WireShark-Lab8_ CS.4310.001

pdf

School

College of DuPage *

*We aren’t endorsed by this school

Course

1B

Subject

Computer Science

Date

Feb 20, 2024

Type

pdf

Pages

17

Uploaded by Caleb8793

Report
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 1/17 WireShark-Lab8 Due Nov 27 at 11:59pm Points 21 Questions 21 Available Nov 9 at 6:03pm - Dec 3 at 11:59pm Time Limit None Allowed Attempts 3 Instructions Attempt History Attempt Time Score LATEST Attempt 1 69 minutes 21 out of 21 Answers will be shown after your last attempt Score for this attempt: 21 out of 21 Submitted Nov 20 at 2:59pm ETH-ARP-1 Lab: Q01.1 Introduction, getting started. This LMS module allows you to enter answers for the questions posed in the Wireshark Ethernet-ARP-1 lab v 8.1 writeup (http://gaia.cs.umass.edu/wireshark-labs) that accompanies the textbook Computer Networking: A Top-down Approach, 8th edition . The Wireshark lab description, questions, context, helpful hints, and more are in the Ethernet-ARP Wireshark Lab writeup. So that writeup is a must-read , before answering these questions. The answers to the questions in this LMS module (which match those in the Wireshark lab writeup) are based on packets in the trace file ethernet-wireshark-trace1 that can be extracted from the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces-8.1.zip (http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces-8.1.zip) So make sure you have these specific trace files open in Wireshark when you answer these questions! Take the Quiz Again
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 2/17 This attempt took 69 minutes. 1 / 1 pts Question 1 ETH-ARP-1 Lab: Q01.1 Introduction, getting started. This LMS module allows you to enter answers for the questions posed in the Wireshark Ethernet- ARP-1 lab v 8.1 writeup (http://gaia.cs.umass.edu/wireshark-labs) that accompanies the textbook Computer Networking: A Top-down Approach, 8th edition . The Wireshark lab description, questions, context, helpful hints, and more are in the Ethernet-ARP Wireshark Lab writeup. So that writeup is a must-read , before answering these questions. The answers to the questions in this LMS module (which match those in the Wireshark lab writeup) are based on packets in the trace file ethernet- wireshark-trace1 that can be extracted from the zip file http://gaia.cs.umass.edu/wireshark- labs/wireshark-traces-8.1.zip (http://gaia.cs.umass.edu/wireshark-labs/wireshark- traces-8.1.zip) So make sure you have these specific trace files open in Wireshark when you answer these questions! ETH-ARP-1 Lab: Q01. Introduction, getting started. To answer this and the remaining questions, you'll need to have a set of captured Ethernet frames to study. If you’re unable to run Wireshark on a live Ethernet connection, you can download a packet trace that was captured while following the steps below on one of the author’s computers [1] . In addition, you may well find it valuable to download this trace even if you’ve captured your own trace and use it, as well as your own trace, when you explore the questions below. First, find the packet number of the HTTP GET message that was sent from your computer to gaia.cs.umass.edu, as well as the beginning of the
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 3/17 HTTP response message sent to your computer by gaia.cs.umass.edu. What is the 48-bit Ethernet address of your computer? [1] You can download the zip file http://gaia.cs.umass.edu/wireshark- labs/wireshark-traces-8.1.zip (http://gaia.cs.umass.edu/wireshark- labs/wireshark-traces-8.1.zip) and extract the trace file ethernet-wireshark- trace1 . This trace file can be used to answer this Wireshark lab without actually capturing packets on your own. This trace was made using Wireshark running on one of the author’s computers, while performing the steps indicated in this Wireshark lab. Once you’ve downloaded a trace file, you can load it into Wireshark and view the trace using the File pull down menu, choosing Open , and then selecting the trace file name. 78:7b:8a:ac:ad:e1 c4:41:1e:75:b1:52 ff:ff:ff:ff:ff:ff:ff 00:1e:c1:7e:d9:01 Nice! This answer is correct. 1 / 1 pts Question 2 ETH-ARP-1 Lab: Q02. Destination Ethernet address. What is the 48-bit destination address in the Ethernet frame that contains the HTTP GET
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 4/17 request? Is this the Ethernet address of gaia.cs.umass.edu? (Hint: the answer is no ). What device has this as its Ethernet address? [Note: this is an important question, and one that students sometimes get wrong. Re- read pages 483-484 in the text and make sure you understand the answer here.] 00:1e:c1:7e:d9:01. This is the MAC address of switch interface on the first switch to which the sending computer is connected. 00:1e:c1:7e:d9:01. This is the MAC address of an Ethernet interface on the first router to which the sending computer is connected. ec:b1:52:d1:04:9a. This is MAC address of gaia.cs.umass.edu ff:ff:ff:ff:ff:ff:ff. The is a broadcast destination address, meaning that this HTTP query will be received by all Ethernet interfaces on this subnet. Nice! This answer is correct. 1 / 1 pts Question 3 ETH-ARP-1 Lab: Q03. Upper layer protocol. What is the hexadecimal value for the two-byte Frame type field in the Ethernet frame carrying the HTTP request? What upper layer protocol does this correspond to? The hexadecimal type field in the Ethernet frame is 0x0806, which corresponds to the ARP protocol.
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 5/17 The hexadecimal type field in the Ethernet frame is 0x86DD, which corresponds to the IPv6 protocol. The hexadecimal type field in the Ethernet frame is 0x0800, which corresponds to the IPv4 protocol. The hexadecimal type field in the Ethernet frame is 0x22F0, which corresponds to the Audio/Video Transport protocol. Nice! This answer is correct. 1 / 1 pts Question 4 ETH-ARP-1 Lab: Q04. Where is the HTTP GET? How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear in the Ethernet frame? Do not count any preamble bits in your count, i.e., assume that the Ethernet frame begins with the Ethernets frame's destination address. Enter an integer value with no spaces before or after the number and no leading 0's. If the 'G' were in the first byte, the answer would be 1. 67 1 / 1 pts Question 5
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 6/17 ETH-ARP-1 Lab: Q05. Source address of Ethernet frame containing the HTTP reply. What is the value of the Ethernet source address of the frame containing the HTTP reply? Is this the address of your computer, or of gaia.cs.umass.edu (Hint: the answer is no ). What device has this as its Ethernet address? c4:41:1e:75:b1:52, which is the Ethernet address of the computer that sent the original HTTP GET request. 78:7b:8a:ac:ad:e1, which is the Ethernet address of gaia.cs.umass.edu 00:1e:c1:7e:d9:01, which is the Ethernet address of the Ethernet switch port on the switch that is closest to the computer that sent the original HTTP GET request. 00:1e:c1:7e:d9:01, which is the Ethernet address of the router interface port on the router that is closest to the computer that sent the original HTTP GET request. Nice! This answer is correct. 1 / 1 pts Question 6 ETH-ARP-1 Lab: Q06. Destination address of Ethernet frame containing the HTTP reply. What is the value of the Ethernet destination address of the frame containing the HTTP reply? What device has this as its Ethernet address?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 7/17 78:7b:8a:ac:ad:e1, which is the Ethernet address of gaia.cs.umass.edu 00:1e:c1:7e:d9:01, which is the Ethernet address of the router interface port on the router that is closest to the computer that sent the original HTTP GET request. 00:1e:c1:7e:d9:01, which is the Ethernet address of the Ethernet switch port on the switch that is closest to the computer that sent the original HTTP GET request. c4:41:1e:75:b1:52, which is the Ethernet address of the computer that sent the original HTTP GET request. Nice! This answer is correct. 1 / 1 pts Question 7 ETH-ARP-1 Lab: Q07. Upper layer protocol (in the Ethernet frame containing the HTTP reply). What is the hexadecimal value for the two- byte frame type field in the Ethernet frame carrying the HTTP reply? What upper layer protocol does this correspond to? The hexadecimal type field in the Ethernet frame is 0x0806, which corresponds to the ARP protocol. The hexadecimal type field in the Ethernet frame is 0x86DD, which corresponds to the IPv6 protocol.
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 8/17 The hexadecimal type field in the Ethernet frame is 0x0800, which corresponds to the IPv4 protocol. The hexadecimal type field in the Ethernet frame is 0x22F0, which corresponds to the Audio/Video Transport protocol. Nice! This answer is correct. 1 / 1 pts Question 8 ETH-ARP-1 Lab: Q08. Where is the HTTP reply? How many bytes from the very start of the Ethernet frame does the ASCII “K” in “OK 200” appear in the Ethernet frame? Do not count any preamble bits in your count, i.e., assume that the Ethernet frame begins with the Ethernets frame's destination address. Enter an integer value with no spaces before or after the number and no leading 0's. If the 'O' were in the first byte, the answer would be 1. 67 1 / 1 pts Question 9 ETH-ARP-1 Lab: Q09. An HTTP reply that is "fragmented" over several TCP segments. How many Ethernet frames (each containing an IP datagram, each containing an TCP segment) carry data that is part of the complete HTTP “OK 200 ...” reply message?
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 9/17 One frame Three frames. Four frames Two frames. Nice! This answer is correct. 1 / 1 pts Question 10 ETH-ARP-1 Lab: Q10. How many ARP cache entries? Consider the result of executing the " arp -a " commend, shown in Figure 3 of this lab assigment. How many entries are stored in the ARP cache? Enter the integer value below with no leading zeros or spaces, and no trailing spaces. 3 1 / 1 pts Question 11 ETH-ARP-1 Lab: Q11. What information is stored in an ARP cache entry? What is contained in each displayed entry of the ARP cache? Select elements below that are in each displayed ARP cache entry.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 10/17 The Ethernet address of an IP device on the same subnet as the device with the ARP cache that has responded to an ARP query issued by this device. The Ethernet address of each and every IP device on the same subnet as the device with the ARP cache. The IP address associated with the Ethernet address in the entry. The number of switch hops that need to be traversed by a Frame destined to that Ethernet address. The DNS authoritative server for the IP address associated with the Ethernet address. A name associated with the IP address assocaited with that Ethernet address. 1 / 1 pts Question 12 ETH-ARP-1 Lab: Q12. ARP query - who is the sender? What is the hexadecimal value for the source address in the Ethernet frame containing the ARP request message sent out by your computer? 78:7b:8a:ac:ad:e1 ff:ff:ff:ff:ff:ff:ff 00:1e:c1:7e:d9:01
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 11/17 c4:41:1e:75:b1:52 Nice! This answer is correct. 1 / 1 pts Question 13 ETH-ARP-1 Lab: Q13. The recipient(s) of the ARP request. What is the Ethernet address of the intended recipient of this ARP request message, and what device (if any) corresponds to that address (e.g, client, server, router, switch or otherwise...)? ff:ff:ff:ff:ff:ff:ff, which is Ethernet's broadcast destination address, meaning that this ARP query will be received by the Ethernet interfaces of each and every device connected to this subnet. 00:1e:c1:7e:d9:01, which is the Ethernet address of an Ethernet interface on the first router to which the sending computer is connected. 00:1e:c1:7e:d9:01, which is the Ethernet address of switch interface on the first switch to which the sending computer is connected. ec:b1:52:d1:04:9a, which is the Ethernet address of gaia.cs.umass.edu Nice! This answer is correct.
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 12/17 1 / 1 pts Question 14 ETH-ARP-1 Lab: Q14. Upper layer protocol. What is the hexadecimal value for the two-byte Frame type field in the Ethernet frame carrying the ARP request? What upper layer protocol does this correspond to? The hexadecimal type field in the Ethernet frame is 0x86DD, which corresponds to the IPv6 protocol. The hexadecimal type field in the Ethernet frame is 0x22F0, which corresponds to the Audio/Video Transport protocol. The hexadecimal type field in the Ethernet frame is 0x0800, which corresponds to the IPv4 protocol. The hexadecimal type field in the Ethernet frame is 0x0806, which corresponds to the ARP protocol. Nice! This answer is correct. 1 / 1 pts Question 15 ETH-ARP-1 Lab: Q15. The ARP request message: opcode. Now let’s dig even a bit deeper into the ARP messages themselves. To answer this question, you'll need to dig into ARP. The original RFC ( https://datatracker.ietf.org/doc/html/rfc826
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 13/17 (https://datatracker.ietf.org/doc/html/rfc826) ) that defines ARP is a little hard to read. The Wikipedia entry for ARP is pretty good: https://en.wikipedia.org/wiki/Address_Resolution_Protocol (https://en.wikipedia.org/wiki/Address_Resolution_Protocol) How many bytes from the very beginning of the Ethernet frame containing the ARP request message does the ARP opcode field begin? 6 8 60 20 Nice! This answer is correct. 1 / 1 pts Question 16 ETH-ARP-1 Lab: Q16. The ARP request message: opcode value. What is the value of the opcode field within the ARP request message sent by your computer? 2 0 3 1
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 14/17 Nice! This answer is correct. 1 / 1 pts Question 17 ETH-ARP-1 Lab: Q17. The ARP request message: IP address of sender? Does the ARP request message sent by your computer contain the IP address of your computer? If the answer is yes, what is that value? No. The sender's IP address isn't needed because the sender is querying information about the receiver's Ethernet address. Yes. The IP address of the sender is 128.119.247.66 Yes. The IP address of the sender is 128.119.247.1 Nice! This answer is correct. 1 / 1 pts Question 18 ETH-ARP-1 Lab: Q18. ARP query: whose address is being queried? What is the IP address of the device whose corresponding Ethernet address is being requested in the ARP request message sent by your computer? 128.119.247.19 128.119.247.66 128.119.247.46
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 15/17 128.119.247.1 Nice! This answer is correct. 1 / 1 pts Question 19 ETH-ARP-1 Lab: Q19. The ARP reply message: opcode value. What is the value of the opcode field within the ARP reply message received by your computer? 0 2 1 3 Nice! This answer is correct. 1 / 1 pts Question 20 ETH-ARP-1 Lab: Q20. The answer to the ARP request. Finally (!), let’s look at the answer to the ARP request! What is the Ethernet address corresponding to the IP address that was specified in the ARP request message sent by your computer (see question 18).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 16/17 00:1e:c1:7e:d9:01, which is the MAC address of switch interface on the first switch to which my computer (where Wireshark is running) is connected. ec:b1:52:d1:04:9a, which is MAC address of gaia.cs.umass.edu 00:1e:c1:7e:d9:01, which is the MAC address of an Ethernet interface on the first router to which my computer (where Wireshark is running) is connected. ff:ff:ff:ff:ff:ff:ff, which is the Ethernet broadcast address. Nice! This answer is correct. 1 / 1 pts Question 21 ETH-ARP-1 Lab: Q21. Why is there only one ARP reply in your trace? We’ve looked the ARP request message sent by your computer running Wireshark, and the ARP reply message sent in response. But there are other devices in this network that are also sending ARP request messages that you can find in the trace. Why are there no ARP replies in your trace that are sent in response to these other ARP request messages? THere are actually lots of ARP replied in my trace! There are no other ARP reply messages in the trace because ARP replies messages were received the my computer's interface, but have been filtered out using Wireshark's display filter.
11/20/23, 3:00 PM WireShark-Lab8: CS.4310.001 https://canvas.txstate.edu/courses/2181706/quizzes/7585393 17/17 There are no other ARP reply messages in the trace because ARP replies are addressed and sent directly to the Ethernet address of device that issued the ARP request message. That is, while ARP request messages are sent to the ff:ff:ff:ff:ff:ff Ethernet broadcast address (and thus received by all devices on the subnet) ARP replies are not sent via broadcast. There are no other ARP reply messages in the trace because no ARP reply messages were actually sent in response to the ARP request messages in my trace, since there are no devices on my device's subnet whose IP address was specified in one of the ARP request messages in my trace. Nice! This answer is correct. Quiz Score: 21 out of 21

Related Documents

Understanding Alpha-Beta Pruning Enhancing Game Tree Search Efficiency.docx
Carmen Quiz 4 - Chapter 4 - Countif(s)_Sumif(s)_Averageif(s)_Large_Small_Rank_ AU23 CSE 2111 - Sprea
Carmen Quiz 6 - Chapter 6 - IF Functions_ AU23 CSE 2111 - Spreadsheets & DBs (7288).pdf
Carmen Quiz 5 - Chapter 5 - Boolean Functions_ AU23 CSE 2111 - Spreadsheets & DBs (7288).pdf
Carmen Quiz 3 - Chapter 3 - Spreadsheet Design_ AU23 CSE 2111 - Spreadsheets & DBs (7288).pdf
Carmen Quiz 1 - Chapter 1 - Spreadsheet Basics_ AU23 CSE 2111 - Spreadsheets & DBs (7288).pdf
lab02.py
Week7Algorithms and Decision MakingNelsonDanietta (1).docx
lab6_support.py
UNIT III Collett FIR 5301.pdf
Lab 08 - The Cow Strikes Back.pdf
M08_COP3502_Kapoor_Studyguide.docx
Recommended textbooks for you
Text book image
EBK JAVA PROGRAMMING
Computer Science
ISBN:9781337671385
Author:FARRELL
Publisher:CENGAGE LEARNING - CONSIGNMENT
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
New Perspectives on HTML5, CSS3, and JavaScript
Computer Science
ISBN:9781305503922
Author:Patrick M. Carey
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
EBK JAVA PROGRAMMING
Computer Science
ISBN:9781337671385
Author:FARRELL
Publisher:CENGAGE LEARNING - CONSIGNMENT
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
New Perspectives on HTML5, CSS3, and JavaScript
Computer Science
ISBN:9781305503922
Author:Patrick M. Carey
Publisher:Cengage Learning
SEE MORE TEXTBOOKS