Wireshark Lab: Ethernet and
ARP
http://gaia.cs.umass.edu/wireshark-labs/HTTP-ethereal-lab-file3.html
My 48-bit Ethernet address is 00:11:11:1e:94:3a
2. What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet
address of gaia.cs.umass.edu? (Hint: the answer is no). What device has this as its
Ethernet address? [Note: this is an important question, and one that students
sometimes get wrong. Re-read pages 468-469 in the text and make sure you
understand the answer here.]
The 48-bit destination address in the Ethernet frame is 00:11:50:53:95:77.
This is not the Ethernet address of gaia.cs.umass.edu. It is the mac address for my router or internet gateway address.
3. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s)
whose value is 1 mean within the flag field?
Type: IP 0x0800
4. How many bytes from the very start of the Ethernet frame does the ASCII “G” in
“GET” appear in the Ethernet frame?
After 432 bits or 54 bytes the G in get appears.
5. What is the hexadecimal value of the CRC field in this Ethernet frame?
There is no hexadecimal value for crc in the Ethernet frame
6. What is the value of the Ethernet source address? Is this the address of your
computer, or of gaia.cs.umass.edu (Hint: the answer is no). What device has this
as its Ethernet address?
The Source address is 00:11:50:53:95:77. This address is the address of my belkins router/internet gateway address.
7. What is the destination address in the Ethernet frame? Is this the Ethernet address
of your computer?
The Destination address is 00:11:11:1e:94:3a. This is the Ethernet address of my computer.
8. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s)
whose value is 1 mean within the flag field?
The two-byte frame type field is 0x0800. The bit that is valued to 1 says to not fragment the set.
9. How many bytes from the very start of the Ethernet frame does the ASCII “O” in
“OK” (i.e., the HTTP response code) appear in the Ethernet frame?
The o in the ok starts after 104 bits or 13 bytes.
10. What is the hexadecimal value of the CRC field in this Ethernet frame.
There is no crc field in this Ethernet frame.
11. Write down the contents of your computer’s ARP cache. What is the meaning of
each column value?
The first column is the internet address of the computer then its physical address and finally what type it is and it is dynamic.
12. What are the hexadecimal values for the source and destination addresses in the
Ethernet frame containing the ARP request message?
The source address is (00:11:50:53:95:77)
The Destination address is (00:11:11:1e:94:3a)
13. Give the hexadecimal value for the two-byte Ethernet Frame type field. What do
the bit(s) whose value is 1 mean within the flag field?
The hexadecimal value is Type: ARP (0x0806)
14. Download the ARP specification from ftp://ftp.rfc-editor.org/innotes/std/std37.txt. A readable, detailed discussion of ARP is also at
http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html.
a) How many bytes from the very beginning of the Ethernet frame does the
ARP opcode field begin?
It begins 42 bytes from the beginning of the Ethernet frame
b) What is the value of the opcode field within the ARP-payload part of the
Ethernet frame in which an ARP request is made?
The value of the opcode field within the ARP-payload is 0x0001
c) Does the ARP message contain the IP address of the sender?
Yes
d) Where in the ARP request does the “question” appear – the Ethernet
address of the machine whose corresponding IP address is being queried?
The question appears in the mac destination address.
15. Now find the ARP reply that was sent in response to the ARP request.
a) How many bytes from the very beginning of the Ethernet frame does the
ARP opcode field begin?
It is 10 bytes from the beginning
b) What is the value of the opcode field within the ARP-payload part of the
Ethernet frame in which an ARP response is made?
Its is 2
c) Where in the ARP message does the “answer” to the earlier ARP request
appear – the IP address of the machine having the Ethernet address whose
corresponding IP address is being queried?
Sender MAC address: Intel_1e:94:3a (00:11:11:1e:94:3a)
16. What are the hexadecimal values for the source and destination addresses in the
Ethernet frame containing the ARP reply message?
Source: Intel_1e:94:3a (00:11:11:1e:94:3a)
Destination: Belkin_53:95:77 (00:11:50:53:95:77)
17. Open the ethernet-ethereal-trace-1 trace file in
http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip. The first and second
ARP packets in this trace correspond to an ARP request sent by the computer
running Wireshark, and the ARP reply sent to the computer running Wireshark by
the computer with the ARP-requested Ethernet address. But there is yet another
computer on this network, as indiated by packet 6 – another ARP request. Why is
there no ARP reply (sent in response to the ARP request in packet 6) in the packet
trace?
Since the ip address of the computer and arp request do not match. The computer will not receive the request.
ARP
http://gaia.cs.umass.edu/wireshark-labs/HTTP-ethereal-lab-file3.html
- What is the 48-bit Ethernet address of your computer?
My 48-bit Ethernet address is 00:11:11:1e:94:3a
2. What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet
address of gaia.cs.umass.edu? (Hint: the answer is no). What device has this as its
Ethernet address? [Note: this is an important question, and one that students
sometimes get wrong. Re-read pages 468-469 in the text and make sure you
understand the answer here.]
The 48-bit destination address in the Ethernet frame is 00:11:50:53:95:77.
This is not the Ethernet address of gaia.cs.umass.edu. It is the mac address for my router or internet gateway address.
3. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s)
whose value is 1 mean within the flag field?
Type: IP 0x0800
4. How many bytes from the very start of the Ethernet frame does the ASCII “G” in
“GET” appear in the Ethernet frame?
After 432 bits or 54 bytes the G in get appears.
5. What is the hexadecimal value of the CRC field in this Ethernet frame?
There is no hexadecimal value for crc in the Ethernet frame
6. What is the value of the Ethernet source address? Is this the address of your
computer, or of gaia.cs.umass.edu (Hint: the answer is no). What device has this
as its Ethernet address?
The Source address is 00:11:50:53:95:77. This address is the address of my belkins router/internet gateway address.
7. What is the destination address in the Ethernet frame? Is this the Ethernet address
of your computer?
The Destination address is 00:11:11:1e:94:3a. This is the Ethernet address of my computer.
8. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s)
whose value is 1 mean within the flag field?
The two-byte frame type field is 0x0800. The bit that is valued to 1 says to not fragment the set.
9. How many bytes from the very start of the Ethernet frame does the ASCII “O” in
“OK” (i.e., the HTTP response code) appear in the Ethernet frame?
The o in the ok starts after 104 bits or 13 bytes.
10. What is the hexadecimal value of the CRC field in this Ethernet frame.
There is no crc field in this Ethernet frame.
11. Write down the contents of your computer’s ARP cache. What is the meaning of
each column value?
The first column is the internet address of the computer then its physical address and finally what type it is and it is dynamic.
12. What are the hexadecimal values for the source and destination addresses in the
Ethernet frame containing the ARP request message?
The source address is (00:11:50:53:95:77)
The Destination address is (00:11:11:1e:94:3a)
13. Give the hexadecimal value for the two-byte Ethernet Frame type field. What do
the bit(s) whose value is 1 mean within the flag field?
The hexadecimal value is Type: ARP (0x0806)
14. Download the ARP specification from ftp://ftp.rfc-editor.org/innotes/std/std37.txt. A readable, detailed discussion of ARP is also at
http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html.
a) How many bytes from the very beginning of the Ethernet frame does the
ARP opcode field begin?
It begins 42 bytes from the beginning of the Ethernet frame
b) What is the value of the opcode field within the ARP-payload part of the
Ethernet frame in which an ARP request is made?
The value of the opcode field within the ARP-payload is 0x0001
c) Does the ARP message contain the IP address of the sender?
Yes
d) Where in the ARP request does the “question” appear – the Ethernet
address of the machine whose corresponding IP address is being queried?
The question appears in the mac destination address.
15. Now find the ARP reply that was sent in response to the ARP request.
a) How many bytes from the very beginning of the Ethernet frame does the
ARP opcode field begin?
It is 10 bytes from the beginning
b) What is the value of the opcode field within the ARP-payload part of the
Ethernet frame in which an ARP response is made?
Its is 2
c) Where in the ARP message does the “answer” to the earlier ARP request
appear – the IP address of the machine having the Ethernet address whose
corresponding IP address is being queried?
Sender MAC address: Intel_1e:94:3a (00:11:11:1e:94:3a)
16. What are the hexadecimal values for the source and destination addresses in the
Ethernet frame containing the ARP reply message?
Source: Intel_1e:94:3a (00:11:11:1e:94:3a)
Destination: Belkin_53:95:77 (00:11:50:53:95:77)
17. Open the ethernet-ethereal-trace-1 trace file in
http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip. The first and second
ARP packets in this trace correspond to an ARP request sent by the computer
running Wireshark, and the ARP reply sent to the computer running Wireshark by
the computer with the ARP-requested Ethernet address. But there is yet another
computer on this network, as indiated by packet 6 – another ARP request. Why is
there no ARP reply (sent in response to the ARP request in packet 6) in the packet
trace?
Since the ip address of the computer and arp request do not match. The computer will not receive the request.
No comments:
Post a Comment