EDTECH 552, lab2

Multiple Choice Questions:

1. How does CSMA/CD react to collisions?

A. All systems jam the network, and then all begin transmitting again.
B. Hosts involved in a collision send an RTS signal indicating a time frame in
which to retransmit.
C. Hosts involved in the collision send a jam signal, and then run an algorithm
before retransmitting.
D. Collisions do not occur on CSMA/CD.

2. How is equal access to the wire managed in a collision-oriented environment such

as Ethernet?
A. The hosts are given equal access based on the circulation of a token; hosts can
only transmit when they hold the token.
B. Hosts are given prioritized access to the wire based on their MAC address.
C. Hosts are given equal access to the wire by being allowed to transmit at
specified time intervals.
D. Hosts signal their desire to transmit by sending a contention alert.
E. Hosts check the wire for activity before attempting to send; if a collision
happens, they wait a random time period before attempting to send again.

3. Which answer correctly lists the OSI PDUs in order?

A. Data, Packet, Frame, Segment, Bit
B. Bit, Data, Packet, Segment, Frame
C. Data, Segment, Packet, Frame, Bit
D. Bit, Frame, Segment, Packet, Data

4. Which transport layer protocol provides connection-oriented, reliable transport?

A. TFTP
B. UDP
C. Ethernet
D. TCP
E. Secure Shell

EDTECH 552, lab2

5. Which of the following are true when comparing TCP/IP to the OSI Reference
Model? (Choose two.)
A. The TCP/IP model has seven layers while the OSI model has only four layers.
B. The TCP/IP model has four layers while the OSI model has seven layers.
C. The TCP/IP Application layer maps to the Application, Session, and Presentation
layers of
the OSI Reference Model.
D. The TCP/IP Application layer is virtually identical to the OSI Application layer.

6. In which layer of the TCP/IP stack is framing found?

A. Network
B. Data Link
C. Internet
D. Network Access

7. Which of the following WAN technologies is considered packet switched?

A. Frame relay
B. T1 lines
C. Dial-up
D. DSL
8. Which OSI layer is concerned with reliable end-to-end delivery of data?
A. Application
B. Transport
C. Network
D. Data Link
9. Logical addressing is found in the ________________ layer, while physical
addressing is found in the ________________ layer.
A. Physical, Network

EDTECH 552, lab2

B. Network, Physical
C. Data Link, Network
D. Network, Data Link
10. The OSI Reference Model layers, in order from top to bottom, are:
A. Application, Physical, Session, Transport, Network, Data Link, Presentation
B. Application, Presentation, Network, Session, Transport, Data Link, Physical
C. Physical, Data Link, Network, Transport, Session, Presentation, Application
D. Application, Presentation, Session, Transport, Network, Data Link, Physical
11. In the diagram below what procedure is shown?

A. flow control
B. windowing
C. TCP handshake
D. reliable delivery
12. Which of the following is NOT a benefit of using a reference model?
A. divides the network communication process into smaller and simpler
components
B. encourages industry standardization
C. enforces consistency across vendors
D. allows various types of network hardware and software to communicate

EDTECH 552, lab2

Lab 2.1 Packet Tracer
Introduction
Packet Tracer is a self-paced, visual, interactive teaching and learning tool
developed by Cisco. Lab activities are an important part of networking
education. However, lab equipment can be a scarce resource. Packet Tracer
provides a visual simulation of equipment and network processes to offset
the challenge of limited equipment. Students can spend as much time as
they like completing standard lab exercises through Packet Tracer, and have
the option to work from home. Although Packet Tracer is not a substitute for
real equipment, it allows students to practice using a command-line interface.
This e-doing capability is a fundamental component of learning how to
configure routers and switches from the command line.
Download and install packet tracer
a. You can download packet tracer from links below:
b. Windows version: Simply double click on the d to install the application.
Linux/Ubuntu version: Use "terminal" to install the linux/ubuntu version by
running the following commands:
1. sudo chmod +x filename.bin (note: filename should be replaced with
the real file name)
2. ./filename.bin
Tutorial videos
Please watch Cisco Packet Tracer Tutorial 1:
http://www.youtube.com/watch?v=hrRT2UxS_L8&feature=related

EDTECH 552, lab2

Build a simple network
a. Build a simple network like the figure below using the packet tracer.

b. Set the IP address information for each PC according to the information in

the table.
Computer
PC1
PC2
PC3
PC4

IP Address
192.168.0.101
192.168.0.102
192.168.0.103
192.168.0.104

Subnet Mask
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0

Default Gateway
192.168.0.1
192.168.0.1
192.168.0.1
192.168.0.1

c. Please save your configuration file and submit it with this weeks lab
activities.

EDTECH 552, lab2

Lab 2.2 Using Wireshark to Observe the TCP 3-Way Handshake
Topology

Objectives
Part 1: Prepare Wireshark to Capture Packets
Select an appropriate NIC interface to capture packets.
Part 2: Capture, Locate, and Examine Packets
Capture a web session to www.google.com.
Locate appropriate packets for a web session.
Examine information within packets, including IP addresses, TCP port
numbers, and TCP control flags.
Background / Scenario
In this lab, you will use Wireshark to capture and examine packets generated
between the PC browser using the HyperText Transfer Protocol (HTTP) and a
web server, such as www.google.com. When an application, such as HTTP or
File Transfer Protocol (FTP) first starts on a host, TCP uses the three-way
handshake to establish a reliable TCP session between the two hosts. For
example, when a PC uses a web browser to surf the Internet, a three-way
handshake is initiated and a session is established between the PC host and
web server. A PC can have multiple, simultaneous, active TCP sessions with
various web sites.
Note
This lab cannot be completed using Packet Tracer. This lab assumes that
you have Internet access.
Using a packet sniffer such as Wireshark may be considered as a threat by
your security application. If using Wireshark is an issue, please let me
know.
Part 1: Prepare Wireshark to Capture Packets

EDTECH 552, lab2

Please download and install Wireshark from the link below:

http://www.wireshark.org/download.html
Step 1: Retrieve the PC interface addresses.
For this lab, you need to retrieve your PCs IP address and its network
interface card (NIC) physical address, also called the MAC address.
a. Open a command prompt window, type ipconfi g /all and then press Enter.

b. Write down the IP and MAC addresses associated with the selected
Ethernet adapter, because that is the source address to look for when
examining captured packets.
Q 2.2.1 The PC host IP address:
________________________________________________
Q 2.2.2 The PC host MAC address:
______________________________________________
Step 2: Start Wireshark and select the appropriate interface.
a. Click the Windows Start button and on the pop-up menu, double-click
Wireshark.
b. After Wireshark starts, click Interface List.

EDTECH 552, lab2

c. In the Wireshark: Capture Interfaces window, click the check the box next
to the interface connected to your LAN.
Note:
If multiple interfaces are listed and you are unsure which interface to check,
click Details. Click the 802.3 (Ethernet) tab, and verify that the MAC address
matches what you wrote down in Step 1b. Close the Interface Details window
after verification.

EDTECH 552, lab2

Part 2: Capture, Locate, and Examine Packets
Step 1: Click the Start button to start the data capture.
a. Go to www.google.com. Minimize the Google window, and return to
Wireshark. Stop the data capture. You should see captured traffic similar to
that shown below in step b.
b. The capture window is now active. Locate the Source, Destination, and
Protocol columns.

Step 2: Locate appropriate packets for the web session.

If the computer was recently started and there has been no activity in
accessing the Internet, you can see the entire process in the captured output,
including the Address Resolution Protocol (ARP), Domain Name System (DNS),
and the TCP three-way handshake. The capture screen in Part 2, Step 1 shows
all the packets the computer must get to www.google.com. In this case, the
PC already had an ARP entry for the default gateway; therefore, it started
with the DNS query to resolve www.google.com.
a. Frame 11 (the screen shot above) shows the DNS query from the PC to the
DNS server, attempting to resolve the domain name, www.google.com to the
IP address of the web server. The PC must have the IP address before it can
send the first packet to the web server.

EDTECH 552, lab2

Q 2.2.3 What is the IP address of the DNS server that the computer queried?
____________________
b. Frame 12 is the response from the DNS server with the IP address of
www.google.com.
c. Find the appropriate packet for the start of your three-way handshake. In
this example, frame 15 is the start of the TCP three-way handshake.
Q 2.2.4 What is the IP address of the Google web server?
__________________________________
d. If you have many packets that are unrelated to the TCP connection, it may
be necessary to use the Wireshark filter capability. Enter tcp in the filter
entry area within Wireshark and press Enter.

Step 3: Examine information within packets including IP addresses, TCP

port numbers, and
TCP control flags.
a. In our example, frame 15 is the start of the three-way handshake between
the PC and the Google web server. In the packet list pane (top section of the
main window), select the frame. This highlights the line and displays the
decoded information from that packet in the two lower panes. Examine the
TCP information in the packet details pane (middle section of the main
window).
b. Click the + icon to the left of the Transmission Control Protocol in the
packet details pane to expand the view of the TCP information.

EDTECH 552, lab2

c. Click the + icon to the left of the Flags. Look at the source and destination
ports and the flags that are set.
Note:
You may have to adjust the top and middle windows sizes within Wireshark to
display the necessary information.

Q. 2.2.5 What is the TCP source port number? __________________________ (In

this example, source port is 49523).
Q. 2.2.6 What is the TCP destination port number? _______________________
Q. 2.2.7 Which flag (or flags) is set? ________________________
Q. 2.2.8 What is the relative sequence number set to? ____________________
d. To select the next frame in the three-way handshake, select Go on the
Wireshark menu and select Next Packet In Conversation. In this example,
this is frame 16. This is the Google web server reply to the initial request to
start a session.

EDTECH 552, lab2

Q. 2.2.9 What are the values of the source and destination ports?
______________________________________
Q. 2.2.10 Which flags are set?
___________________________________________________________________
Q. 2.2.11 What are the relative sequence and acknowledgement numbers set
to?
___________________________________________________________________
e. Finally, examine the third packet of the three-way handshake in the
example. Clicking frame 17 (your number might be different) in the top
window displays the information similar to the screen shot below:

EDTECH 552, lab2

Examine the third and final packet of the handshake.

Q. 2.2.12 Which flag (or flags) is set?
_____________________________________________________________
The relative sequence and acknowledgement numbers are set to 1 as a
starting point. The TCP connection is now established, and communication
between the source computer and the web server can begin.
f. Close the Wireshark program.