Lab 9 - Ethernet and ARP

docx

School

Humber College *

*We aren’t endorsed by this school

Course

AI

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

7

Uploaded by CommodoreSeaUrchin3585

Report
Student Name_______________________ WLS 5003 Telecommunication Systems L AB 9 – E THERNET AND ARP LAB Objectives: Explore using a packet sniffer to gain an understanding of Ethernet and ARP protocols used to transmit data from a Windows PC. Practice capturing and analyzing the packets sent and received on an Ethernet network. Equipment: 1. Windows PC 2. Ethernet connection to the Internet 3. Wireshark software Introduction In this lab, we’ll investigate the Ethernet protocol and the ARP protocol. Before beginning this lab, you’ll probably want to review Lecture slides for ARP protocol. ARP protocol is used by an IP device to determine the MAC (physical) address of a remote interface whose IP address is known. Part 1 Capturing and Analyzing Ethernet Frames Let’s begin by capturing a set of Ethernet frames to study. Before you start make sure your browser’s cache is empty. Once done, start Wireshark from the search or run prompt. 1. Select the Interface list and note the device and interface description of your PC. If your PC has multiple LAN interfaces, make sure you select the one with Internet connection. 2. Start a packet capture by pressing Start button. You need not to set any filter option in filter tab. 3. Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark-labs/HTTP- ethereal-lab-file3.html .Your browser should display the rather lengthy US Bill of Rights. 4. Stop Wireshark packet capture. First, find the packet numbers (the leftmost column in the upper Wireshark window) of the HTTP GET message that was sent from your computer to gaia.cs.umass.edu, as well as the beginning of the HTTP response message sent to your computer by gaia.cs.umass.edu. You should see a screen that looks something like this (where packet 2615 in the screen shot below contains the HTTP GET message) Muhammad Masud (Fall 2020) Page 1
Student Name_______________________ 5. Since this lab is about Ethernet and ARP, we’re not interested in IP or higher layer protocols. So let’s change Wireshark’s “listing of captured packets” window so that it shows information only about protocols below IP. To have Wireshark do this, select Analyze- >Enabled Protocols. Then scroll down and uncheck the IPv4 box and select OK . 6. You should now see an Wireshark window that looks like: 7. Notice in the detail plane display Internet Protocol, TCP and HTTP tabs cannot be found anymore and they are all represented under Data i.e. higher layer protocols are no longer shown. Muhammad Masud (Fall 2020) Page 2
Student Name_______________________ 8. Select the Ethernet frame containing the HTTP GET message. (Recall that the HTTP GET message is carried inside of a TCP segment, which is carried inside of an IP datagram, which is carried inside of an Ethernet frame). Expand the Ethernet II information in the packet details window. Note that the contents of the Ethernet frame (header as well as payload) are displayed in the packet contents window. 9. Answer the following questions, based on the contents of the Ethernet frame containing the HTTP GET message. Whenever possible, when answering a question you can paste the screenshot containing the minimum amount of packet detail that you used to answer the question. 10. Based on the results of your capture, answer the following questions a. What is the 48-bit Ethernet address of your computer? b. What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of gaia.cs.umass.edu? (Hint: the answer is no ). What device has this as its Ethernet address? [Note: this is an important question, and one that students sometimes get wrong. Open command prompt (cmd) and type arp –a. Look for corresponding Physical address and figure it out which component in your network has this address] c. Give the hexadecimal value for the two-byte Frame type field. d. How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear in the Ethernet frame? e. What is the hexadecimal value of the CRC field in this Ethernet frame? Next, answer the following questions, based on the contents of the Ethernet frame containing the first byte of the HTTP response message. Muhammad Masud (Fall 2020) Page 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Student Name_______________________ f. What is the value of the Ethernet source address? Is this the address of your computer, or of gaia.cs.umass.edu (Hint: the answer is no ). What device has this as its Ethernet address? [Note: you can use hint used in part b to answer it] g. What is the destination address in the Ethernet frame? Is this the Ethernet address of your computer? h. Give the hexadecimal value for the two-byte Frame type field. i. How many bytes from the very start of the Ethernet frame does the ASCII “O” in “OK” (i.e., the HTTP response code) appear in the Ethernet frame?[Hint: used the appropriate response packet. If you cannot see OK in the byte plane then you may be reading a wrong packet] j. What is the hexadecimal value of the CRC field in this Ethernet frame? Part 2 The Address Resolution Protocol (ARP) In this section, we’ll observe the ARP protocol in action. ARP Caching Recall that the ARP protocol typically maintains a cache of IP-to-Ethernet address translation pairs on your computer The arp command is used to view and manipulate the contents of this cache. Since the arp command and the ARP protocol have the same name, it’s understandably easy to confuse them. But keep in mind that they are different - the arp command is used to view and manipulate the ARP cache contents, while the ARP protocol defines the format and meaning of the messages sent and received, and defines the actions taken on message transmission and receipt. Muhammad Masud (Fall 2020) Page 4
Student Name_______________________ Let’s take a look at the contents of the ARP cache on your computer: k. Type cmd in the desktop search bar. Once the command prompt window shows up type in arp –a (Notice there is a space between arp and –a). Take a screenshot of your computer’s ARP cache and paste it here. What is the meaning of each column value? In order to observe your computer sending and receiving ARP messages, we’ll need to clear the ARP cache, since otherwise your computer is likely to find a needed IP-Ethernet address translation pair in its cache and consequently not need to send out an ARP message. Open command prompt (cmd). Type in arp –d * (notice the space between arp and –d similarly between –d and * too) command will clear your ARP cache. The –d flag indicates a deletion operation, and the * is the wildcard that says to delete all table entries. Next, make sure your browser’s cache is empty. 1. Start a packet capture by pressing Start button. You need not to set any filter option in filter tab. 2. Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark- labs/HTTP-ethereal-lab-file3.html .Your browser should again display the rather lengthy US Bill of Rights. 3. Stop Wireshark packet capture. Again, we’re not interested in IP or higher layer protocols. So let’s change Wireshark’s “listing of captured packets” window so that it shows information only about protocols below IP. To have Wireshark do this, select Analyze->Enabled Protocols. Then scroll down and uncheck the IPv4 box and select OK . Next, answer the following questions, based on the contents captured: a. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP request message? b. Give the hexadecimal value for the two-byte Ethernet Frame type field. c. How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin? Muhammad Masud (Fall 2020) Page 5
Student Name_______________________ d. What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP request is made? e. Does the ARP message contain the IP address of the sender? f. Where in the ARP request does the “question” appear – the Ethernet address of the machine whose corresponding IP address is being queried? Now find the ARP reply that was sent in response to the ARP request. g. How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin? h. What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP response is made? i. Where in the ARP message does the “answer” to the earlier ARP request appear – the IP address of the machine having the Ethernet address whose corresponding IP address is being queried? j. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP reply message? Muhammad Masud (Fall 2020) Page 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Student Name_______________________ Next, save the captured file (so that if you need to revisit any question you can open the saved file). Download the file ethernet-ethereal-trace-1 from Blackboard Lab 9 link and load this trace file in Wireshark. (Use File ->Open). k. The first and second ARP packets in this trace correspond to an ARP request sent by the computer running Wireshark, and the ARP reply sent to the computer running Wireshark by the computer with the ARP-requested Ethernet address. But there is yet another computer on this network, as indiated by packet 6 – another ARP request. Why is there no ARP reply (sent in response to the ARP request in packet 6) in the packet trace? l. The arp command: arp -s InetAddr EtherAddr (where InetAddr is IP address and EtherAddr is Physical Address) allows you to manually add an entry to the ARP cache that resolves the IP address InetAddr to the physical address EtherAddr . What would happen if, when you manually added an entry, where you entered the correct IP address, but the wrong Ethernet address for that remote interface? (Hint: try it on your wifi router. Use your router IP which for most of you could be 192.168.0.1 as InetAddr and enter a wrong Physical address which does not belong to that router as EtherAddr ). Can you ping to that router? If you open a browser can you access www.google.com ? Why or Why not? m. Clear the ARP cache again and then ping the router. What happens? Can you load www.google.com ? n. What is the default amount of time that an entry remains in your ARP cache before being removed. [Hint: Search relevant CMD commands from Google] Take the screenshot and paste here. Highlight this value in your screenshot. Muhammad Masud (Fall 2020) Page 7

Related Documents

PBDMS HW3 (2).docx
CS3410_Assignment3.docx
PBDMS HW3 (1).docx
Lab 1 - Debugging New.docx
lb 3.pdf
Lab1-EIGRP.pdf
Assignment 3 UC.docx
Tech 4010 - Assignment 3-2.pdf
Homework 6C.pdf
Homework 8C.pdf
MIS QUIZ 2.docx
Homework 3C.pdf
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
A+ Guide to Hardware (Standalone Book) (MindTap C...
Computer Science
ISBN:9781305266452
Author:Jean Andrews
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
A+ Guide to Hardware (Standalone Book) (MindTap C...
Computer Science
ISBN:9781305266452
Author:Jean Andrews
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
SEE MORE TEXTBOOKS