首页
网站开发
桌面应用
管理软件
微信开发
App开发
嵌入式软件
工具软件
数据采集与分析
其他
首页
>
> 详细
辅导Networking编程、讲解CS、web编程设计、辅导Java程序语言 辅导R语言程序|调试Matlab程序
项目预算:
开发周期:
发布时间:
要求地区:
Wireshark Lab:
Ethernet and ARP v8.0
Supplement to Computer Networking: A Top-Down
“Tell me and I forget. Show me and I remember. Involve me
and I understand.” Chinese proverb
In this lab, we’ll investigate the Ethernet protocol and the ARP protocol. Before
beginning this lab, you’ll probably want to review sections 6.4.1 (Link-layer addressing
and ARP) and 6.4.2 (Ethernet) in the text1. RFC 826 (ftp://ftp.rfc-editor.org/innotes/std/std37.txt)
contains the gory details of the ARP protocol, which is used by an IP
device to determine the IP address of a remote interface whose Ethernet address is
known.
1. Capturing and analyzing Ethernet frames
Let’s begin by capturing a set of Ethernet frames to study. Do the following2
:
• First, make sure your browser’s cache is empty. To do this under Mozilla Firefox
V3, select Tools->Clear Recent History and check the box for Cache. For Internet
Explorer, select Tools->Internet Options->Delete Files. Start up the Wireshark
packet sniffer
• Enter the following URL into your browser
http://gaia.cs.umass.edu/wireshark-labs/HTTP-ethereal-lab-file3.html
Your browser should display the rather lengthy US Bill of Rights.
1 References to figures and sections are for the 8th edition of our text, Computer Networks, A Top-down
Approach, 8th ed., J.F. Kurose and K.W. Ross, Addison-Wesley/Pearson, 2020. 2 If you are unable to run Wireshark live on a computer, you can download the zip file
http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract the file ethernet--ethereal-trace-1.
The traces in this zip file were collected by Wireshark running on one of the author’s computers, while
performing the steps indicated in the Wireshark lab. Once you have downloaded the trace, you can load it
into Wireshark and view the trace using the File pull down menu, choosing Open, and then selecting the
ethernet-ethereal-trace-1 trace file. You can then use this trace file to answer the questions below.
• Stop Wireshark packet capture. First, find the packet numbers (the leftmost
column in the upper Wireshark window) of the HTTP GET message that was sent
from your computer to gaia.cs.umass.edu, as well as the beginning of the HTTP
response message sent to your computer by gaia.cs.umass.edu. You should see a
screen that looks something like this (where packet 4 in the screen shot below
contains the HTTP GET message)
• Since this lab is about Ethernet and ARP, we’re not interested in IP or higherlayer
protocols. So let’s change Wireshark’s “listing of captured packets” window
so that it shows information only about protocols below IP. To have Wireshark do
this, select Analyze->Enabled Protocols. Then uncheck the IP box and select OK.
You should now see a Wireshark window that looks like:
In order to answer the following questions, you’ll need to look into the packet details and
packet contents windows (the middle and lower display windows in Wireshark).
Select the Ethernet frame containing the HTTP GET message. (Recall that the HTTP
GET message is carried inside of a TCP segment, which is carried inside of an IP
datagram, which is carried inside of an Ethernet frame; reread section 1.5.2 in the text if
you find this encapsulation a bit confusing). Expand the Ethernet II information in the
packet details window. Note that the contents of the Ethernet frame (header as well as
payload) are displayed in the packet contents window.
Answer the following questions, based on the contents of the Ethernet frame containing
the HTTP GET message. Whenever possible, when answering a question you should
hand in a printout of the packet(s) within the trace that you used to answer the question
asked. Annotate the printout3 to explain your answer. To print a packet, use File->Print,
choose Selected packet only, choose Packet summary line, and select the minimum
amount of packet detail that you need to answer the question.
1. What is the 48-bit Ethernet address of your computer?
2. What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet
address of gaia.cs.umass.edu? (Hint: the answer is no). What device has this as its
Ethernet address? [Note: this is an important question, and one that students
sometimes get wrong. Re-read pages 468-469 in the text and make sure you
understand the answer here.]
3. Give the hexadecimal value for the two-byte Frame type field. What upper layer
protocol does this correspond to?
4. How many bytes from the very start of the Ethernet frame does the ASCII “G” in
“GET” appear in the Ethernet frame?
Next, answer the following questions, based on the contents of the Ethernet frame
containing the first byte of the HTTP response message.
5. What is the value of the Ethernet source address? Is this the address of your
computer, or of gaia.cs.umass.edu (Hint: the answer is no). What device has this
as its Ethernet address?
6. What is the destination address in the Ethernet frame? Is this the Ethernet address
of your computer?
7. Give the hexadecimal value for the two-byte Frame type field. What upper layer
protocol does this correspond to?
8. How many bytes from the very start of the Ethernet frame does the ASCII “O” in
“OK” (i.e., the HTTP response code) appear in the Ethernet frame?
3 What do we mean by “annotate”? If you hand in a paper copy, please highlight where in the printout
you’ve found the answer and add some text (preferably with a colored pen) noting what you found in what
you ‘ve highlight. If you hand in an electronic copy, it would be great if you could also highlight and
annotate.
2. The Address Resolution Protocol
In this section, we’ll observe the ARP protocol in action. We strongly recommend that
you re-read section 6.4.1 in the text before proceeding.
ARP Caching
Recall that the ARP protocol typically maintains a cache of IP-to-Ethernet address
translation pairs on your comnputer The arp command (in both MSDOS and
Linux/Unix) is used to view and manipulate the contents of this cache. Since the arp
command and the ARP protocol have the same name, it’s understandably easy to confuse
them. But keep in mind that they are different - the arp command is used to view and
manipulate the ARP cache contents, while the ARP protocol defines the format and
meaning of the messages sent and received, and defines the actions taken on message
transmission and receipt.
Let’s take a look at the contents of the ARP cache on your computer:
• MS-DOS. The arp command is in c:\windows\system32, so type either “arp” or
“c:\windows\system32\arp” in the MS-DOS command line (without quotation
marks).
• Linux/Unix/MacOS. The executable for the arp command can be in various
places. Popular locations are /sbin/arp (for linux) and /usr/etc/arp (for some Unix
variants).
The Windows arp command with no arguments will display the contents of the ARP
cache on your computer. Run the arp command.
9. Write down the contents of your computer’s ARP cache. What is the meaning of
each column value?
In order to observe your computer sending and receiving ARP messages, we’ll need to
clear the ARP cache, since otherwise your computer is likely to find a needed IP-Ethernet
address translation pair in its cache and consequently not need to send out an ARP
message.
• MS-DOS. The MS-DOS arp –d * command will clear your ARP cache. The –d
flag indicates a deletion operation, and the * is the wildcard that says to delete all
table entries.
• Linux/Unix/MacOS. The arp –d * will clear your ARP cache. In order to run
this command you’ll need root privileges. If you don’t have root privileges and
can’t run Wireshark on a Windows machine, you can skip the trace collection part
of this lab and just use the trace discussed in the earlier footnote.
Observing ARP in action
Do the following4
:
• Clear your ARP cache, as described above.
• Next, make sure your browser’s cache is empty. To do this under Mozilla Firefox
V3, select Tools->Clear Recent History and check the box for Cache. For Internet
Explorer, select Tools->Internet Options->Delete Files.
• Start up the Wireshark packet sniffer
• Enter the following URL into your browser
http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-lab-file3.html
Your browser should again display the rather lengthy US Bill of Rights.
• Stop Wireshark packet capture. Again, we’re not interested in IP or higher-layer
protocols, so change Wireshark’s “listing of captured packets” window so that it
shows information only about protocols below IP. To have Wireshark do this,
select Analyze->Enabled Protocols. Then uncheck the IP box and select OK.
You should now see an Wireshark window that looks like:
4 The ethernet-ethereal-trace-1 trace file in http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip
was created using the steps below (in particular after the ARP cache had been flushed).
In the example above, the first two frames in the trace contain ARP messages (as does the
6th message). The screen shot above corresponds to the trace referenced in footnote 1.
Answer the following questions:
10. What are the hexadecimal values for the source and destination addresses in the
Ethernet frame containing the ARP request message?
11. Give the hexadecimal value for the two-byte Ethernet Frame type field. What
upper layer protocol does this correspond to?
12. Download the ARP specification from
ftp://ftp.rfc-editor.org/in-notes/std/std37.txt. A readable, detailed discussion of
ARP is also at http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html.
a) How many bytes from the very beginning of the Ethernet frame does the
ARP opcode field begin?
b) What is the value of the opcode field within the ARP-payload part of the
Ethernet frame in which an ARP request is made?
c) Does the ARP message contain the IP address of the sender?
d) Where in the ARP request does the “question” appear – the Ethernet
address of the machine whose corresponding IP address is being queried?
13. Now find the ARP reply that was sent in response to the ARP request.
a) How many bytes from the very beginning of the Ethernet frame does the
ARP opcode field begin?
b) What is the value of the opcode field within the ARP-payload part of the
Ethernet frame in which an ARP response is made?
c) Where in the ARP message does the “answer” to the earlier ARP request
appear – the IP address of the machine having the Ethernet address whose
corresponding IP address is being queried?
14. What are the hexadecimal values for the source and destination addresses in the
Ethernet frame containing the ARP reply message?
15. Open the ethernet-ethereal-trace-1 trace file in
http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip. The first and second
ARP packets in this trace correspond to an ARP request sent by the computer
running Wireshark, and the ARP reply sent to the computer running Wireshark by
the computer with the ARP-requested Ethernet address. But there is yet another
computer on this network, as indicated by packet 6 – another ARP request. Why
is there no ARP reply (sent in response to the ARP request in packet 6) in the
packet trace?
Extra Credit
EX-1. The arp command:
arp -s InetAddr EtherAddr
allows you to manually add an entry to the ARP cache that resolves the IP address
InetAddr to the physical address EtherAddr. What would happen if, when you
manually added an entry, you entered the correct IP address, but the wrong
Ethernet address for that remote interface?
EX-2. What is the default amount of time that an entry remains in your ARP cache
before being removed. You can determine this empirically (by monitoring the
cache contents) or by looking this up in your operation system documentation.
Indicate how/where you determined this value.
软件开发、广告设计客服
QQ:99515681
邮箱:99515681@qq.com
工作时间:8:00-23:00
微信:codinghelp
热点项目
更多
代做 program、代写 c++设计程...
2024-12-23
comp2012j 代写、代做 java 设...
2024-12-23
代做 data 编程、代写 python/...
2024-12-23
代做en.553.413-613 applied s...
2024-12-23
代做steady-state analvsis代做...
2024-12-23
代写photo essay of a deciduo...
2024-12-23
代写gpa analyzer调试c/c++语言
2024-12-23
代做comp 330 (fall 2024): as...
2024-12-23
代写pstat 160a fall 2024 - a...
2024-12-23
代做pstat 160a: stochastic p...
2024-12-23
代做7ssgn110 environmental d...
2024-12-23
代做compsci 4039 programming...
2024-12-23
代做lab exercise 8: dictiona...
2024-12-23
热点标签
mktg2509
csci 2600
38170
lng302
csse3010
phas3226
77938
arch1162
engn4536/engn6536
acx5903
comp151101
phl245
cse12
comp9312
stat3016/6016
phas0038
comp2140
6qqmb312
xjco3011
rest0005
ematm0051
5qqmn219
lubs5062m
eee8155
cege0100
eap033
artd1109
mat246
etc3430
ecmm462
mis102
inft6800
ddes9903
comp6521
comp9517
comp3331/9331
comp4337
comp6008
comp9414
bu.231.790.81
man00150m
csb352h
math1041
eengm4100
isys1002
08
6057cem
mktg3504
mthm036
mtrx1701
mth3241
eeee3086
cmp-7038b
cmp-7000a
ints4010
econ2151
infs5710
fins5516
fin3309
fins5510
gsoe9340
math2007
math2036
soee5010
mark3088
infs3605
elec9714
comp2271
ma214
comp2211
infs3604
600426
sit254
acct3091
bbt405
msin0116
com107/com113
mark5826
sit120
comp9021
eco2101
eeen40700
cs253
ece3114
ecmm447
chns3000
math377
itd102
comp9444
comp(2041|9044)
econ0060
econ7230
mgt001371
ecs-323
cs6250
mgdi60012
mdia2012
comm221001
comm5000
ma1008
engl642
econ241
com333
math367
mis201
nbs-7041x
meek16104
econ2003
comm1190
mbas902
comp-1027
dpst1091
comp7315
eppd1033
m06
ee3025
msci231
bb113/bbs1063
fc709
comp3425
comp9417
econ42915
cb9101
math1102e
chme0017
fc307
mkt60104
5522usst
litr1-uc6201.200
ee1102
cosc2803
math39512
omp9727
int2067/int5051
bsb151
mgt253
fc021
babs2202
mis2002s
phya21
18-213
cege0012
mdia1002
math38032
mech5125
07
cisc102
mgx3110
cs240
11175
fin3020s
eco3420
ictten622
comp9727
cpt111
de114102d
mgm320h5s
bafi1019
math21112
efim20036
mn-3503
fins5568
110.807
bcpm000028
info6030
bma0092
bcpm0054
math20212
ce335
cs365
cenv6141
ftec5580
math2010
ec3450
comm1170
ecmt1010
csci-ua.0480-003
econ12-200
ib3960
ectb60h3f
cs247—assignment
tk3163
ics3u
ib3j80
comp20008
comp9334
eppd1063
acct2343
cct109
isys1055/3412
math350-real
math2014
eec180
stat141b
econ2101
msinm014/msing014/msing014b
fit2004
comp643
bu1002
cm2030
联系我们
- QQ: 9951568
© 2021
www.rj363.com
软件定制开发网!