计算机网络实验EthernetandARP.docx
- 文档编号:10237508
- 上传时间:2023-02-09
- 格式:DOCX
- 页数:9
- 大小:158.21KB
计算机网络实验EthernetandARP.docx
《计算机网络实验EthernetandARP.docx》由会员分享,可在线阅读,更多相关《计算机网络实验EthernetandARP.docx(9页珍藏版)》请在冰豆网上搜索。
计算机网络实验EthernetandARP
计算机网络实验:
Ethernet-and-ARP
Lab7EthernetandARP
1.CapturingandanalyzingEthernetframes
STEPS
•First,makesureyourbrowser’scacheisempty.(TodothisunderNetscape7.0,selectEdit->Preferences->Advanced->Cacheandclearthememoryanddiskcache.ForInternetExplorer,selectTools->InternetOptions->DeleteFiles.ForFirefoxselectTools->ClearPrivateData.
•StartuptheWiresharkpacketsniffer
•EnterthefollowingURLintoyourbrowserhttp:
//gaia.cs.umass.edu/wireshark-labs/HTTP-ethereal-lab-file3.htmlYourbrowsershoulddisplaytheratherlengthyUSBillofRights.
•StopWiresharkpacketcapture.First,findthepacketnumbers(theleftmostcolumnintheupperWiresharkwindow)oftheHTTPGETmessagethatwassentfromyourcomputertogaia.cs.umass.edu,aswellasthebeginningoftheHTTPresponsemessagesenttoyourcomputerbygaia.cs.umass.edu.Youshouldseeascreenthatlookssomethinglikethis(wherepacket4inthescreenshotbelowcontainstheHTTPGETmessage)
•SincethislabisaboutEthernetandARP,we’renotinterestedinIPorhigherlayerprotocols.Solet’schangeWireshark’s“listingofcapturedpackets”windowsothatitshowsinformationonlyaboutprotocolsbelowIP.TohaveWiresharkdothis,selectAnalyze->EnabledProtocols.ThenunchecktheIPboxandselectOK.
QUESTIONS
1.Whatisthe48-bitEthernetaddressofyourcomputer?
The48-bitEthernetaddressofyourcomputeris3c:
97:
0e:
ff:
69:
02
2.Whatisthe48-bitdestinationaddressintheEthernetframe?
IsthistheEthernetaddressofgaia.cs.umass.edu?
(Hint:
theanswerisno).WhatdevicehasthisasitsEthernetaddress?
[Note:
thisisanimportantquestion,andone
3.
4.
5.HowmanybytesfromtheverystartoftheEthernetframedoestheASCII“G”in“GET”appearintheEthernetframe?
54bytes.Thereare14bytesofEthernetframeheader,20bytesofIPheaderand20bytesofTCPheaderbeforeHTTPdata.Sotheansweris54bytes.
6.WhatisthehexadecimalvalueoftheCRCfieldinthisEthernetframe?
ThereisnoCRCfield.BecausetheCRCcalculatedbeforetheWiresharkpacketsnifferstartup.
7.WhatisthevalueoftheEthernetsourceaddress?
Isthistheaddressofyourcomputer,orofgaia.cs.umass.edu(Hint:
theanswerisno).WhatdevicehasthisasitsEthernetaddress?
ThevalueoftheEthernetsourceaddressis38:
22:
d6:
e6:
0e:
0d.Thisisneithertheaddressofmycomputer,norofgaia.cs.umass.edu.ItistheEthernetaddressofmydefaultgateway.Thatistosay,it’stheaddressofmyrouter,whichisthelinkusedtogetoffthesubnet.
8.WhatisthedestinationaddressintheEthernetframe?
IsthistheEthernetaddressofyourcomputer?
ThedestinationaddressintheEthernetframeis3c:
97:
0e:
ff:
69:
02.ThisistheEthernetaddressofmycomputer.
9.Givethehexadecimalvalueforthetwo-byteFrametypefield.Whatdothebit(s)whosevalueis1meanwithintheflagfield?
Thehexadecimalvalueforthetwo-byteFrametypefieldis0x0800.
Thebit(s)whosevalueis1withintheflagfieldmeanthefragmenthasnotbeenfragmented.
10.HowmanybytesfromtheverystartoftheEthernetframedoestheASCII“O”in“OK”(i.e.,theHTTPresponsecode)appearintheEthernetframe?
Thereare14bytesofEthernetframeheader,20bytesofIPheaderand20bytesofTCPheaderbeforeHTTPdata.
SotheHTTPdataappears54bytesfromtheverystartoftheEthernetframe.
ButbeforetheASCII“O”appears,thereare13bytes.SobeforetheASCII“O”appears,thereare67bytes.
11.WhatisthehexadecimalvalueoftheCRCfieldinthisEthernetframe?
ThereisnoCRCfield.BecausetheCRCcalculatedbeforetheWiresharkpacketsnifferstartup.
2.TheAddressResolutionProtocol
11.Writedownthecontentsofyourcomputer’sARPcache.Whatisthemeaningofeachcolumnvalue?
TheaddressofInternetcolumncontainstheIPaddress.ThephysicaladdresscolumncontainstheMACaddress.Thetypecolumntellsustheinformationabouttype:
dynamicorstatic.
STEPS
•ClearyourARPcache,asdescribedabove.
•Next,makesureyourbrowser’scacheisempty.(TodothisunderNetscape7.0,selectEdit->Preferences->Advanced->Cacheandclearthememoryanddiskcache.ForInternetExplorer,selectTools->InternetOptions->DeleteFiles.)
•StartuptheWiresharkpacketsniffer
•EnterthefollowingURLintoyourbrowserhttp:
//gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-lab-file3.htmlYourbrowsershouldagaindisplaytheratherlengthyUSBillofRights.
•StopWiresharkpacketcapture.Again,we’renotinterestedinIPorhigher-layerprotocols,sochangeWireshark’s“listingofcapturedpackets”windowsothatitshowsinformationonlyaboutprotocolsbelowIP.TohaveWiresharkdothis,selectAnalyze->EnabledProtocols.ThenunchecktheIPboxandselectOK.YoushouldnowseeanWiresharkwindowthatlookslike:
QUESTIONS
(Thefollowinganswersarebasedontheethernet-ethereal-trace-1tracefile)
12.WhatarethehexadecimalvaluesforthesourceanddestinationaddressesintheEthernetframecontainingtheARPrequestmessage?
ThehexadecimalvaluesforthesourceaddressesintheEthernetframeis00:
d0:
59:
a9:
3d:
68.ThehexadecimalvaluesforthedestinationaddressesintheEthernetframeisff:
ff:
ff:
ff:
ff:
ff.
13.Givethehexadecimalvalueforthetwo-byteEthernetFrametypefield.Whatdothebit(s)whosevalueis1meanwithintheflagfield?
Thehexadecimalvalueforthetwo-byteEthernetFrametypefieldis0x0806.
Thereisnoflagfield.
14.DownloadtheARPspecificationfromftp:
//ftp.rfc-editor.org/innotes/std/std37.txt.Areadable,detaileddiscussionofARPisalsoathttp:
//www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html.
a)HowmanybytesfromtheverybeginningoftheEthernetframedoestheARPopcodefieldbegin?
Thereare14bytesofEthernetframeheader.IntheARPdata,beforetheARPopcodefieldbegin,thereare6bytes.Sothereare20bytesbeforetheARPopcodefieldbegin.
b)WhatisthevalueoftheopcodefieldwithintheARP-payloadpartoftheEthernetframeinwhichanARPrequestismade?
ThevalueoftheopcodefieldwithintheARP-payloadpartoftheEthernetframeinwhichanARPrequestismadeis1.
c)DoestheARPmessagecontaintheIPaddressofthesender?
Yes,itcontains.Inhere,theIPaddressofthesenderis192.168.1.105.
d)WhereintheARPrequestdoesthe“question”appear–theEthernetaddressofthemachinewhosecorrespondingIPaddressisbeingqueried?
Thefield“TargetMACaddress”issetto00:
00:
00:
00:
00:
00toquestionthemachine’sEthernetaddresswhosecorrespondingIPaddress.
15.NowfindtheARPreplythatwassentinresponsetotheARPrequest.
a)HowmanybytesfromtheverybeginningoftheEthernetframedoestheARPopcodefieldbegin?
Thereare14bytesofEthernetframeheader.IntheARPdata,beforetheARPopcodefieldbegin,thereare6bytes.Sothereare20bytesbeforetheARPopcodefieldbegin.
b)WhatisthevalueoftheopcodefieldwithintheARP-payloadpartoftheEthernetframeinwhichanARPresponseismade?
ThevalueoftheopcodefieldwithintheARP-payloadpartoftheEthernetframeinwhichanARPresponseismadeis2
c)WhereintheARPmessagedoesthe“answer”totheearlierARPrequestappear–theIPaddressofthemachinehavingtheEthernetaddresswhosecorrespondingIPaddressisbeingqueried?
“SenderMACaddress”istheanswertotheearlierARPrequest.Inhere,itcontaintheMACaddressof192.168.1.1,whichis00:
06:
25:
da:
af:
73
16.WhatarethehexadecimalvaluesforthesourceanddestinationaddressesintheEthernetframecontainingtheARPreplymessage?
ThehexadecimalvaluesforthesourceaddressesintheEthernetframecontainingtheARPreplymessageis00:
06:
25:
da:
af:
73.
ThehexadecimalvaluesforthedestinationaddressesintheEthernetframecontainingtheARPreplymessageis00:
d0:
59:
a9:
3d;68.
17.Opentheethernet-ethereal-trace-1tracefileinhttp:
//gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip.ThefirstandsecondARPpacketsinthistracecorrespondtoanARPrequestsentbythecomputerrunningWireshark,andtheARPreplysenttothecomputerrunningWiresharkbythecomputerwiththeARP-requestedEthernetaddress.Butthereisyetanothercomputeronthisnetwork,asindiatedbypacket6–anotherARPrequest.WhyistherenoARPreply(sentinresponsetotheARPrequestinpacket6)inthepackettrace?
ThisabroadcastARPpacketsentby192.168.1.104.Soeveryhostinthesamesubnetwillreceivethepacket.ButtheARPistotryfindtheMACaddressof192.168.1.117.SoonlythehostwhichhavetheIPaddressof192.168.1.117willreply.Now“my”host’sIPaddressis192.168.1.105.So“my”hostwon’treply.And“my”hostdidn’treceivethereplypacket.SothereisnoARPreply(sentinresponsetotheARPrequestinpacket6)inthepackettrace.
ExtraCredit
EX-1.Thearpcommand:
arp-sInetAddrEtherAddrallowsyoutomanuallyaddanentrytotheARPcachethatresolvestheIPaddressInetAddrtothephysicaladdressEtherAddr.Whatwouldhappenif,whenyoumanuallyaddedanentry,youenteredthecorrectIPaddress,butthewrongEthernetaddressforthatremoteinterface?
IfIenteredthecorrectIPaddress,butthewrongEthernetaddressforthatremoteinterface,thenIwillgetthewrongMACaddresswhenItrytoconnectwiththeIPaddressthatIentered.ThisisjustlikewhathappenedinARPspoofing.
EX-2.WhatisthedefaultamountoftimethatanentryremainsinyourARPcachebeforebeingremoved.Youcandeterminethisempirically(bymonitoringthecachecontents)orbylookingthisupinyouroperationsystemdocum
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 计算机网络 实验 EthernetandARP