计算机网络实验Ethernet and ARP.docx

1、计算机网络实验Ethernet and ARPLab 7 Ethernet and ARP1. Capturing and analyzing Ethernet framesSTEPS First, make sure your browsers cache is empty. (To do this under Netscape 7.0, select Edit-Preferences-Advanced-Cache and clear the memory and disk cache. For Internet Explorer, select Tools-Internet Options

2、-Delete Files. For Firefox select Tools-Clear Private Data. Start up the Wireshark packet sniffer Enter the following URL into your browser http:/gaia.cs.umass.edu/wireshark-labs/HTTP-ethereal-lab-file3.html Your browser should display the rather lengthy US Bill of Rights. Stop Wireshark packet capt

3、ure. First, find the packet numbers (the leftmost column in the upper Wireshark window) of the HTTP GET message that was sent from your computer to gaia.cs.umass.edu, as well as the beginning of the HTTP response message sent to your computer by gaia.cs.umass.edu. You should see a screen that looks

4、something like this (where packet 4 in the screen shot below contains the HTTP GET message)Since this lab is about Ethernet and ARP, were not interested in IP or higherlayer protocols. So lets change Wiresharks “listing of captured packets” window so that it shows information only about protocols be

5、low IP. To have Wireshark do this, select Analyze-Enabled Protocols. Then uncheck the IP box and select OK. QUESTIONS1. What is the 48-bit Ethernet address of your computer? The 48-bit Ethernet address of your computer is 3c : 97 : 0e : ff : 69 : 022. What is the 48-bit destination address in the Et

6、hernet frame? Is this the Ethernet address of gaia.cs.umass.edu? (Hint: the answer is no). What device has this as its Ethernet address? Note: this is an important question, and one that students sometimes get wrong. Re-read pages 468-469 in the text and make sure you understand the answer here. The

7、 48-bit destination address in the Ethernet frame is 38:22:d6:e6:0e:0d. This isnt the Ethernet address of gaia.cs.umass.edu. It is the Ethernet address of my default gateway. That is to say, its the address of my router, which is the link used to get off the subnet.3. Give the hexadecimal value for

8、the two-byte Frame type field. What do the bit(s) whose value is 1 mean within the flag field? The hexadecimal value for the two-byte Frame type field is 0x0800. The bit(s) whose value is 1 within the flag field mean the fragment has not been fragmented. 4. How many bytes from the very start of the

9、Ethernet frame does the ASCII “G” in “GET” appear in the Ethernet frame? 54 bytes. There are 14 bytes of Ethernet frame header, 20 bytes of IP header and 20 bytes of TCP header before HTTP data. So the answer is 54 bytes.5. What is the hexadecimal value of the CRC field in this Ethernet frame? There

10、 is no CRC field. Because the CRC calculated before the Wireshark packet sniffer start up.6. What is the value of the Ethernet source address? Is this the address of your computer, or of gaia.cs.umass.edu (Hint: the answer is no). What device has this as its Ethernet address? The value of the Ethern

11、et source address is 38:22:d6:e6:0e:0d. This is neither the address of my computer, nor of gaia.cs.umass.edu. It is the Ethernet address of my default gateway. That is to say, its the address of my router, which is the link used to get off the subnet.7. What is the destination address in the Etherne

12、t frame? Is this the Ethernet address of your computer? The destination address in the Ethernet frame is 3c : 97 : 0e : ff : 69 : 02. This is the Ethernet address of my computer.8. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s) whose value is 1 mean within the flag

13、field? The hexadecimal value for the two-byte Frame type field is 0x0800.The bit(s) whose value is 1 within the flag field mean the fragment has not been fragmented.9. How many bytes from the very start of the Ethernet frame does the ASCII “O” in “OK” (i.e., the HTTP response code) appear in the Eth

14、ernet frame? There are 14 bytes of Ethernet frame header, 20 bytes of IP header and 20 bytes of TCP header before HTTP data. So the HTTP data appears 54 bytes from the very start of the Ethernet frame. But before the ASCII “O” appears, there are 13 bytes. So before the ASCII “O” appears, there are 6

15、7 bytes.10. What is the hexadecimal value of the CRC field in this Ethernet frame? There is no CRC field. Because the CRC calculated before the Wireshark packet sniffer start up.2. The Address Resolution Protocol11. Write down the contents of your computers ARP cache. What is the meaning of each col

16、umn value? The address of Internet column contains the IP address. The physical address column contains the MAC address. The type column tells us the information about type: dynamic or static.STEPS Clear your ARP cache, as described above. Next, make sure your browsers cache is empty. (To do this un

17、der Netscape 7.0, select Edit-Preferences-Advanced-Cache and clear the memory and disk cache. For Internet Explorer, select Tools-Internet Options-Delete Files.) Start up the Wireshark packet sniffer Enter the following URL into your browser http:/gaia.cs.umass.edu/wireshark-labs/ HTTP-wireshark-lab

18、-file3.html Your browser should again display the rather lengthy US Bill of Rights. Stop Wireshark packet capture. Again, were not interested in IP or higher-layer protocols, so change Wiresharks “listing of captured packets” window so that it shows information only about protocols below IP. To have

19、 Wireshark do this, select Analyze-Enabled Protocols. Then uncheck the IP box and select OK. You should now see an Wireshark window that looks like:QUESTIONS(The following answers are based on the ethernet-ethereal-trace-1 trace file)12 .What are the hexadecimal values for the source and destination

20、 addresses in the Ethernet frame containing the ARP request message? The hexadecimal values for the source addresses in the Ethernet frame is 00:d0:59:a9:3d:68. The hexadecimal values for the destination addresses in the Ethernet frame is ff : ff : ff : ff : ff : ff.13. Give the hexadecimal value fo

21、r the two-byte Ethernet Frame type field. What do the bit(s) whose value is 1 mean within the flag field? The hexadecimal value for the two-byte Ethernet Frame type field is 0x0806.There is no flag field.14. Download the ARP specification from ftp:/ftp.rfc-editor.org/innotes/std/std37.txt. A readabl

22、e, detailed discussion of ARP is also at http:/www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html. a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin? There are 14 bytes of Ethernet frame header. In the ARP data, before the ARP opcode field begin,

23、there are 6 bytes. So there are 20 bytes before the ARP opcode field begin.b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP request is made? The value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP reque

24、st is made is 1.c) Does the ARP message contain the IP address of the sender? Yes, it contains. In here, the IP address of the sender is 192.168.1.105.d) Where in the ARP request does the “question” appear the Ethernet address of the machine whose corresponding IP address is being queried? The field

25、 “Target MAC address” is set to 00:00:00:00:00:00 to question the machines Ethernet address whose corresponding IP address.15. Now find the ARP reply that was sent in response to the ARP request. a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin? There a

26、re 14 bytes of Ethernet frame header. In the ARP data, before the ARP opcode field begin, there are 6 bytes. So there are 20 bytes before the ARP opcode field begin.b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP response is made? The value

27、of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP response is made is 2c) Where in the ARP message does the “answer” to the earlier ARP request appear the IP address of the machine having the Ethernet address whose corresponding IP address is being queried? “Sende

28、r MAC address” is the answer to the earlier ARP request. In here, it contain the MAC address of 192.168.1.1, which is 00:06:25:da:af:7316. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP reply message? The hexadecimal values for the s

29、ource addresses in the Ethernet frame containing the ARP reply message is 00:06:25:da:af:73. The hexadecimal values for the destination addresses in the Ethernet frame containing the ARP reply message is 00:d0:59:a9:3d;68.17. Open the ethernet-ethereal-trace-1 trace file in http:/gaia.cs.umass.edu/w

30、ireshark-labs/wireshark-traces.zip. The first and second ARP packets in this trace correspond to an ARP request sent by the computer running Wireshark, and the ARP reply sent to the computer running Wireshark by the computer with the ARP-requested Ethernet address. But there is yet another computer

31、on this network, as indiated by packet 6 another ARP request. Why is there no ARP reply (sent in response to the ARP request in packet 6) in the packet trace? This a broadcast ARP packet sent by 192.168.1.104. So every host in the same subnet will receive the packet. But the ARP is to try find the M

32、AC address of 192.168.1.117. So only the host which have the IP address of 192.168.1.117 will reply. Now “my” hosts IP address is 192.168.1.105. So “my” host wont reply. And “my” host didnt receive the reply packet. So there is no ARP reply (sent in response to the ARP request in packet 6) in the packet trace.Extra Credit EX-1. The arp command: arp -s InetAddr EtherAddr allows you to manually add an entry to the ARP cache that resolves