版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
Lab7EthernetandARP
1.CapturingandanalyzingEthernetframes
STEPS
•First,makesureyourbrowser’scacheisempty.(TodothisunderNetscape7.0,selectEdit->Preferences->Advanced->Cacheandclearthememoryanddiskcache.ForInternetExplorer,selectTools->InternetOptions->DeleteFiles.ForFirefoxselectTools->ClearPrivateData.
•StartuptheWiresharkpacketsniffer
•EnterthefollowingURLintoyourbrowser/wireshark-labs/HTTP-ethereal-lab-file3.htmlYourbrowsershoulddisplaytheratherlengthyUSBillofRights.
•StopWiresharkpacketcapture.First,findthepacketnumbers(theleftmostcolumnintheupperWiresharkwindow)oftheHTTPGETmessagethatwassentfromyourcomputerto,aswellasthebeginningoftheHTTPresponsemessagesenttoyourcomputerby.Youshouldseeascreenthatlookssomethinglikethis(wherepacket4inthescreenshotbelowcontainstheHTTPGETmessage)
•SincethislabisaboutEthernetandARP,we’renotinterestedinIPorhigherlayerprotocols.Solet’schangeWireshark’s“listingofcapturedpackets”windowsothatitshowsinformationonlyaboutprotocolsbelowIP.TohaveWiresharkdothis,selectAnalyze->EnabledProtocols.ThenunchecktheIPboxandselectOK.
QUESTIONS
Whatisthe48-bitEthernetaddressofyourcomputer?
The48-bitEthernetaddressofyourcomputeris3c:97:0e:ff:69:02
Whatisthe48-bitdestinationaddressintheEthernetframe?IsthistheEthernetaddressof?(Hint:theanswerisno).WhatdevicehasthisasitsEthernetaddress?[Note:thisisanimportantquestion,andonethatstudentssometimesgetwrong.Re-readpages468-469inthetextandmakesureyouunderstandtheanswerhere.]
The48-bitdestinationaddressintheEthernetframeis38:22:d6:e6:0e:0d.Thisisn’ttheEthernetaddressof.ItistheEthernetaddressofmydefaultgateway.Thatistosay,it’stheaddressofmyrouter,whichisthelinkusedtogetoffthesubnet.
Givethehexadecimalvalueforthetwo-byteFrametypefield.Whatdothebit(s)whosevalueis1meanwithintheflagfield?
Thehexadecimalvalueforthetwo-byteFrametypefieldis0x0800.
Thebit(s)whosevalueis1withintheflagfieldmeanthefragmenthasnotbeenfragmented.
eachcolumnvalue?
TheaddressofInternetcolumncontainstheIPaddress.ThephysicaladdresscolumncontainstheMACaddress.Thetypecolumntellsustheinformationabouttype:dynamicorstatic.
STEPS
•ClearyourARPcache,asdescribedabove.
•Next,makesureyourbrowser’scacheisempty.(TodothisunderNetscape7.0,selectEdit->Preferences->Advanced->Cacheandclearthememoryanddiskcache.ForInternetExplorer,selectTools->InternetOptions->DeleteFiles.)
•StartuptheWiresharkpacketsniffer
•EnterthefollowingURLintoyourbrowser/wireshark-labs/HTTP-wireshark-lab-file3.htmlYourbrowsershouldagaindisplaytheratherlengthyUSBillofRights.
•StopWiresharkpacketcapture.Again,we’renotinterestedinIPorhigher-layerprotocols,sochangeWireshark’s“listingofcapturedpackets”windowsothatitshowsinformationonlyaboutprotocolsbelowIP.TohaveWiresharkdothis,selectAnalyze->EnabledProtocols.ThenunchecktheIPboxandselectOK.YoushouldnowseeanWiresharkwindowthatlookslike:
QUESTIONS
(Thefollowinganswersarebasedontheethernet-ethereal-trace-1tracefile)
12.WhatarethehexadecimalvaluesforthesourceanddestinationaddressesintheEthernetframecontainingtheARPrequestmessage?
ThehexadecimalvaluesforthesourceaddressesintheEthernetframeis00:d0:59:a9:3d:68.ThehexadecimalvaluesforthedestinationaddressesintheEthernetframeisff:ff:ff:ff:ff:ff.
13.Givethehexadecimalvalueforthetwo-byteEthernetFrametypefield.Whatdothebit(s)whosevalueis1meanwithintheflagfield?
Thehexadecimalvalueforthetwo-byteEthernetFrametypefieldis0x0806.
Thereisnoflagfield.
14.DownloadtheARPspecificationfrom/innotes/std/std37.txt.Areadable,detaileddiscussionofARPisalsoat
http://www.erg.abdn.ac.uk/users/gorry/course/inets/arp.html
.
HowmanybytesfromtheverybeginningoftheEthernetframedoestheARPopcodefieldbegin?
Thereare14bytesofEthernetframeheader.IntheARPdata,beforetheARPopcodefieldbegin,thereare6bytes.Sothereare20bytesbeforetheARPopcodefieldbegin.
WhatisthevalueoftheopcodefieldwithintheARP-payloadpartoftheEthernetframeinwhichanARPrequestismade?
ThevalueoftheopcodefieldwithintheARP-payloadpartoftheEthernetframeinwhichanARPrequestismadeis1.
DoestheARPmessagecontaintheIPaddressofthesender?
Yes,itcontains.Inhere,theIPaddressofthesenderis05.
WhereintheARPrequestdoesthe“question”appear–theEthernetaddressofthemachinewhosecorrespondingIPaddressisbeingqueried?
Thefield“TargetMACaddress”issetto00:00:00:00:00:00toquestionthemachine’sEthernetaddresswhosecorrespondingIPaddress.
15.NowfindtheARPreplythatwassentinresponsetotheARPrequest.
HowmanybytesfromtheverybeginningoftheEthernetframedoestheARPopcodefieldbegin?
Thereare14bytesofEthernetframeheader.IntheARPdata,beforetheARPopcodefieldbegin,thereare6bytes.Sothereare20bytesbeforetheARPopcodefieldbegin.
WhatisthevalueoftheopcodefieldwithintheARP-payloadpartoftheEthernetframeinwhichanARPresponseismade?
ThevalueoftheopcodefieldwithintheARP-payloadpartoftheEthernetframeinwhichanARPresponseismadeis2
WhereintheARPmessagedoesthe“answer”totheearlierARPrequestappear–theIPaddressofthemachinehavingtheEthernetaddresswhosecorrespondingIPaddressisbeingqueried?
“SenderMACaddress”istheanswertotheearlierARPrequest.Inhere,itcontaintheMACaddressof,whichis00:06:25:da:af:73
16.WhatarethehexadecimalvaluesforthesourceanddestinationaddressesintheEthernetframecontainingtheARPreplymessage?
ThehexadecimalvaluesforthesourceaddressesintheEthernetframecontainingtheARPreplymessageis00:06:25:da:af:73.
ThehexadecimalvaluesforthedestinationaddressesintheEthernetframecontainingtheARPreplymessageis00:d0:59:a9:3d;68.
17.Opentheethernet-ethereal-trace-1tracefilein/wireshark-labs/wireshark-traces.zip.ThefirstandsecondARPpacketsinthistracecorrespondtoanARPrequestsentbythecomputerrunningWireshark,andtheARPreplysenttothecomputerrunningWiresharkbythecomputerwiththeARP-requestedEthernetaddress.Butthereisyetanothercomputeronthisnetwork,asindiatedbypacket6–anotherARPrequest.WhyistherenoARPreply(sentinresponsetotheARPrequestinpacket6)inthepackettrace?
ThisabroadcastARPpacketsentby04.Soeveryhostinthesamesubnetwillreceivethepacket.ButtheARPistotryfindtheMACaddressof17.SoonlythehostwhichhavetheIPaddressof17willreply.Now“my”host’sIPaddressis05.So“my”hostwon’treply.And“my”hostdidn’treceivethereplypacket.SothereisnoARPreply(sentinresponsetotheARPrequestinpacket6)inthepackettrace.
ExtraCredit
EX-1.Thearpcommand:arp-sInetAddrEtherAddrallowsyoutomanuallyaddanentrytotheARPcachethatresolvestheIPaddressInetAddrtothephysicaladdressEtherAddr.Whatwouldhappenif,whenyoumanuallyaddedanentry,youenteredthecorrectIPaddress,butthewro
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 《2024年 圆筒状地下连续墙内力和变形特征分析》范文
- 《2024年 基于全寿命周期的建筑工程质量监管模式及方法研究》范文
- 出版行业数字化出版与内容营销
- 小学思政教育活动工作计划
- 环境污染事件应急处置方案
- 零星维修服务方案(投标方案)
- 2024年中国AI大模型场景探索及产业应用调研报告-前瞻-2024-47正式版
- Unit 2 Hobbies【速记清单】-2024-2025学年七年级英语上册(原卷版)
- 2024秋季安全生产考试题库
- 变压器维修投标方案
- 华为OTN组网以及产品介绍课件
- 土壤水解酶测定方法
- 基础教育精品课《杨氏之子》课件模板
- 再生资源回收利用商业计划书
- 闻王昌龄左迁龙标遥有此寄优秀课件
- 二年级 看图写话公开课一等奖省优质课大赛获奖课件
- 曹思雪小学体育课仰卧起坐教案
- 高中数学必修一必修二综合测试题(含答案)
- 2022版新修订小学数学新课程标准的解读与梳理培训课件
- 2022年安徽省合肥市46中学九年级物理第一学期期中经典模拟试题含解析
- 选择性必修1第6课 西方的文官制度 课件(16张PPT)
评论
0/150
提交评论