内容发布更新时间 : 2024/6/16 4:14:56星期一 下面是文章的全部内容请认真阅读。
Lab 7Ethernet and ARP
1. Capturing and analyzing Ethernet frames
STEPS
? First, make sure your browser’s cache is empty. (To do this under Netscape 7.0, select Edit->Preferences->Advanced->Cache and clear the memory and disk cache. For Internet Explorer, select Tools->Internet Options->Delete Files. For Firefox select Tools->Clear Private Data.
? Start up the Wireshark packet sniffer
? Enter the following URL into your browser
http://gaia.cs.umass.edu/wireshark-labs/HTTP-ethereal-lab-file3.html Your browser should display the rather lengthy US Bill of Rights.
? Stop Wireshark packet capture. First, find the packet numbers (the leftmost column in the upper Wireshark window) of the HTTP GET message that was sent from your computer to gaia.cs.umass.edu, as well as the beginning of the HTTP response message sent to your computer by gaia.cs.umass.edu. You should see a screen that looks something like this (where packet 4 in the screen shot below contains the HTTP GET message)
?Since this lab is about Ethernet and ARP, we’re not interested in IP or higherlayer protocols. So let’s change Wireshark’s “listing of captured packets” window so that it shows information only about protocols below IP. To have Wireshark do this, select Analyze->Enabled Protocols. Then uncheck the IP box and select OK.
QUESTIONS
1. What is the 48-bit Ethernet address of your computer?
The 48-bit Ethernet address of your computer is 3c : 97 : 0e : ff : 69 : 02
2. What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of gaia.cs.umass.edu? (Hint: the answer is no). What device has this as its Ethernet address? [Note: this is an important question, and one that students
sometimes get wrong. Re-read pages 468-469 in the text and make sure you understand the answer here.]
The 48-bit destination address in the Ethernet frame is 38:22:d6:e6:0e:0d. This isn’t the Ethernet address of gaia.cs.umass.edu. It is the Ethernet address of my default gateway. That is to say, it’s the address of my router, which is the link used to get off the subnet.
3. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s) whose value is 1 mean within the flag field?
The hexadecimal value for the two-byte Frame type field is 0x0800.
The bit(s) whose value is 1 within the flag fieldmean the fragment has not been fragmented.
4. How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear in the Ethernet frame?
54 bytes. There are 14 bytes of Ethernet frame header, 20 bytes of IP header and 20 bytes of TCP header before HTTP data. So the answer is 54 bytes.
5. What is the hexadecimal value of the CRC field in this Ethernet frame?
There is no CRC field. Because the CRC calculated before the Wireshark packet sniffer start up.
6. What is the value of the Ethernet source address? Is this the address of your computer, or of gaia.cs.umass.edu (Hint: the answer is no). What device has this as its Ethernet address?
The value of the Ethernet source address is 38:22:d6:e6:0e:0d. This is neither the address of my computer, nor of gaia.cs.umass.edu. It is the Ethernet address of my default gateway. That is to say, it’s the address of my router, which is the link used to get off the subnet.
7. What is the destination address in the Ethernet frame? Is this the Ethernet address of your computer?
The destination address in the Ethernet frame is 3c : 97 : 0e : ff : 69 : 02. This is the Ethernet address of my computer.