Scribd
Upload
136 views8 pages

Wireshark Assignment 06

The document is a student's answers to questions about analyzing network traffic from a Wireshark assignment on the ARP protocol. It contains the student's answers to 15 questions analyzing details of ARP requests and replies in captured packet traces like MAC addresses, IP addresses, protocol fields and their values. The student provides screenshots of the packet captures supporting their answers.

Uploaded by

Jiya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
136 views8 pages

Wireshark Assignment 06

The document is a student's answers to questions about analyzing network traffic from a Wireshark assignment on the ARP protocol. It contains the student's answers to 15 questions analyzing details of ARP requests and replies in captured packet traces like MAC addresses, IP addresses, protocol fields and their values. The student provides screenshots of the packet captures supporting their answers.

Uploaded by

Jiya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

WIRESHARK ASSIGNMENT 06

NED University of engineering and technology


DEPARTMENT OF COMPUTER SCIENCE AND INFORMATION TECHNOLOGY

STUDENT NAME: Jaweria Niaz Mughal


ROLL NUMBER: CT-033
COURSE TITLE: Computer Communication Networks - CCN
SOURCE CODE: CS-351
TOPIC: ARP
1. What is the 48-bit Ethernet address of your computer?

ANSWER:

According to the above screenshot, 48-bit Ethernet address of your


computer is:
Source: 00:d0:59:a9:3d:68
2. What is the 48-bit destination address in the Ethernet frame? Is this the
Ethernet address of gaia.cs.umass.edu? (Hint: the answer is no). What
device has this as its Ethernet address?

ANSWER:
According to above screenshot, 48-bit destination address in the Ethernet
frame is:
Destination: 00:06:25:da:af:73
The above mentioned destination address is not the Ethernet address of
gaia.cs.umass.edu. Rather, it is the address of Gateway to the internet
which is my local router.
3. Give the hexadecimal value for the two-byte Frame type field. What upper
layer protocol does this correspond to?
ANSWER:
According to the snip attached in question-01, the hexadecimal value for
the frame type field is given below:
Type: IP (0x0800) which correspond to IP protocol.
4. How many bytes from the very start of the Ethernet frame does the ASCII
“G” in “GET” appear in the Ethernet frame?

ANSWER:
According to the snip attached in question-01, the G in the GET appears 52
bits into the frame.
5. What is the value of the Ethernet source address? Is this the address of
your computer, or of gaia.cs.umass.edu (Hint: the answer is no). What
device has this as its Ethernet address?

ANSWER:

According to above snip, value of Ethernet source address is:


Source Address: 00:d0:59:a9:3d:68
This address is neither of my system, nor of gaia.cs.umass.edu. it is the
address of default gateway (i.e. router)
6. What is the destination address in the Ethernet frame? Is this the Ethernet
address of your computer?

ANSWER:
According to the screenshot above, destination address value is:
Destination Address: 00:06:59:a9:3d:68
This is the address of my computer.
7. Give the hexadecimal value for the two-byte Frame type field. What upper
layer protocol does this correspond to?

ANSWER:
According to the screenshot:
Hex value: 0x0800 which corresponds to the IP protocol.
8. How many bytes from the very start of the Ethernet frame does the ASCII
“O” in “OK” (i.e., the HTTP response code) appear in the Ethernet frame?

ANSWER:
According to the screenshot, O in OK appears 52-bytes in the Ethernet
frame.
9. Write down the contents of your computer’s ARP cache. What is the
meaning of each column value?
ANSWER:
Internet Address: IP address
Physical Address: MAC address
Type: The Protocol type
10.What are the hexadecimal values for the source and destination addresses
in the Ethernet frame containing the ARP request message?

ANSWER:
Source Address: 00:d0:59:a9:3d:68
Destination Address: ff:ff:ff:ff:ff:ff
11.Give the hexadecimal value for the two-byte Ethernet Frame type field.
What upper layer protocol does this correspond to?

ANSWER:
The Hex value for the two byte Ethernet frame is ARP.
Hex value: 0x0806 and upper layer protocol is ARP.
12.Download the ARP specification and answer the following:
a) How many bytes from the very beginning of the Ethernet frame does
the ARP opcode field begin?
b) What is the value of the opcode field within the ARP-payload part of
the Ethernet frame in which an ARP request is made?
c) Does the ARP message contain the IP address of the sender?
d) Where in the ARP request does the “question” appear – the Ethernet
address of the machine whose corresponding IP address is being
queried?

ANSWER:
a) 20 bytes
b) 0x0001
c) Yes according to the figure, IP address = 192.168.1.105
d) Target MAC address: 00:00:00:00:00:00. IP of the machine to which
the query will be broadcasted is:
IP Address: 192.168.1.1
13.Now find the ARP reply that was sent in response to the ARP request.
a) How many bytes from the very beginning of the Ethernet frame does
the ARP opcode field begin?
b) What is the value of the opcode field within the ARP-payload part of
the Ethernet frame in which an ARP response is made?
c) Where in the ARP message does the “answer” to the earlier ARP
request appear – the IP address of the machine having the Ethernet
address whose corresponding IP address is being queried?

ANSWER:
I. 20 bytes
II. 0x0002
III. Sender MAC Address: 00:d0:59:a9:3d:68
IV. Sender IP Address: 192.168.1.105
14.What are the hexadecimal values for the source and destination addresses
in the Ethernet frame containing the ARP reply message?
ANSWER:
Source: 00:d0:59:a9:3d:68
Destination: 00:00:00:00:00:00
15.Open the ethernet-ethereal-trace-1 trace file in
http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip. The first and
second ARP packets in this trace correspond to an ARP request sent by the
computer running Wireshark, and the ARP reply sent to the computer
running Wireshark by the computer with the ARP-requested Ethernet
address. But there is yet another computer on this network, as indicated by
packet 6 – another ARP request. Why is there no ARP reply (sent in
response to the ARP request in packet 6) in the packet trace?

ANSWER:
Because the ARP request is broadcasted and ARP reply is not broadcast.
The reply will be sent to the computer who made the request directly.

You might also like