What is the source and the destination IP addresses of the network-layer header in the frame? Is the frame an outgoing or an incoming frame?
Instructions | Questions |
1. Open your browser and clean cash history, but do not access any website yet. 2. Open your packet sniffer software (for instance, Wireshark) and start capturing. 3. Go back to your browser, access the following web site: http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html 4. After the page is fully loaded and opened at your browser, go back to Wireshark and stop capturing. 5. Answer question 1. | Q1. List 3 different protocols that appear in the protocol column in the unfiltered packet-listing window. |
6. Use the filter box to filter out all frames except if the source or the sink protocol is http. 7. Using the first frame with the source protocol http, answer the following question from 2 to 7: | Q2. What is the source and the destination IP addresses of the network-layer header in the frame? Is the frame an outgoing or an incoming frame? |
Q3. What is the total number of bytes in the whole frame? | |
Q4. What is the number of bytes in the following: – The Ethernet header (data-link layer header)? – The IP header? – The TCP header? – The message (at the application layer)? | |
Q5: Calculate the total number bytes of the Ethernet header, IP header, TCP header and the message. Is the total of them equal to the total number of bytes in the whole frame? | |
8. In the filter field of the Wireshark window type arp, and click enter. 9. From the packet list window, select the first ARP request packet. 10. From the packet detail pane, select the Address Resolution Protocol. Then answer the questions 6 and 10. | Q6. What is the hardware type and the protocol type? |
Q7. What is the value of the operation field. What is the meaning of this field? | |
Q8: what is hexadecimal values for the source and destination address in the Ethernet frame containing the ARP request message? | |
Q9: What is the type of the destination in the Ethernet frame containing the ARP request message (unicast, multicast, broadcast)? | |
Q10: Checking the packet byte pane, you will notice that the ARP request is followed by zero-bytes. How many 0s are there? Explain the reason for the existence of these 0s. |