Yeray Prez, NIA: 164324

Carlos Pulido, NIA: 163842

Jaume Pons, NIA:165072

LAB 1 Review of networks and FTP traffic analysis

Wireshark, ifconfig, netstat, vsftpd, filezilla

1 Using Wireshark
1.1 Capturing packets
Q1. What are the Link layer (Ethernet II), and Network layer (IP) captured
data? Identify the protocol, source and destination IP address and message
exchanged for ping? Answer with your wireshark screen shot.
The Link Layer is the protocol layer in a program that handles
the moving of data in an out across a physical link in a
network.
The Network Layer packages output with the correct network
address information, select routes and quality of the service.

Figure 1 - Wireshark with filter icmp

The green color are the Link Layer and the purple color are
the Network Layer. The protocol are ICMP and specifically for
this packet the source ip address is 84.89.128.15 and the
destination ip address is 192.168.1.139 (logically this is a
reply for the server to the client). The messages exchanged
for ping are request and reply.

1.2 ifconfig
Q2. Locate test search data trace and explain your captured data for IP
Protocol and Transmission Control Protocol section in wireshark with
wireshark screen shot. Explain data encapsulation process with real
information (headers, ip, port and data) from wireshark in each layer.
On the Network Layer the segment of data its encapsulated
and given source and destination IP addresses. At this point
the segment of data is now a packet.
Next, on the Link Layer the packet give a source and
destination MAC address and a footer that contains an errorchecking mechanism called CRC.

Figure 2 - Wireshark with filter http

In the image we see the IP and MAC addresses, the protocol

and the port and data that sent.

Q3. What are the physical and logical addresses displayed in your ifconfig
command? Do a ping to google.com and identify which (physical and logical)
addresses have been used in which layers?
Physical address is 00:19:d1:f5:74:d9 and logical address is
192.168.1.20 of my computer.
The addresses of google.com are 216.58.211.196 (logical) and
00:26:cb:a2:cb:47 (physical).

1.3 netsat
Q4. Close and run Wireshark, open an internet explorer such as Firefox, open
one or two web sites such as upf.edu. Capture UDP network traffics and
explain for what purpose an UDP communications are used?
UDP is suitable for purposes where error checking and
correction is not necessary. The principal usage are on
protocols as DHCP, BOOTP and DNS where the exchange of
packets are higher or are not profitable in terms of
information transmitted.

Figure 3 - Wireshark with filter udp

2.5.4 Analyzing FTP packets and Protocol

Q5. Which one is the control connection? Include wireshark screen
shot in your answer.
Figure 4 - Wireshark traffic of FTP transfer (Control connection)

The packets of blue border are

packets.

the control connection

Q6. Where one is the data connection? Include wireshark screen shot
in your answer.

Figure 5 - Wireshark traffic of FTP transfer (Data connection)

The packets of pink border are the data connection.

Q.7 Which are the packets of data connections? Include wireshark
screen shot in your answer.

Figure 6 Wireshark traffic of FTP transfer (Packets of data connection)

The packets of orange border are the data connection

packets

Q.8 What port numbers are used for both clients and the servers
while sending and receiving data?
Server port: 53021
Client port: 55701
The server port number not is 20. This happens because
the FTP mode is PASV. We investigate this and in PASV
mode the server port is selected randomly.

Q.9 What protocols are being used at lower layers?

The protocols that are used at lower layers is the TCP
protocol.

Q.10 You are given an architecture diagram below. Explain the

sequence network communication is happening. Use the answer of
question 5 to 9 and put numbers on the diagram bellow.