Cashback Offer (1st - 15th October 2020). Get Flat 10% Cashback credited in your account on a minimum transaction of $80. Post Your Question

Question DetailsNormal
$ 38.00

CS 279 Assignment 3 | Application Layer Protocols and Port Numbers | Complete Solution

Question posted by
Online Tutor Profile
request

CS 279 Assignment 3 | Application Layer Protocols and Port Numbers | Complete Solution


Application Layer Protocols and Port Numbers
Enter your answers into this document in bold then upload it through Moodle.  Be sure to include the requested screen shots.  You may use the Application Layer Protocols Power Point to help you.

PART 1 – Application Layer Protocols

A. Dynamic Host Configuration Protocol (DHCP)
1.Intro: DHCP automatically provides a computer an IP address from a server, and additionally the IP addresses of the DNS server and the computer’s default gateway.  These are three critical addresses used for network communication.  The client’s address assigned by the server when a request is received comes from a range of addresses configured in the DHCP server and is assigned for an interval of time.  DHCP allows new machines to be added to the network easily, and averts duplicate assignment of IP addresses (preventing network communication) which was a common problem when IP addresses were assigned manually.
2.    The assignment of an IP address involves the exchange of four packets called the DORA sequence (discover, offer, request, acknowledgment) between the client and the server.  DHCP is an enhancement of the older Bootstrap Protocol BOOTP, and this older name still shows up several places in the DHCP process.  For example, when Wireshark shows the DHCP header in a packet it names it the “Bootstrap Protocol.” 
3.    Start a Wireshark capture then cause a DORA sequence to be generated by releasing your current IP address with the Command Prompt command “ipconfig /release” then enter “ipconfig /renew” to be assigned a new IP address.  Now, stop the Wireshark capture.
4.    Enter “bootp” in the Wireshark filter bar to isolate the DHCP packets.  This is another place where the older bootp name is used (note that entering dhcp in the filter bar doesn’t work). Click in the packet-list pane on each of the four DORA packets and observe which protocol headers are shown in the packet-header details pane below. 
How many protocols layers are there in the packets (count the protocol headers including Ethernet? _______  (Don’t count the first line labeled “Frame” because as we learned earlier in the Wireshark Intro Power Point, the Frame section contains Wireshark’s general information about the packet but doesn’t show data in the packet.)
Which TCP/IP layers are represented (check all that apply)?
    [  ] Link  [  ] Internet  [  ] Transport  [  ] Application

5.Notice that the Transport layer protocol is not TCP as we have observed in other assignments.  What is the Transport layer protocol used in these DORA packets? ___________________  Recall that the Transport layer protocol used in the DORA packets has some characteristics that distinguish it from TCP.  Which are these (check all that apply).
    [  ] Connectionless        [  ] Connection oriented 
[  ] Faster than TCP    [  ] Slower than TCP
[  ] Non reliable        [  ] Certified delivery
[  ] Uses port numbers    [  ] Doesn’t use port numbers

This Transport layer protocol (check one)   [  ] does  [  ] does not   do handshaking with the far end and therefore has very few header fields when compared with TCP.  How many header fields do you observe in this Transport layer header? _______  (maximize the header line and the subsections and inspect)

The (check one)    [  ] speed  [  ] reliability    provided by this Transport layer protocol is important for the DHCP process.  Also, recall that this protocol (check one)     [  ] does  [  ] does not    guarantee delivery like TCP, but the DHCP process itself has its own reliability measures.

6.Maximize the sections in the Discover packet and answer these questions:
    What is the source IP address? _____________________ (note that the source doesn’t have an IP address yet, so this is used)
    What is the destination IP address? ____________________ (note that this is the universal broadcast address, that is, it is network independent so it will be sent to every device on the network in hopes of finding a DHCP server)
    What is the source MAC address? _____________________ Does this match your MAC address as shown by “ipconfig /all”? _____
    What is the destination MAC address? ____________________  What does this MAC address mean? ______________________
    What is the source port number? ________
    What is the destination port number? _______
    Is this a DHCP request or reply (check one): [  ] request  [  ] reply  (look in the DHCP header,  which Wireshark calls the Bootstrap Protocol, Message type field (also called the OpCode field) for the answer)
    Since this is a Discovery packet, most of the fields in the DHCP header, exclusive of the Options fields (check one): [  ] have data  [  ] are empty or zero
 
7.Look in the DHCP header’s option fields for these:
    Requested IP Address – this is the address the client would like to receive, typically its previous IP address, or zero.
    Parameter Required List – lists various DHCP configuration options that the client would like to receive.

Screen print this Discover packet with these last two option fields maximized and insert the screen shot immediately below.

8.    Maximize the sections in the Offer packet and answer these questions:
    What is the source IP address? _____________________
    What is the destination IP address? ____________________
    What is the source MAC address? ____________________
    What is the destination MAC address? __________________
    What is the source port number? ________
    What is the destination port number? _______
    The client doesn’t have an IP address yet, so communication is via its MAC address or MAC broadcast.  Which is it in your case? ___________________  How do a MAC address and MAC broadcast address differ? ________________________________________________
    Look in the Message type field (also called the OpCode) in the DHCP header.  Is it (check one): [  ] request  [  ] reply
    Look at the Transaction ID field in the DHCP header.  This should be the same ID as in the Discover packet to link this offer to the discover.  Is it the same value? _____
    The offer packet is sent by the server to offer its services to the client, for example:
    Look in the “Your (client) IP address” field.  This is the address the server is offering.  What is it in your case? ___________________
    Look in the Subnet Mask option field.  What is the value shown? ____________________
    Now, figure out what the IP network id (also called the IP subnet id) for the network your client will be on when it accepts the offered IP address.  Recall that the IP network id is the IP address with the host bits all zero, and that the demarcation between the host bits and the network id bits of an IP address is determined by the subnet mask.  What is the IP network id your client would be on? __________________________________

    The DHCP option fields list options the server can supply.  For example, in the packet you are observing, can it supply your client with the IP addresses of the DHCP server and DNS server? _____  Can it supply your client with the Router IP address (this is the default gateway)? ______

    Screen print this Offer packet with the option fields maximized and insert the screen shot immediately below.

9.    Maximize the sections in the Request packet and answer these questions:
    The client doesn’t have an IP address yet, so how is the source IP address shown? _________________________________ and how is the destination IP address shown? _________________________________  What is the destination MAC address? _________________________________ Is this a broadcast? _____
    What is the source port number? ________
    What is the destination port number? _______
    Look in the Message type field (also called the OpCode) in the DHCP header.  Is it (check one): [  ] request  [  ] reply
    Look at the fields in the DHCP header.  Like the Discovery packet are most of the fields, exclusive of the Option fields, empty or zero? _____
   
    Screen print this Request packet with the option fields maximized and insert the screen shot immediately below.

10.    Maximize the sections in the Acknowledgment (ACK) packet and answer these questions:
    What is the source IP address? _____________________
    What is the destination IP address? ____________________
    What is the source port number? ________
    What is the destination port number? _______
    Does it appear the client now has an IP address and communication can occur with IP addresses? ____
    Look in the Message type field (also called the OpCode) in the DHCP header.  Is it (check one): [  ] request  [  ] reply
    Look in the DHCP header Options fields.  Does it appear that these have the same values as the Offer packet? ____
 
Screen print this Acknowledgment packet with the option fields maximized and insert the screen shot immediately below.

11.    Recall that you released your computer’s IP address earlier in this activity.  This also released your DHCP Server’s IP address from your computer’s TCP/IP configuration.  Use “ipconfig/all” now to list your DHCP Server’s IP address.  Is this the same address as the server you have been communicating with as indicated by the IP addresses in the packets you have been analyzing? ____

B. Domain Name System (DNS)
1.    Intro: DNS is a critical protocol of the Web because it maps hostname.domain_names to IP addresses.  The former are used by users, the latter are used in the packets for delivery.  DNS is a hierarchical, distributed database involving servers from around the world.
2.    Use “ipconfig/all” to answer these questions about your computer:
    What is your IP address? ______________________
    What is your MAC address? ___________________
    What is your DNS Server’s IP address? ____________________
3.    Start a Wireshark capture then from your browser enter the URL www.redhat.org  Now, stop the Wireshark capture.
4.    Enter “dns” in the Wireshark filter bar to isolate the DNS packets. Look for the DNS packets that have www.redhat.org in the Info column of Wireshark’s packet-list pane.  In the normal DNS process, there is a request packet for a name resolution from the client, then a response packet from the server.  Wireshark labels the request packet with “Standard query” in the Info column, and a response packet with “Standard query response.” 
Click on the Request packet and maximize the various protocol headers in the packet-header details pane below.  Do the source MAC and IP addresses indicate the packet came from your computer? _____  Does the destination IP address indicate that the packet is targeting your DNS server? _____  Which Transport layer protocol is being used? ______________  What is the source port number (check one)?
[  ] Ephemeral port  [  ] Well-known port for DNS  [  ] Other
    The source and destination port numbers imply that this packet is a (check one) [  ] request from client  [  ] response from server
5.    What is the Transaction ID field value in the DNS header (this is the DNS ID Number field)? ____________  Maximize the Flags section in the DNS header.  Does the Response field indicate this is a query? ____  Does the Recursion Desired field indicate that it is desired? ____  Now, look in the Questions field (outside the Flags section).  This is a count of the number of questions in the Questions Section field (identified by Wireshark simply as “Queries.”  What is the count? ____ Now maximize the Queries field and the URL immediately below.  What is the name in the query? ______________________  When the Type is A this indicates an address record, and a type of NS indicates the authoritative name server record in the DNS server.  The class IN indicates an Internet address, that is, an IP address is requested.

Screen print this Request packet with the DNS Flags and Queries fields maximized and insert the screen shot immediately below.

6.    Now click on the DNS Response packet in the packet-list pane.  Does the source IP address indicate the DNS server? _____  Do the destination MAC and IP addresses indicate your computer? _____  Note that the source MAC address would not be the MAC address of the DNS server unless it were on your local network segment.  What device is this MAC address associated with? ______________ (recall that source MAC addresses are “last hop” addresses, not original source)
    Is the same Transport layer protocol being used in this response packet as in the request packet above? _____  Are the source and destination port numbers the reverse of the request packet? _____  The source and destination port numbers imply that this packet is a (check one) [  ] request from client  [  ] response from server
7.    Is the Transaction ID field value in the DNS header the same as in the request packet above? _____ (note that if it is it indicates that this is response packet for the original query)  Look in the Flags section.  Does it indicate that this is a response? ____  Does it indicate that the DNS server can do recursive queries? _____  How many Questions and Answer RRs (Answer Resource Records) are indicated? ______  (note that normally this would be one because there was one Question in the request packet)
8.    Maximize the Answers section in the DNS header.  This is the server’s response to the client’s request.  It should indicate the IP address of the hostname.domain_name if the type is A (an address record), or the cname (Canonical Name) if the type is NS (authoritative name server record).  Canonical names are names for aliases.  It is used to specify that a domain name uses the IP addresses of another domain, the "canonical" domain.  This is convenient when running multiple services (like FTP and HTTP) from a single IP address. You can, for example, point ftp.example.com and www.example.com to the A record example.com, which in turn points to the IP address. Then, if you ever need to change the IP address, you only have to change it in one place (the A record). CNAME records must always be pointed to another domain name, never to an IP address.  (For more details see http://en.wikipedia.org/wiki/CNAME_record )

Screen print this Response packet with the DNS Flags, Queries and Answers fields maximized and insert the screen shot immediately below.

PART 2 – Exploring Protocols Using Telnet

A. Telnet
1: Intro: Telnet is a program which allows you to connect directly to remote machines. In the past, it was used similarly to the way we currently use SSH. The problem was that telnet did not provide any encryption mechanism and thus all login credentials, all commands entered, and all data are sent in plain-text. Its usage for these cases is therefore strongly discouraged. It is still a useful tool, however, to see the inner workings of Internet protocols. In this part, you are going to use telnet to interact directly with HTTP for retrieving web pages and FTP for downloading files.

The basic Command Prompt usage for telnet is:

telnet [host name or ip address] [port number]

2.    Enter “telnet /?” from the Command Prompt.  If your receive the message “not recognized as an internal or external command” then you will need to allow telnet to run in your Windows environment.  For Windows 7, implement the steps in http://social.technet.microsoft.com/wiki/contents/articles/910.enabling-telnet-client-in-windows-7.aspx

For other versions of Windows, do a Google search for the steps.

3.    After you have telnet running, enter “telnet /?” and notice that there are host and port number features.

B.  Hypertext Transfer Protocol (HTTP)
1.    Intro: We have used HTTP, the fundamental protocol of the web, in other assignments.  Now let’s explore it with telnet.
2.    First, launch your browser and enter the URL www.google.com to reach Google’s home page. Jot down the string in the browser’s URL bar.

We will use telnet to see if we can learn more about HTTP. The well-known port number for HTTP is 80, so we just need to telnet to that port and type an HTTP command. The steps below demonstrate how to retrieve Google's home page. 

3.    From the Command Prompt, enter “telnet www.google.com 80”
a) Press Ctrl+] (that is, hold down the Ctrl key and strike right bracket ]) to escape to telnet command mode from the session. 
b) Enter “display” to display the telnet options. 
c) If Local echo is off then turn it on by entering “set localecho”  then press Enter twice to return to the telnet session. 
d) Now enter “GET / HTTP/1.1” and press Enter twice (enter that last command in upper case and with the spaces shown).  You should see HTML code displayed from Google’s home page.  Enter “quit” to end the telnet session.

This was like typing www.google.com in our browser.

4.    We can also specify a host in the request. Following is an example using the Host argument after the GET / HTTP/1.1 command. 
a) Enter “telnet www.google.com 80”
b) Then as before enter Ctrl+]
c) Enter “display” (and if need be enter “set localecho” then press Enter twice to return to the telnet session). 
d) Now as before enter “GET / HTTP/1.1” and press Enter once (not twice) then enter “Host: mail.google.com” and press enter twice.  Notice in the output that the URL is now  mail.google.com instead of  www.google.com.

    Screen print the telnet display and insert it immediately below.

Enter “quit” to close the telnet session.

5.    What did the Host argument do? _______________________________________

Note: If you have a gmail account try logging in to it and see what the URL in your browser shows.


C. File Transfer Protocol (FTP)
1.    Intro: FTP is the protocol used to transfer files from one host to another over the Internet.  It uses TCP as the Transport protocol.  The FTP service may provide anonymous access. When it does, users login to FTP with the account “anonymous” (lower-case and case-sensitive in some FTP servers) when prompted for a user name. Although users are normally asked to send their email address instead of a password, no verification is actually performed on the password. Many FTP servers whose purpose is to provide software updates will allow anonymous logins.

2.    There are many FTP software packages like FileZilla and Core FTP Lite that support transferring files using FTP.  We can use telnet as well, but there's a catch. Remember that FTP uses two channels: one for control (port 21) and one for data. Thus if we want to actually transfer any files (or even view a directory), we're going to have to use two separate telnet sessions. First let's login using telnet to one of the public FTP servers. The example below shows how to do this.

3.    In this exercise, your session can time out if you take too long between steps.  In that case, redo the steps.

Note:  If you have trouble making this Part C work from the college network be sure you have entered the commands as shown, and since there can be timeouts that end your session if you take too long between steps, you may need to try it several times.  If it still fails try it from your home PC.  If it still fails from there then screen print your interaction showing error messages or problems you encountered and insert the screen shot immediately below, then move on to Part D.

Enter   telnet ftp.ncsa.uiuc.edu 21   to connect to this FTP site.
You should receive the message:
220 ftp.ncsa.illinois.edu FTP Server … 

    The telnet commands below are shown in upper case, but you can enter them in lower case. 

a) Enter USER anonymous  to login anonymously. 
You should receive the message:
331 Guest login ok, type your email address as the password

b) Enter PASS your@email.com  where “your@email.com is your email address.  This enters your email address as the password, the standard for anonymous logins. 
You should receive the message:
230 User anonymous logged in

    Here’s what the above interaction should look like:
220 ftp.ncsa.illinois.edu FTP Server (Apache/2.2.3 (CentOS) PHP/5.1.6 mod_ftp/0.9.6) ready.
user anonymous
331 Guest login ok, type your email address as the password
pass your@lanecc.edu
230 User anonymous logged in

4.    Now we can start inserting our own commands.
a) Enter HELP to see what commands are available. Notice that there are USER, PASS, LIST, PASV, and RETR commands listed. 
b) Enter in succession the commands: HELP USER, HELP PASS, HELP LIST, HELP PASV, and HELP RETR to read the brief descriptions for each of these commands. 

Before we can do much of anything else, we have to open up the data connection. To do this, we will use the PASV command (passive mode) as below:

c) Enter PASV
You should receive the message:
227 Entering Passive Mode (141,142,192,162,233,189)

The last two numbers in the string above will vary.

Basically this tells the FTP server to open up a new port specifically for us and we'll connect to it in another session. The numbers in parenthesis contain the IP address and port to connect to. The first four numbers are the IP address of the host to connect to. We use the final two numbers to compute the port number. In particular, we multiply the first number (233 or whatever it is in your case) by 256 and add the second number (189 or whatever it is). In this example, this gives us a port number of 233*256 + 189 = 59837 (your number will be different). 
Is this a well-known port number? _____
What the FTP server is saying is for us to make the second connection for data via the port number that it has displayed for us using these two numbers.

5.    To start this data connection, we need to open up another Command Prompt session (don't kill the current one!) and connect as follows:

telnet 141.142.192.162 59837  (but use the port number you computed above)

Now that we have both the control and data channels established, we can start doing more interesting things.
So, go back over to the control window and enter LIST

Now if you go back to the data connection window, you should see a long list of files which are available on the remote server. Notice that there is a file named README.FIRST listed.

Screen print the window with the file list displayed and insert it immediately below.

6.    This is an optional step, you can skip over it if you like.  Note also that our connection was terminated.  If we want to do anything else, we'll have to repeat the steps above to get a new data channel open. Go ahead and open another data channel, then enter  RETR README.FIRST  (use upper case for the filename) in the control session. RETR is short for “retrieve" and README.FIRST is just the name of a file, the contents of which should be displayed in the data channel window.

7.    When you are all finished with the control session, type QUIT to exit.  Use this site http://en.wikipedia.org/wiki/File_Transfer_Protocol to confirm some of what we learned above. From the info on that site, fill in the blanks below:

“FTP may run in active or passive mode, which determines how the data connection is established. … In situations where the client is behind a firewall and unable to accept incoming TCP connections, __________ mode may be used. In this mode, the client uses the ____________ connection to send a PASV command to the server and then receives a server ___________ and server __________ from the server, which the client then uses to open a _____________ connection from an arbitrary client port to the server __________ and server __________ received.”

8.    Review the info at this site regarding the way Active and Passive FTP handle ports:  http://slacksite.com/other/ftp.html

     Briefly describe how ports are handled in Active and Passive FTP. _________________
    _______________________________________________________________________
    _______________________________________________________________________

9.    Note: If you were using your own computer for the Telnet activities and you added support for Telnet to you Windows environment, you might consider cleaning up by returning your Windows configuration to the way it was.

PART 3 – Summary of Port Numbers
1.    Fill-in the table below based on your experience doing the exercises above (and with respect to HTTP also from activities in previous assignments). 



Protocol    Client Port Number    Server Port Number   

Clarifying Explanation if Needed
DHCP           
DNS           
HTTP           
FTP           

Upload this document through Moodle with answers in bold and requested screen shots inserted.

[Note: Part 1 of this assignment is a modification of Ch. 7 from Practical Packet Analysis, Sanders, 2nd ed, No Starch Press, 2011; Part 2 is a modification of a lab written by Jason Gustafson, GTF at UO.]

   

Available Answer
$ 38.00

[Solved] CS 279 Assignment 3 | Application Layer Protocols and Port Numbers | Complete Solution

  • This Solution has been Purchased 1 time
  • Submitted On 05 Feb, 2015 07:55:08
Answer posted by
Online Tutor Profile
solution

Telnet is a program which allows you to connect directly to remote machines. In the past, it was used similarly to the way we currently use SSH....

Buy now to view the complete solution
Other Similar Questions
User Profile
Exper...

CS 279 Assignment 2 Link, Internet, and Transport Layer Protocols | Complete Solution

Here we already have computer arp table. So, no arp packets are generated. However, if the ARP table doesn’t contain the desired address an ARP broadcast packet is sent to all the devices connected to the local netwo...

User Profile
Exper...

CS 279 Assignment 3 | Application Layer Protocols and Port Numbers | Complete Solution

Telnet is a program which allows you to connect directly to remote machines. In the past, it was used similarly to the way we currently use SSH. The problem was that telnet did not provide any encryption mechanism and thus...

The benefits of buying study notes from CourseMerit

homeworkhelptime
Assurance Of Timely Delivery
We value your patience, and to ensure you always receive your homework help within the promised time, our dedicated team of tutors begins their work as soon as the request arrives.
tutoring
Best Price In The Market
All the services that are available on our page cost only a nominal amount of money. In fact, the prices are lower than the industry standards. You can always expect value for money from us.
tutorsupport
Uninterrupted 24/7 Support
Our customer support wing remains online 24x7 to provide you seamless assistance. Also, when you post a query or a request here, you can expect an immediate response from our side.
closebutton

$ 629.35