logo

Wireshark Lab: Ethernet and ARP

Investigating the Ethernet and ARP protocols through capturing and analyzing Ethernet frames and examining a case involving a departing employee and sensitive company documents.

15 Pages2182 Words191 Views
   

Added on  2022-12-02

About This Document

This document provides answers to questions related to Ethernet and ARP in Wireshark Lab. It includes information about Ethernet addresses, frame types, ARP cache, and more.

Wireshark Lab: Ethernet and ARP

Investigating the Ethernet and ARP protocols through capturing and analyzing Ethernet frames and examining a case involving a departing employee and sensitive company documents.

   Added on 2022-12-02

ShareRelated Documents
Running head: WIRESHARK LAB
Wireshark Lab: Ethernet and ARP v7.0
Name of the Student
Name of the University
Author’s Note
Wireshark Lab: Ethernet and ARP_1
1
WIRESHARK LAB
Capturing and Analyzing Ethernet Frames
Wireshark Lab: Ethernet and ARP_2
2
WIRESHARK LAB
Answer to Question 1:
What is the 48-bit Ethernet address of your computer?
The 48 bit Ethernet address of the computer used for capturing the packet from
http://gaia.cs.umass.edu/wireshark-labs/HTTP-ethereal-lab-file3.html is given below:
Ethernet II, Src: Dell_40:55:b9 (58:8a:5a:40:55:b9)
Answer to Question 2:
What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of
gaia.cs.umass.edu? (Hint: the answer is no). What device has this as its Ethernet address? [Note:
this is an important question, and one that students sometimes get wrong. Re-read pages 468-
469 in the text and make sure you understand the answer here.]
The 48-bit destination address in the Ethernet frame is given below:
Ethernet II, Dst: Cisco_b3:3f:eb (a0:23:9f:b3:3f:eb)
This is not the Ethernet address of gaia.cs.umass.edu.
This Ethernet address is for the next hop router.
Answer to Question 3:
Give the hexadecimal value for the two-byte Frame type field. What upper layer protocol does
this correspond to?
The hexadecimal value for the two byte frame type filed is given below:
0x0800
Wireshark Lab: Ethernet and ARP_3
3
WIRESHARK LAB
It corresponds to IP Protocol or the upper layer protocol.
Answer to Question 4:
How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear
in the Ethernet frame?
From the packet captured the Ascii G in the Get appears in the Ethernet frame with 47 bits.
Answer to Question 5:
What is the value of the Ethernet source address? Is this the address of your computer, or of
gaia.cs.umass.edu (Hint: the answer is no). What device has this as its Ethernet address?
The value of source address for Ethernet is given below:
a0:23:9f:b3:3f:eb
It is not the address of gaia.cs.umass.edu or my computer.
The captured Ethernet address is of the router interface through which the data traffic passed
over the network.
Answer to Question 6:
What is the destination address in the Ethernet frame? Is this the Ethernet address of your
computer?
Wireshark Lab: Ethernet and ARP_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Software Foundations for Cyber security
|16
|1928
|220

Wireshark Lab: ICMP and Traceroute
|21
|3293
|430

MITS4004 Research Study: Networking
|17
|2522
|493

COMP247 Data Communications Laboratory Practical 2B IP
|3
|693
|105

COMP247 Data Communications Laboratory Practical 2B IP
|3
|693
|56