Next,sort the traced packets according to IP source address by clicking on the Source column header;a small downward pointing arrow should appear next to the word Source. If the arrow points up,click on the Source column header again.Select the first ICMP Echo Request message sent by your computer,and expand the Internet Protocol portion in the"details of selected packet header"window.In the"listing of captured packets' window,you should see all of the subsequent ICMP messages (perhaps with additional interspersed packets sent by other protocols running on your computer)below this first ICMP.Use the down arrow to move through the ICMP messages sent by your computer 5.Which fields in the IP datagram ahays change from one datagram to the next within this series of IcMP mes ent by your computer? 6.Which fields stay constant?Which of the fields must stay constant?Which fields e?Why? 7 Describe e pattern you see in the values in the Identification field of the IP datagram Next(with the packets still sorted by source address)find the series of ICMPTTL exceeded replies sent to your computer by the nearest(first hop)router. 氵的rede to your computer by the nearest(first hop)router?Why? Fragmentation Sort the packet listing according to time again by clicking on the Time column. 10.Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 2000.Has that message been fragmented across more than one IP datagram?[Note:if you find your packet has not been fragmented,you should download the zip file http://gaia cs.umass.edu/wireshark-labs/wireshark-traces zip and extract the ip- ethereal-trace-/packet trace.If your computer has an Ethernet interface,a packet size of 2000 should cause fragmentation 31 11.Print out the first fragment of the fragmented IP datagram.What information in the IP header indicates that the datagram been fragm nted?What information in the IP header indicates whether this is the first fragment versus a lat ter fragment? How long is this IP datagram? Ethemet card that limits the length of the maxmum IPpacket bytes(40 bytes of TCP/IP header 400 er protoc pay 1500 bv d maximum singan Ethemet connection,then Wireshark is reporting the wrong IP datagram length:it will likely als show ony one la Pdatagram rather than multiple s naller datagrams s inconsistency in reported ng th -trace-l trac Next, sort the traced packets according to IP source address by clicking on the Source column header; a small downward pointing arrow should appear next to the word Source. If the arrow points up, click on the Source column header again. Select the first ICMP Echo Request message sent by your computer, and expand the Internet Protocol portion in the “details of selected packet header” window. In the “listing of captured packets” window, you should see all of the subsequent ICMP messages (perhaps with additional interspersed packets sent by other protocols running on your computer) below this first ICMP. Use the down arrow to move through the ICMP messages sent by your computer. 5. Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer? 6. Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why? 7. Describe the pattern you see in the values in the Identification field of the IP datagram Next (with the packets still sorted by source address) find the series of ICMP TTL￾exceeded replies sent to your computer by the nearest (first hop) router. 8. What is the value in the Identification field and the TTL field? 9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router? Why? Fragmentation Sort the packet listing according to time again by clicking on the Time column. 10. Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 2000. Has that message been fragmented across more than one IP datagram? [Note: if you find your packet has not been fragmented, you should download the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract the ip￾ethereal-trace-1packet trace. If your computer has an Ethernet interface, a packet size of 2000 should cause fragmentation.3] 11. Print out the first fragment of the fragmented IP datagram. What information in the IP header indicates that the datagram been fragmented? What information in the IP header indicates whether this is the first fragment versus a latter fragment? How long is this IP datagram? 3 The packets in the ip-ethereal-trace-1 trace file in http://gaia.cs.umass.edu/wireshark-labs/wireshark￾traces.zip are all less that 1500 bytes. This is because the computer on which the trace was gathered has an Ethernet card that limits the length of the maximum IP packet to 1500 bytes (40 bytes of TCP/IP header data and 1460 bytes of upper-layer protocol payload). This 1500 byte value is the standard maximum length allowed by Ethernet. If your trace indicates a datagram longer 1500 bytes, and your computer is using an Ethernet connection, then Wireshark is reporting the wrong IP datagram length; it will likely also show only one large IP datagram rather than multiple smaller datagrams.. This inconsistency in reported lengths is due to the interaction between the Ethernet driver and the Wireshark software. We recommend that if you have this inconsistency, that you perform this lab using the ip-ethereal-trace-1 trace file