In this lab you will be looking at traces of packet sniffs that illustrate IP Fragmentation and NAT routers

IP_Fragmentation

Download the file  IP_Fragment.zip  onto one of the lab 2 machines, csl2su1.cs.ust.hk - csl2su41.cs.ust.hk and  unzip it to be IP_Fragment.snp. Run the command:

snoop -i IP_Fragment.snp -v

If that doesn't work then your path probably doesn't include /usr/sbin, so try

/usr/sbin/snoop  IP_Fragment.snp   -i  -v

This is the trace of a UDP packet  sent in one IP packet that has then been fragmented.  The packet sniffer identifies whether the flag  more packets or last fragment is set. 

Answer the questions:

  1. Into how many fragments has the IP packet been split?
  2. How many data bytes does the original IP fragment have?

 

Note.  If you want to filter out all but the IP packets you can run
snoop -i IP_Fragment.snp -v | awk '{ if ( $1 == "IP:") print $0}'

A NAT EXAMPLE

In this lab you will see examples of how a NAT router works.  The setup is illustrated in this pdf file.  There is a host machine 192.168.0.1 (local network address) which is behind a NAT router.  The NAT interface to the rest of the network has interface 218.103.184.25

The packet sniffs illustrate two scenarios:

Extra: Full dumps of the packet sniffs are available here.  You can view them using the same snoop -i filename.snp -v command.