq1144453530
Len280 Win49152
0 00a0 2435 5343 0000 ef03 efb0 0800 4500
..5SC........E.
16 0140 92eb 4000 3206 97c6 cfc8 4734 80c2
._at_.._at_.2.....G4..
32 8547 0050 07b9 4436 f99a 000f 7126 5018
.G.P..D6ù...qP.
48 c000 3e23 0000 4854 5450 2f31 2e31 2032
..gt..HTTP/1.1 2
64 3030 204f 4b0d 0a53 6572 7665 723a 204e
00 OK..Server N
80 6574 7363 6170 652d 456e 7465 7270 7269
etscape-Enterpri
96 7365 2f33 2e30 0d0a 4461 7465 3a20 5375
se/3.0..Date Su
112 6e2c 2032 3420 4175 6720 3139 3937 2030
n, 24 Aug 1997 0
128 383a 3135 3a33 3820 474d 540d 0a43 6f6e
81538 GMT..Con
144 7465 6e74 2d74 7970 653a 2069 6d61 6765
tent-type image
160 2f67 6966 0d0a 4c61 7374 2d6d 6f64 6966
/gif..Last-modif
176 6965 643a 2054 7565 2c20 3135 2041 7072
ied Tue, 15 Apr
192 2031 3939 3720 3233 3a34 303a 3136 2047
1997 234016 G
208 4d54 0d0a 436f 6e74 656e 742d 6c65 6e67
MT..Content-leng
224 7468 3a20 3534 0d0a 4163 6365 7074 2d72
th 54..Accept-r
240 616e 6765 733a 2062 7974 6573 0d0a 436f
anges bytes..Co
256 6e6e 6563 7469 6f6e 3a20 6b65 6570 2d61
nnection keep-a

23
Decode Example - 6

59 cfl02 -gt h-207-200-71-52.netscape.com TCP
D80 S1977 Ack1144453810 Seq1012006 Len0
Win2880
0 0000 ef03 efb0 00a0 2435 5343 0800 4500
........5SC..E.
16 0028 6f09 0000 3c06 f2c0 80c2 8547 cfc8
.(o...lt......G..
32 4734 07b9 0050 000f 7126 4436 fab2 5010
G4...P..qD6..P.
48 0b40 cf66 0000 0204 05a0 0000
._at_.f........

24
Decode Example - 7

60 h-207-200-71-52.netscape.com -gt cfl02
TCP D1977 S80 Fin Ack1012006 Seq1144453810
Len0 Win49152
0 00a0 2435 5343 0000 ef03 efb0 0800 4500
..5SC........E.
16 0028 92ec 4000 3206 98dd cfc8 4734 80c2
.(.._at_.2.....G4..
32 8547 0050 07b9 4436 fab2 000f 7126 5011
.G.P..D6ú...qP.
48 c000 1aa5 0000 6915 9192 0000
......i.....

25
Decode Example - 8

61 cfl02 -gt h-207-200-71-52.netscape.com TCP
D80 S1977 Ack1144453811 Seq1012006 Len0
Win2880
0 0000 ef03 efb0 00a0 2435 5343 0800 4500
........5SC..E.
16 0028 6f0a 0000 3c06 f2bf 80c2 8547 cfc8
.(o...lt......G..
32 4734 07b9 0050 000f 7126 4436 fab3 5010
G4...P..qD6ú.P.
48 0b40 cf65 0000 0204 05a0 0000
._at_.e........

Write a Comment

User Comments (0)

About PowerShow.com

Packet Tracing -- Putting it all together - PowerPoint PPT Presentation

Packet Tracing -- Putting it all together

36 h-207-200-71-52.netscape.com - cfl02 TCP D=1977 S=80 Syn Ack=1011632 Seq ... 272: 6c69 7665 0d0a 0d0a 4749 4638 3961 0b00 live....GIF89a. ... – PowerPoint PPT presentation