\documentclass[a4paper,french,12pt]{article} \title{Networks and Protocols --- Wireshark Lab 3} \author{Yi Yang --- Alexandre Chen --- Tunui Franken} \usepackage{../cours} \begin{document} \maketitle \section{Ethernet --- ARP} \subsection{Capturing and analyzing Ethernet frames} \begin{enumerate} \item \texttt{00:d0:59:a9:3d:68}. \item \texttt{00:06:25:da:af:73}. \texttt{gaia.cs.umass.edu} is not in the same network. The MAC address is that of the next hop router (gateway). \item \texttt{0x0800}. This corresponds to IPv4. \item \texttt{0x47} (71 in decimal) starts at byte 54. \item \texttt{00:06:25:da:af:73}. It is the destination address of the GET message (next hop router). \item \texttt{00:d0:59:a9:3d:68} (our computer). \item \texttt{0x0800}. This corresponds to IPv4. \item The O (\texttt{0x4f}) from the HTTP response can be found at byte 13. \end{enumerate} \subsection{The Address Resolution Protocol} \begin{enumerate}\setcounter{enumi}{8} \item First column~: IPv4 address\\ Second column~: MAC address\\ Third column~: Type, ie.\ how the entry was learned \begin{lstlisting}[gobble=20] IP Address MAC Address Type 10.3.0.3 64:12:25:4a:46:c1 static 10.3.101.222 f8:ac:65:b5:59:28 static 10.3.0.2 00:1a:1e:07:9c:d0 dynamic 10.3.0.1 00:00:0c:07:ac:0d static 10.3.0.4 f8:72:ea:ae:df:3c static \end{lstlisting} \item src~: \texttt{00:d0:59:a9:3d:68}\\ dst~: \texttt{ff:ff:ff:ff:ff:ff}\\ \item \texttt{0x0806}, which corresponds to ARP\@. \item \begin{enumerate} \item Opcode \texttt{request} is at byte 20. \item The hexadecimal value is \texttt{OxOOO1} (1). \item Yes, \texttt{192.168.1.105}, so that the sender can receive a response. \item The target MAC address is set to \texttt{00:00:00:00:00:00} because it is unknown. \end{enumerate} \item \begin{enumerate} \item Opcode \texttt{reply} is at byte 20. \item The hexadecimal value is \texttt{OxOOO2} (2). \item The answer appears as Sender MAC address~: \texttt{00:06:25:da:af:73}, corresponding to IPv4 address \texttt{192.168.1.1}. \end{enumerate} \item src~: \texttt{00:06:25:da:af:73}\\ dst~: \texttt{00:d0:59:a9:3d:68}\\ \item Maybe no host in the network has the queried IP address (\texttt{192.168.1.117}). \end{enumerate} \section{ICMP} \subsection{ICMP and Ping} \begin{enumerate} \item src~: \texttt{192.168.1.101} \\ dst~: \texttt{143.89.14.34} \item Although it resides on the Transport layer, ICMP does not use UDP nor TCP\@. ICMP does not use ports. \item Type~: 8 --- Echo (ping) request \\ Code~: 0. The other fields are~: \\ Checksum~: 2 bytes \\ Identifier~: 2 bytes \\ Sequence Number~: 2 bytes \\ Data. \item Type~: 0 --- Echo (ping) reply \\ Code~: 0. The other fields are~: \\ Checksum~: 2 bytes \\ Identifier~: 2 bytes \\ Sequence Number~: 2 bytes \\ Data. \end{enumerate} \subsection{ICMP and Traceroute} \begin{enumerate}\setcounter{enumi}{4} \item src~: \texttt{192.168.1.101} \\ dst~: \texttt{138.96.146.2} \item The number for UDP protocol would be 17 (\texttt{0x11}). \item The echo request is the same is for the first half of this lab. \item The error ICMP packet has an additional \texttt{Unused} field. It also includes part of the Echo request that this error is for. \item These packets are not error messages, but normal ICMP replies (Type 0 instead of Type 11). The error messages had exceeded TTL values. This indicates that the ping made it to the destination. \item The delayed link seems to be NYC --- Pastourelle (n. 9 to n. 10). This is a link the crosses the Atlantic ocean. \end{enumerate} \end{document}