Description
1 Introduction
In this experiment, you will explore protocols operating at the link layer. We haven’t studied the Ethernet and Wireless protocols in detail yet, but I’ve uploaded the lecture notes (Lecture 16) so you can consult these to learn more.
2 Ethernet/Wireless Frames
Capture a set of Ethernet frames to study via an Ethernet or WiFi connection.
-
Make sure your browser’s cache is empty.
-
Start the Wireshark packet sniffer.
-
Enter the following URL into your browser http://www.ietf.org/rfc/rfc894.txt
-
Your browser should display the RFC for IP over Ethernet.
-
Stop the Wireshark packet capture. First, find the packet numbers (the leftmost column in the upper Wireshark window) of the HTTP GET message that was sent from your computer to www.ietf.org, as well as the beginning of the HTTP response message sent to your computer by www.ietf.org. You should see a screen that looks something like this (where packet 65 in the screen shot below contains the HTTP GET message).
In order to answer the following questions, you’ll need to look into the packet details and packet contents windows (the middle and lower display windows in Wireshark).
Include the answers to the questions in your very brief report (and where appropriate explain how you obtained the solution). The report can just be a series of answers to the questions.
Select the Ethernet frame containing the HTTP GET message. (Recall that the HTTP GET message is carried inside of a TCP segment, which is carried inside of an IP datagram, which is carried inside of an Ethernet frame). Expand the Ethernet II information in the packet details window. Note that the contents of the Ethernet frame (header as well as payload) are displayed in the packet contents window.
Answer the following questions, based on the contents of the Ethernet frame containing the HTTP GET message.
2.1 What is the 48-bit Ethernet address of your computer? Where did you find this information?
2.2 What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of www.ietf.org? (Hint: the answer is no). What device has this as its Ethernet address? Again, describe where you got this information.
2.3 Who is the manufacturer of the Ethernet adapter (or computer) for both the source and destination Ethernet adapters. Determine this from the Ethernet address, not by looking at the label on your laptop. Use the document at http://standards-oui.ieee.org/oui.txt – don’t just rely on Wireshark, although you should see a match. An Organizationally Unique Identifier (OUI) is a 24-bit number that uniquely identifies a vendor or manufacturer – it is essentially the first three octets of a MAC address.
2.4 Give the hexadecimal value for the two-byte TYPE field. Interpret the meaning of this value.
2.5 How many bytes from the very start of the Ethernet frame does the ASCII “T” in “GET” appear in the Ethernet frame?
Next, answer the following questions, based on the contents of the Ethernet frame containing the first byte of the HTTP response message.
2.6 What is the value of the Ethernet source address? Is this the address of your computer, or of www.ietf.org? (Hint: the answer is no). What device has this as its Ethernet address?
2.7 What is the destination address in the Ethernet frame? Is this the Ethernet address of your computer?
3 Address Resolution Protocol (ARP)
In this section, you will observe ARP in action.
ARP Caching
Recall that the ARP protocol typically maintains a cache of IP-to-Ethernet address translation pairs on your computer. The arp command is used to view and manipulate the contents of this cache. Since the arp command and the ARP protocol have the same name, it’s understandably easy to confuse them. But keep in mind that they are different
-
the arp command is used to view and manipulate the ARP cache contents, while the ARP protocol defines the format and meaning of the messages sent and received, and defines the actions taken on message transmission and receipt.
Let’s take a look at the contents of the ARP cache on your computer. The arp command will display the contents of the ARP cache on your computer. For Windows1 and Mac OSX, use arp -a, for some variants of Linux, just use arp. Run the arp or arp -a command and keep a copy of the contents of your computer’s ARP cache.
In order to observe your computer sending and receiving ARP messages, we’ll need to clear the ARP cache, since otherwise your computer is likely to find a needed IP- Ethernet address translation pair in its cache and consequently not need to send out an ARP message. The -d flag to the arp command deletes an entry from the ARP cache.
Use arp -ad to clear all entries from the cache. You may need to look up exactly how to do this for your particular operating system. (Mac OS will need a sudo; Linux has the ip command – “ip -s -s neigh flush all”.
Please do the following:
-
Clear your ARP cache, as described above.
-
Next, make sure your browser’s cache is empty.
-
Start up the Wireshark packet sniffer
-
Enter the following URL into your browser http://www.ietf.org/rfc/rfc826.txt
-
Your browser should display the RFC for ARP.
-
Stop Wireshark packet capture. Filter on “arp” to isolate the ARP packets
Do the following:
You should now see a Wireshark window that looks like:
3.1 What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP request message?
ECSE 416 –Telecommunication Networks Fall 2020
5 Important Dates and Evaluation
5.1 Demo
The demo will take place in class on Nov. 5 or 6 and will count for 2.5% of your final grade in the course. For the demo, you should be prepared to explain your answers to all the questions above and show the TA how you obtained your answers. You should be able to answer questions about the operation of the address resolution protocol and MAC addresses.
5.2 Report
The report is due at 23:59 on Nov. 9, and it will count for 2.5% of your final grade. The report should be nothing more than responses to all the questions in this document (expected length approximately 2 pages excluding figures). Please include a few screenshots from Wireshark to support your answers.
October 21, 2020 5 of 5
