Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Lab8 Bretthansen

    Hochgeladen von

    api-360387614
    306 Ansichten4 Seiten

    Originaltitel

    lab8-bretthansen

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    306 Ansichten4 Seiten

    Lab8 Bretthansen

    Hochgeladen von

    api-360387614

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 4

    Brett Hansen

    Lab 8

    Please note that I lack admin privleges on this network and thus used the trace
    which was provided.

    1. What is the 48-bit Ethernet address of your computer?


    Frame 7: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
    Ethernet II, Src: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68), Dst: LinksysG_da:af:73 (00:06:25:da:af:73)
    Internet Protocol Version 4, Src: 192.168.1.105, Dst: 128.119.245.12
    Transmission Control Protocol, Src Port: 1058 (1058), Dst Port: 80 (80), Seq: 0, Len: 0
    The 48 bit Ethernet address of the source is 00:d0:59:a9:3d:68 (blue).
    2. What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet
    address of gaia.cs.umass.edu? (Hint: the answer is no). What device has this as its
    Ethernet address? [Note: this is an important question, and one that students
    sometimes get wrong. Re-read pages 468-469 in the text and make sure you
    understand the answer here.]
    The 48-bit Ethernet address of the destination is 00:06:25:da:af:73 (blue). This is
    not the address of gaia.cs.umass.edu. It is actually the Ethernet address of the
    Linksys router which is the end point of the subnet to get out into the wide world
    of the internet.

    3. Give the hexadecimal value for the two-byte Frame type field. What upper layer
    protocol does this correspond to?
    The hex calue for the type field is 0x0800 which corresponds to the IPv4 protocol.

    4. How many bytes from the very start of the Ethernet frame does the ASCII G in
    GET appear in the Ethernet frame?

    The G in get appears at the 55th byte of the Ethernet frame.

    ================================================================

    Frame 12: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits)
    Ethernet II, Src: LinksysG_da:af:73 (00:06:25:da:af:73), Dst: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68)
    Destination: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68)
    Source: LinksysG_da:af:73 (00:06:25:da:af:73)
    Type: IPv4 (0x0800)
    Internet Protocol Version 4, Src: 128.119.245.12, Dst: 192.168.1.105
    Transmission Control Protocol, Src Port: 80 (80), Dst Port: 1058 (1058), Seq: 1, Ack: 633, Len: 1460
    Source Port: 80
    Destination Port: 1058
    [Stream index: 1]
    [TCP Segment Len: 1460]
    Sequence number: 1 (relative sequence number)
    [Next sequence number: 1461 (relative sequence number)]
    Acknowledgment number: 633 (relative ack number)
    Header Length: 20 bytes
    Flags: 0x010 (ACK)
    Window size value: 6952
    [Calculated window size: 6952]
    [Window size scaling factor: -2 (no window scaling used)]
    Checksum: 0x5ed0 [validation disabled]
    Urgent pointer: 0
    [SEQ/ACK analysis]
    TCP segment data (1460 bytes)

    5. What is the value of the Ethernet source address? Is this the address of your
    computer, or of gaia.cs.umass.edu (Hint: the answer is no). What device has this
    as its Ethernet address?
    The value of the Ethernet src address is 00:06:25:da:af:73 which is neither the
    umass address or the local PC. It is the Linksys router that is the endpoint of the
    local subnet. (blue)

    6. What is the destination address in the Ethernet frame? Is this the Ethernet address
    of your computer?
    The value of the Ethernet destination address is 00:d0:59:a9:3d:68 which
    corresponds to our computer (in theory) (green).

    7. Give the hexadecimal value for the two-byte Frame type field. What upper layer
    protocol does this correspond to?
    The hex value of the frame type field is 0x0800 which corresponds to the IPv4
    protocol (fuchsia).

    8. How many bytes from the very start of the Ethernet frame does the ASCII O in
    OK (i.e., the HTTP response code) appear in the Ethernet frame?
    It appears 57 bytes into the packet.

    ================================================================

    9. Write down the contents of your computers ARP cache. What is the meaning of
    each column value?
    The arp cache has 3 columns: Internet Address (IP address), Physical Address
    (MAC address) and type (dynamic or static).

    ================================================================
    Frame 1: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)
    Ethernet II, Src: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
    Source: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68)
    Type: ARP (0x0806)
    Address Resolution Protocol (request)
    Hardware type: Ethernet (1)
    Protocol type: IPv4 (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (1)
    Sender MAC address: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68)
    Sender IP address: 192.168.1.105
    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Target IP address: 192.168.1.1
    10. What are the hexadecimal values for the source and destination addresses in the
    Ethernet frame containing the ARP request message?
    The source is 00:d0:59:a9:3d:68 (fuchsia) and the destination is ff:ff:ff:ff:ff:ff
    (blue).

    11. Give the hexadecimal value for the two-byte Ethernet Frame type field. What
    upper layer protocol does this correspond to?
    The hex code is 0x0806 which corresponds to ARP (green).

    12. Download the ARP specification from ftp://ftp.rfc-editor.org/in-


    notes/std/std37.txt. A readable, detailed discussion of
    ARP is also at http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html.
    a) How many bytes from the very beginning of the Ethernet frame does the
    ARP opcode field begin?
    It starts at 20 bytes in (green).
    b) What is the value of the opcode field within the ARP-payload part of the
    Ethernet frame in which an ARP request is made?
    The opcode value is 0x0001 which corresponds to a request (green).
    c) Does the ARP message contain the IP address of the sender?
    Yes it does(green) 192.168.1.105.
    d) Where in the ARP request does the question appear the Ethernet
    address of the machine whose corresponding IP address is being queried?
    It appears in the target MAC field as there is no MAC address of 0 at the
    end of the IP being queried.

    Frame 2: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)


    Ethernet II, Src: LinksysG_da:af:73 (00:06:25:da:af:73), Dst: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68)
    Destination: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68)
    Source: LinksysG_da:af:73 (00:06:25:da:af:73)
    Type: ARP (0x0806)
    Padding: 000000000000000000000000000000000000
    Address Resolution Protocol (reply)
    Hardware type: Ethernet (1)
    Protocol type: IPv4 (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: reply (2)
    Sender MAC address: LinksysG_da:af:73 (00:06:25:da:af:73)
    Sender IP address: 192.168.1.1
    Target MAC address: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68)
    Target IP address: 192.168.1.105
    13. Now find the ARP reply that was sent in response to the ARP request.
    a) How many bytes from the very beginning of the Ethernet frame does the
    ARP opcode field begin?
    It begins 20 bytes in (green).
    b) What is the value of the opcode field within the ARP-payload part of the
    Ethernet frame in which an ARP response is made?
    The opcode value is 0x0002 which corresponds to an ARP reply code.
    c) Where in the ARP message does the answer to the earlier ARP request
    appear the IP address of the machine having the Ethernet address whose
    corresponding IP address is being queried?
    14. What are the hexadecimal values for the source and destination addresses in the
    Ethernet frame containing the ARP reply message?
    The destination is 00:d0:59:a9:3d:68 while the src is 00:06:25:da:af:73 (both
    highlighted in blue).

    15. Open the ethernet-ethereal-trace-1 trace file in http://gaia.cs.umass.edu/wireshark-


    labs/wireshark-traces.zip. The first and second ARP packets in this trace
    correspond to an ARP request sent by the computer running Wireshark, and the
    ARP reply sent to the computer running Wireshark by the computer with the ARP-
    requested Ethernet address. But there is yet another computer on this network, as
    indicated by packet 6 another ARP request. Why is there no ARP reply (sent in
    response to the ARP request in packet 6) in the packet trace?

    There is no reply because the second ARP broadcast wasnt ours. The reply was
    sent to the broadcaster, in this case 192.168.1.104which isnt us.

    Extra Credit

    EX-1. The arp command:

    arp -s InetAddr EtherAddr

    allows you to manually add an entry to the ARP cache that resolves the IP address
    InetAddr to the physical address EtherAddr. What would happen if, when you
    manually added an entry, you entered the correct IP address, but the wrong
    Ethernet address for that remote interface?

    If we were to purposely poison our ARP cache with a bad value we would simply
    be unable to get access.

    EX-2. What is the default amount of time that an entry remains in your ARP cache
    before being removed. You can determine this empirically (by monitoring the
    cache contents) or by looking this up in your operation system documentation.
    Indicate how/where you determined this value.

    Das könnte Ihnen auch gefallen