ECEN4533 Homework Problem (20 points extra credit, due by midnight 6 May 2011) Purpose: To (slightly) familiarize the

student with some of the tools used in network troubleshooting. Procedure: On your home PC... *Find Dr. Scheets' personal home page & scroll down to "THE SCIENCE AND ENGINEERING EXPERIENCE" & click on one of the following links: Bridge Building 101 Museum of Unworkable Devices Welcome Mat Annuals of Improbable Research Ig Noble Prizes Museum of Retro Technology (then click on an article) My Hero, 'Hanging Judge' Parker *Or click on one of the following http://www.srh.noaa.gov/oun/ http://medlineplus.gov/ http://www.visi.com/juan/congress/ NOTE: Today, much web traffic is encrypted and/or compressed. Wireshark will not properly display text in either case. The above sites have been around for awhile, and as of this time last year, were not using compression. *Claim this link by emailing Dr. Scheets, who will turn around and notify the class as each site is claimed. Each student must use a different link. If they're all claimed you'll have to find another link with uncompressed text. *From the command line of your home PC, execute a trace route (tracert xxx) to the claimed web site. If you get three "request timed out" notifications in a row, you've probably hit a destination firewall which will block further progress. Hit the "control" and "c" buttons simultaneously to terminate the trace route. Save this file to a text document such as Microsoft Word. To load this into the copy buffer, right click on some text, click "mark", highlight the entire file, then hit your keyboard's carriage return. You should then be able to paste the file. *Identify the listed owners of all unnamed routers traversed. Sites such as www.arin.net can provide such info. *As best you can, from the trace route, identify the cities traversed. Some geo-location services include... http://www.melissadata.com/lookups/iplocation.asp http://www.ip2location.com/free.asp http://www.ip-adress.com/ip_tracer/ Note though, that they aren't always 100% accurate. *Using Wireshark, capture the downloading of a web page from this site. -Fire up Wireshark, click on "Capture", "Interfaces", then click the "Start" button on the interface with an Ethernet NIC. You need to have administrator privileges to see these. -Hit the reload button on your web browser. When the reload is completed, shut down the

Wireshark capture process by clicking on "Capture", "Stop". -Save your capture file. -Depending on your firewall settings, whether or not you're using a home router, and the type of protocol you're attached to the Internet with, you may or may not capture traffic that is not addressed to your computer. Verify the packets shown have either the source or destination IP addresses for your computer. Your IP address can be found by typing "ipconfig/all" or just "ipconfig" on the command line or poking around Wireshark. If other addresses are on the line, in the "filter" box on Wireshark (3rd row from the top) type "ip.addr eq x.x.x.x" without the quotes. The x.x.x.x should be your PC's IP address in dotted decimal format. The box will turn green when everything is correct. Click "apply". This will hide the other packets and allow you to focus on the web page down load. -Identify and record the numbers of the captured packets containing TCP's three way handshake that opened the initial logical link from your PC to the server. Record the server & PC advertised window sizes. Identify and record the advertised Maximum Segment Sizes. -Within a packet, identify a portion of text that is printed on the web page. This is easiest to do if you click on the magnifying glass on the 2nd row of Wireshark, click on "string", type in 1-2 words in the filter line, the click "Find". Dig down into the packet highlighted and verify you've got the text that matches your web page screen. Record the packet number. Identify the ACK of this particular packet, and the round trip time. You can find these by digging into the TCP header. -Execute a screen capture (simultaneously press "alt" and "print screen") of the web page in question. Paste it into Microsoft Paint, Word, or Power Point, or some other program and save the file. -Using Wireshark and tools such as "Analyze: Follow TCP Stream, Expert Info" or "Statistics: Summary, Conversations, Destinations" or others, answer the following questions. (1) Were there any packets lost or received out of order in your web page down load? (2) Was Fast Retransmission used? If so, how many times. (3) How many servers provided data for this web page display? Turn in: (1) Trace route listing (2) List of owners for each router traversed, and your best guess of the cities traveled by packets moving between your PC and the server. (3) Wireshark capture file. (4) Packet numbers where the initial TCP 3-way handshake occurred, and where your selected portion of the web page text is located. Answers to the three questions above. (5) Screen capture of the web page in (4) above. Somewhere you need to note your selected text. Feel free to contact Dr. Scheets or a class mate if you're having trouble. <<<<<>>>>>