LỚP: SE1964-NCW204-GROUP4-LAB2

THÀNH VIÊN:
+ Nguyễn Thắng
+Nguyễn Học Hoàng
+Phan Gia Anh
+Hồ Tăng Huy
DANH SÁCH CÔNG VIỆC :
7.1.6 part1:NguyễnThắng
7.1.6 part2: Nguyễn Học Hoàng
7.2.7 part1: Huy Hồ Tăng
7.2.7 part2: Phan Gia Anh
7.3.7 part1: Học Hoàng & Huy Tăng
7.3.7 part2: Gia Anh ft Nguyễn Thắng

7.1.6 :
Part1:
1.What is significant about the contents of the destination address field?
Mọi host trên Lan sẽ cùng được nhận broadcast frame. Host với địa chỉ ip là
192.168.1.1 sẽ gửi lời nhắn ở chế độ unicast đến PC host ( source). Lời nhắn sẽ chứa
địa chỉ MAC của card mạng default gateway
2.Why does the PC send out a broadcast ARP prior to sending the first
ping request?
PC không thể gửi ping request tới host khi mà chưa được xác nhận địa chỉ MAC. Nên
PC phải tạo frame header cho việc ping. ARP broadcast thường được dùng để yêu
cầu địa chỉ MAC của host với địa chỉ IP được chứa trong ARP.
3.What is the MAC address of the source in the first frame?
f0:1f:af:50:fd:c8
4.What is the Vendor ID (OUI) of the Source NIC in the ARP reply?
Netgear
5.What portion of the MAC address is the OUI?
3 octets đầu tiên của địa chỉ MAC biểu diễn OUI
6.What is the NIC serial number of the source?
99:c5:72

PART2:
Step 1: Determine the IP address of the default gateway on your PC.
Open a Windows command prompt.

Open a command prompt window and issue the ipconfig command. What is the IP address
of the PC default gateway? 192.168.1.1

Step 2: Start capturing traffic on your PC NIC.

a. Open Wireshark to start data capture.
b. Observe the traffic that appears in the packet list window.
Step 3: Filter Wireshark to display only ICMP traffic.
You can use the filter in Wireshark to block visibility of unwanted traffic. The filter does not
block the capture of unwanted data; it only filters what you want to display on the screen.
For now, only ICMP traffic is to be displayed.
In the Wireshark Filter box, type icmp. The box should turn green if you typed the filter
correctly. If the box is green, click Apply (the right arrow) to apply the filter.
Step 4: From the command prompt window, ping the default gateway of
your PC.
Open a Windows command prompt.

From the command window, ping the default gateway using the IP address that you
recorded in Step

Step 5: Stop capturing traffic on the NIC.

Click the Stop Capturing Packets icon to stop capturing traffic.

Step 6: Examine the first Echo (ping) request in Wireshark.

The Wireshark main window is divided into three sections: the packet list pane (top), the
Packet Details pane (middle), and the Packet Bytes pane (bottom). If you selected the
correct interface for packet capturing previously, Wireshark should display the ICMP
information in the packet list pane of Wireshark.

a. In the packet list pane (top section), click the first frame listed. You should see Echo
(ping) request
under the Info heading. The line should now be highlighted.

b. Examine the first line in the packet details pane (middle section). This line displays the
length of the
frame.
c. The second line in the packet details pane shows that it is an Ethernet II frame. The
source and
destination MAC addresses are also displayed.

What is the MAC address of the PC NIC? - cc:71:90:85:c4:d8

Type your answers here.
What is the default gateway’s MAC address? - f0:2f:74:4a:70:ac
d. You can click the greater than (>) sign at the beginning of the second line to obtain more
information
about the Ethernet II frame.
Question:

What type of frame is displayed?

What is the MAC address of the PC NIC? - f0:2f:74:4a:70:ac

Type your answers here.
What is the default gateway’s MAC address? - cc:71:90:85:c4:d8
e. The last two lines displayed in the middle section provide information about the data field
of the frame.
Notice that the data contains the source and destination IPv4 address information.
Questions:

What is the source IP address? 192.168.1.3

Type your answers here.
What is the destination IP address? 192.168.1.1
f. You can click any line in the middle section to highlight that part of the frame (hex and
ASCII) in the
Packet Bytes pane (bottom section). Click the Internet Control Message Protocol line
in the middle
section and examine what is highlighted in the Packet Bytes pane.

Question:

What do the last two highlighted octets spell?

- Internet Control Message Protocol
- No response seen
g. Click the next frame in the top section and examine an Echo reply frame. Notice that the
source and destination MAC addresses have reversed, because this frame was sent from the
default gateway router as a reply to the first ping.
Question:

What device and MAC address is displayed as the destination address?

Destination: f0:2f:74:4a:70:ac

Step 7: Capture packets for a remote host.

a. Click the Start Capture icon to start a new Wireshark capture. You will receive a popup
window asking if
you would like to save the previous captured packets to a file before starting a new capture.
Click
Continue without Saving.

b. In a command prompt window, ping www.cisco.com

c. Stop capturing packets.

d. Examine the new data in the packet list pane of Wireshark.
Questions:

In the first echo (ping) request frame, what are the source and destination MAC addresses?

Source: f0:2f:74:4a:70:ac
Type your answers here.
Destination: cc:71:90:85:c4:d8
Type your answers here.
What are the source and destination IP addresses contained in the data field of the frame?

Source: 192.168.1.3
Type your answers here.
Destination: 113.171.30.105
Type your answers here.
Compare these addresses to the addresses you received in Step 6. The only address that
changed is the destination IP address. Why has the destination IP address changed, while
the destination MAC address remained the same?
- Layer 2 frames never leave the LAN. When a ping is issued to a remote host, the
source will use the default gateway MAC address for the frame destination. The
default gateway receives the packet, strips the Layer 2 frame information from
the packet and then creates a new frame header with the MAC address of the
next hop. This process continues from router to router until the packet reaches its
destination IP address.

Reflection Question
Wireshark does not display the preamble field of a frame header. What does the preamble
contain?

- The preamble field contains seven octets of alternating 1010 sequences, and one
octet that signals the beginning of the frame, 10101011.

7.2.7:
Part1:
Step 1: Cable the network as shown in the topology.
a. Attach the devices shown in the topology and cable as necessary.
b. Power on all the devices in the topology.
Step 2: Configure the IPv4 address for the PC.
a. Configure the IPv4 address, subnet mask for PC-A.
 b. From the command prompt on PC-A, ping the switch address.

Open a Windows command prompt

Question:

Were the pings successful? Explain.

No the pings were not succesfully sent. Because the hadn’t been configed.
Close a Windows command prompt Y

Step 3: Configure basic settings for the switch.

In this step, you will configure the device name and the IP address, and disable DNS lookup on the
switch.
a. Console into the switch and enter global configuration mode.

Open a configuration window.

b. Assign a hostname to the switch based on the Addressing Table.

c. Disable DNS lookup.

 d. Configure and enable the SVI interface for VLAN 1.

lose a configuration window

Step 4: Verify network connectivity.

Open a Windows command prompt.

Ping the switch from PC-A.

Question:

Were the pings successful?

Yes the pings were succesfully sent. Because the switch has already had an address on it
Vlan1.

PART2:
Questions: Step 1: Analyze the MAC address for the PC-A NIC.
Before you analyze the MAC address on PC-A, look at an example from a different PC NIC. You can
issue the ipconfig /all command to view the MAC address of your NIC. An example screen output is
shown below.
When using the ipconfig /all command, notice that MAC addresses are referred to as physical
addresses. Reading the MAC address from left to right, the first six hex digits refer to the vendor
(manufacturer) of this device. These first six hex digits (3 bytes) are also known as the
 organizationally unique identifier (OUI). This 3-byte code is assigned to the vendor by the IEEE
organization.
To find the manufacturer, use the keywords IEEE OUI standards to find an OUI lookup tool on the
internet or navigate to http://standards-oui.ieee.org/oui.txt to find the registered OUI vendor codes.
The last six digits are the NIC serial number assigned by the manufacturer.
a. Using the output from the ipconfig /all command, answer the following questions.
C:\> ipconfig /all
<output omitted>
Ethernet adapter
Ethernet:
Connection-specific DNS
Suffix . :
Description . . . . . . . . . . . : Intel(R) 82577LM Gigabit Network
Connection
Physical Address. . . . . . . . . : 5C-26-0A-24-2A-60
DHCP Enabled. . . . . . . . . . . : No

What is the OUI portion of the MAC address for this device?
Type5C-26-0A your answers here.
What is the serial number portion of the MAC address for this device?
Type 24-2A-60 your answers here.
Using the example above, find the name of the vendor that manufactured this NIC.
Dell Inc.
b. From the command prompt on PC-A, issue the ipconfig /all command and identify the OUI portion
of the MAC address for the NIC of PC-A.
Type your answers here.
Identify the serial number portion of the MAC address for the NIC of PC-A.

Type your answers here.

Identify the name of the vendor that manufactured the NIC of PC-A.
Typ

e
your answers here.

Step 2: Analyze the MAC address for the S1 F0/6 interface.

 You can use a variety of commands to display MAC addresses on the switch.
a. Console into S1 and use the show interfaces vlan 1 command to find the MAC address
information. A sample is shown below. Use output generated by your switch to answer the
questions.
Open a configuration window Question:

What is the MAC address for VLAN 1 on S1?

Type your answers here.

What is the MAC serial number for VLAN 1?

Type your answers here.

What is the OUI for VLAN 1?

Type your answers here.

Based on this OUI, what is the name of the vendor?
Cisco Systems, Inc.ur answers here.
What does bia stand for?
Type Burned-in Address answers here.
Why does the output show the same MAC address twice?
Type Basically, you can change the user-defined MAC address to “overwrite” BIA.

here.
b. Another way to display the MAC address on the switch is to use the show arp command. Use the
show arp command to display MAC address information. This command maps the Layer 2
address to its corresponding Layer 3 address. A sample is shown below. Use output generated by
your switch to answer the questions.
S1# show arp

What Layer 2 addresses are displayed on S1?

p e your answers here.

What Layer 3 addresses are displayed on S1?

Type your a nswers here.

Step 3: View the MAC addresses on the switch.

Issue the show mac address-table command on S1. A sample is shown below. Use output
generated by your switch to answer the questions.
 Question:

Did the switch display the MAC address of PC-A? If you answered yes, what port was it on?

No, it did not show any MAC address. your answers here.

Reflection Questions
1. Can you have broadcasts at the Layer 2 level? If so, what would the MAC address be?
Typ Yes, you can have broadcasts at the Layer 2 level. The MAC address
for Layer 2 broadcasts is ffff:ffff:ffffe your answers here.
2. Why would you need to know the MAC address of a device?
Ty MAC addresses are commonly used to identify your device when
connecting to a network. Routers can filter out MAC addresses they
don’t recognizepe your answers here.
End of Document

7.3.7:
PART1:
Step 1: Cable the network according to the topology.

Step 2: Configure PC hosts.

Step 3: Initialize and reload switches as necessary.

Step 4: Configure basic settings for each switch.

Open
configuratio
n window
a. Configure device name as shown in the topology.

b. Configure IP address as listed in Addressing Table.

c. Assign cisco as the console and vty passwords.

d. Assign class as the privileged EXEC password.
Close
configuratio
n window

PART2:
Step 1: Record network device MAC addresses.
a. Open a command prompt on PC-A and PC-B and type ipconfig /all.
Open
Windows
command
prompt
Question:

What are the Ethernet adapter physical addresses?

PC-A MAC Address:

Ty pe your answers here.

PC-B MAC Address:

T ype your answers here.

Close
Windows
command
prompt

b. Console into switch S1 and S2 and type the show interface F0/1 command
on each switch.
Open a
configuratio
n window
Questions:

On the second line of command output, what is the hardware addresses (or
burned-in address [bia])?
S1 Fast Ethernet 0/1 MAC Address:

Typ e your answers here.

S2 Fast Ethernet 0/1 MAC Address:

Type your answers here.

Close a
config

Step 2: Display the switch MAC address table.

 Console into switch S2 and view the MAC address table, both before and after
running network communication tests with ping.
a. Establish a console connection to S2 and enter privileged EXEC mode.
Open a
configuratio
n window

b. In privileged EXEC mode, type the show mac address-table command and
press Enter.

S2# show mac address-table

Even though there has been no network communication initiated across the
network (i.e., no use of ping), it is possible that the switch has learned MAC
addresses from its connection to the PC and the other switch.
Questions:

Are there any MAC addresses recorded in the MAC address table?

swers here.

What MAC addresses are recorded in the table? To which switch ports are
they mapped and to which devices do they belong? Ignore MAC addresses
that are mapped to the CPU.

They belong to port Fast Ethernet 0/1 which belongs to switch S1.
The first one being base ethernet MAC address, the second one
being BIA.here.

If you had not previously recorded MAC addresses of network devices in Step
1, how could you tell which devices the MAC addresses belong to, using only
the output from the show mac address-table command? Does it work in all
scenarios?

The output of the show mac address-table command shows the port
that the MAC address was learned on. In most cases this would
identify which network device the MAC address belongs to, except in
the case of multiple MAC addresses associated to the same port.
Step 3: Clear the S2 MAC address table and display the MAC address table
again.
a. In privileged EXEC mode, type the clear mac address-table dynamic
command and press Enter.

S2# clear mac address-table dynamic

b. Quickly type the show mac address-table command again.
Questions:

Does the MAC address table have any addresses in it for VLAN 1? Are there
other MAC addresses listed?

Ty pe your
answers here.

Wait 10 seconds, type the show mac address-table command, and press
Enter. Are there new addresses in the MAC address table?
TypeNo,there are not any new addresses.answers here.
Close a
configuratio
n window

Step 4: From PC-B, ping the devices on the network and observe the
switch MAC address table.
a. From PC-B, open a command prompt and type arp -a.
Open a
command
prompt
Questi

Not including multicast or broadcast addresses, how many device IP-to-MAC

address pairs have been learned by ARP?
There may or may not entries. It may have the device IP
to MAC mapping.
b. From the PC-B command prompt, ping PC-A, S1, and S2.
Question:

Did all devices have successful replies? If not, check your cabling and IP
configurations.
 Type

your answers here.

Close a
command
prompt

c. From a console connection to S2, enter the show mac address-table

command.
Open a configuration window
Question:
 Has the switch added additional MAC addresses to the MAC address table? If
so, which addresses and devices?

Typ e your
answers here.
Close a
configuratio
n window
Open a
command
prompt

From PC-B, open a command prompt and retype arp -a.

Question:

Does the PC-B ARP cache have additional entries for all network devices that
were sent pings?

No. your answers here.

Close a
command
prompt

Reflect question:
On Ethernet networks, data is delivered to devices by their MAC addresses. For this
to happen, switches and PCs dynamically build ARP caches and MAC address tables.
With only a few computers on the network this process seems fairly easy. What
might be some of the challenges on larger networks?

+ARP broadcast cos thể gây loạn broadcast. Vì ARP và switch MAC table không xác
thực hay kiểm tra các địa chỉ IP đến địac chỉ MAC. Điều này có thể xuất hiện hiện
tượng giả mạo các thiết bị trên mạng Type your answers