LAB STATEMENT #1

Q1(a):

Port 21, in FTP, serves as the control port responsible for managing the FTP connection's control channel.

Port 20 functions as the data port, facilitating the transfer of actual data in FTP sessions.

Q1(b):

Packet 89, server response to client IP: 195.89.6.167 and Port 21

Packet 94, client asks server IP: 192.168.1.2 and Port 16340

Packet 96, server response to client IP: 195.89.6.167 and Port 21

Packet 99, client asks server IP: 192.168.1.2 and Port 16340

Packet 100, server ask client IP: 195.89.6.167 and Port 21

Packet 104: Client asks server to send the data on IP:192.168.1.2 and Port:16340

Packet 105: Server response to client on IP:192.89.6.167 and Port:21

Packet 106: Client asks server to send the data on IP:192.168.1.2 and Port:16340

Packet 110: Server response to client on IP:192.89.6.167 and Port:21

Packet 122: Server response to client on IP:192.89.6.167 and Port:21

Packet 125: server sends client data from Ip: 195.89.6.167 and port 20.

Packet 143: client requests server data from IP:192.168.1.2 and port 16340.

Packet 150: server sends response from Ip: 195.89.6.167 and port 21.

Packet 153: client requests server to send data from Ip: 192.168.1.2 and port 16340.
Packet 155, server sends client data from IP:195.89.6.167 and port 21

Packet 163, server sends client data from IP:195.89.6.167 and port 21

Packet 167, server sends client data from IP:195.89.6.167 and port 20

Packet 172, client asks server to send the data on IP:192.168.1.2 and port 16340

Packet 178, server sends client data form IP: 195.89.6.167 and port 21

LAB STATEMENT #2

1. ICMP messages are neither sent over UDP nor TCP. ICMP operates directly over the
Internet Protocol (IP) layer.
2. The question is incomplete, and the link-layer (e.g., Ethernet) address of the host is not
provided.
3. ICMP packets can contain various types of requests and messages, including Echo
Request and Echo Reply (Ping), Destination Unreachable, and Time Exceeded.
4. The host sends four requests.
5. The source host's IP address is 192.168.33.110, and the destination host's IP address is
172.217.27.36.
6. ICMP packets lack source and destination port numbers because ICMP operates at a
different layer in the network stack compared to transport layer protocols like TCP and
UDP.
7. ICMP request messages are distinguished by having a Type field set to 8, while reply
messages have a Type field set to 0.
8.

9.
 10. The question is not complete and lacks specific information about packet number 56
and its ICMP type and code numbers. It also mentions the inclusion of IP and TCP
headers in the ICMP header, which is not accurate. ICMP messages are encapsulated
within IP packets, and the IP and TCP headers provide routing and contextual
information for ICMP messages.

LAB STATEMENT #3:

a) A packet sniffer, also known as a network sniffer or packet analyzer, is a vital tool for
monitoring, troubleshooting, and securing computer networks. It captures and inspects
network traffic, providing valuable insights for network administrators and security
professionals, contributing to network reliability and security.

b) Packet sniffers like Wireshark are crucial for gaining deep visibility into network traffic, aiding
in network troubleshooting, maintaining network health, and ensuring security. They enable
the capture, analysis, and interpretation of network packets, making them indispensable for
network management.

c) In Wireshark, capture filters allow selective packet capture by specifying criteria, reducing
capture overhead, isolating specific traffic, aiding troubleshooting, and assisting in security
analysis.

d) Responsible and legal use of packet sniffers is essential, involving informed consent,
adherence to laws and regulations, data protection measures, and ethical considerations to
maintain transparency and accountability.

e) Wireshark is a versatile tool capable of analyzing and decoding numerous network protocols,
including Ethernet, IP, TCP, UDP, HTTP, DNS, and FTP.