Beruflich Dokumente
Kultur Dokumente
Lab 8
Please note that I lack admin privleges on this network and thus used the trace
which was provided.
3. Give the hexadecimal value for the two-byte Frame type field. What upper layer
protocol does this correspond to?
The hex calue for the type field is 0x0800 which corresponds to the IPv4 protocol.
4. How many bytes from the very start of the Ethernet frame does the ASCII G in
GET appear in the Ethernet frame?
================================================================
Frame 12: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits)
Ethernet II, Src: LinksysG_da:af:73 (00:06:25:da:af:73), Dst: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68)
Destination: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68)
Source: LinksysG_da:af:73 (00:06:25:da:af:73)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 128.119.245.12, Dst: 192.168.1.105
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 1058 (1058), Seq: 1, Ack: 633, Len: 1460
Source Port: 80
Destination Port: 1058
[Stream index: 1]
[TCP Segment Len: 1460]
Sequence number: 1 (relative sequence number)
[Next sequence number: 1461 (relative sequence number)]
Acknowledgment number: 633 (relative ack number)
Header Length: 20 bytes
Flags: 0x010 (ACK)
Window size value: 6952
[Calculated window size: 6952]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x5ed0 [validation disabled]
Urgent pointer: 0
[SEQ/ACK analysis]
TCP segment data (1460 bytes)
5. What is the value of the Ethernet source address? Is this the address of your
computer, or of gaia.cs.umass.edu (Hint: the answer is no). What device has this
as its Ethernet address?
The value of the Ethernet src address is 00:06:25:da:af:73 which is neither the
umass address or the local PC. It is the Linksys router that is the endpoint of the
local subnet. (blue)
6. What is the destination address in the Ethernet frame? Is this the Ethernet address
of your computer?
The value of the Ethernet destination address is 00:d0:59:a9:3d:68 which
corresponds to our computer (in theory) (green).
7. Give the hexadecimal value for the two-byte Frame type field. What upper layer
protocol does this correspond to?
The hex value of the frame type field is 0x0800 which corresponds to the IPv4
protocol (fuchsia).
8. How many bytes from the very start of the Ethernet frame does the ASCII O in
OK (i.e., the HTTP response code) appear in the Ethernet frame?
It appears 57 bytes into the packet.
================================================================
9. Write down the contents of your computers ARP cache. What is the meaning of
each column value?
The arp cache has 3 columns: Internet Address (IP address), Physical Address
(MAC address) and type (dynamic or static).
================================================================
Frame 1: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)
Ethernet II, Src: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Source: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68)
Type: ARP (0x0806)
Address Resolution Protocol (request)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (1)
Sender MAC address: AmbitMic_a9:3d:68 (00:d0:59:a9:3d:68)
Sender IP address: 192.168.1.105
Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
Target IP address: 192.168.1.1
10. What are the hexadecimal values for the source and destination addresses in the
Ethernet frame containing the ARP request message?
The source is 00:d0:59:a9:3d:68 (fuchsia) and the destination is ff:ff:ff:ff:ff:ff
(blue).
11. Give the hexadecimal value for the two-byte Ethernet Frame type field. What
upper layer protocol does this correspond to?
The hex code is 0x0806 which corresponds to ARP (green).
There is no reply because the second ARP broadcast wasnt ours. The reply was
sent to the broadcaster, in this case 192.168.1.104which isnt us.
Extra Credit
allows you to manually add an entry to the ARP cache that resolves the IP address
InetAddr to the physical address EtherAddr. What would happen if, when you
manually added an entry, you entered the correct IP address, but the wrong
Ethernet address for that remote interface?
If we were to purposely poison our ARP cache with a bad value we would simply
be unable to get access.
EX-2. What is the default amount of time that an entry remains in your ARP cache
before being removed. You can determine this empirically (by monitoring the
cache contents) or by looking this up in your operation system documentation.
Indicate how/where you determined this value.