flyingscorpio/efrei
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
efrei/network-protocols/tp3.tex

139 lines
4.7 KiB
TeX
Raw Blame History

\documentclass[a4paper,french,12pt]{article}
\title{Networks and Protocols --- Wireshark Lab 3}
\author{Yi Yang --- Alexandre Chen --- Tunui Franken}
\usepackage{../cours}
\begin{document}
\maketitle
\section{Ethernet --- ARP}
\subsection{Capturing and analyzing Ethernet frames}
\begin{enumerate}
\item \texttt{00:d0:59:a9:3d:68}.
\item \texttt{00:06:25:da:af:73}.
\texttt{gaia.cs.umass.edu} is not in the same network.
The MAC address is that of the next hop router (gateway).
\item \texttt{0x0800}.
This corresponds to IPv4.
\item \texttt{0x47} (71 in decimal) starts at byte 54.
\item \texttt{00:06:25:da:af:73}.
It is the destination address of the GET message (next hop router).
\item \texttt{00:d0:59:a9:3d:68} (our computer).
\item \texttt{0x0800}.
This corresponds to IPv4.
\item The O (\texttt{0x4f}) from the HTTP response can be found at byte 13.
\end{enumerate}
\subsection{The Address Resolution Protocol}
\begin{enumerate}\setcounter{enumi}{8}
\item First column~: IPv4 address\\
Second column~: MAC address\\
Third column~: Type, ie.\ how the entry was learned
\begin{lstlisting}[gobble=20]
IP Address MAC Address Type
10.3.0.3 64:12:25:4a:46:c1 static
10.3.101.222 f8:ac:65:b5:59:28 static
10.3.0.2 00:1a:1e:07:9c:d0 dynamic
10.3.0.1 00:00:0c:07:ac:0d static
10.3.0.4 f8:72:ea:ae:df:3c static
\end{lstlisting}
\item src~: \texttt{00:d0:59:a9:3d:68}\\
dst~: \texttt{ff:ff:ff:ff:ff:ff}\\
\item \texttt{0x0806}, which corresponds to ARP\@.
\item
\begin{enumerate}
\item Opcode \texttt{request} is at byte 20.
\item The hexadecimal value is \texttt{OxOOO1} (1).
\item Yes, \texttt{192.168.1.105}, so that the sender can receive a response.
\item The target MAC address is set to \texttt{00:00:00:00:00:00} because it is unknown.
\end{enumerate}
\item
\begin{enumerate}
\item Opcode \texttt{reply} is at byte 20.
\item The hexadecimal value is \texttt{OxOOO2} (2).
\item The answer appears as Sender MAC address~: \texttt{00:06:25:da:af:73}, corresponding to IPv4 address \texttt{192.168.1.1}.
\end{enumerate}
\item src~: \texttt{00:06:25:da:af:73}\\
dst~: \texttt{00:d0:59:a9:3d:68}\\
\item Maybe no host in the network has the queried IP address (\texttt{192.168.1.117}).
\end{enumerate}
\section{ICMP}
\subsection{ICMP and Ping}
\begin{enumerate}
\item src~: \texttt{192.168.1.101} \\
dst~: \texttt{143.89.14.34}
\item Although it resides on the Transport layer, ICMP does not use UDP nor TCP\@.
ICMP does not use ports.
\item Type~: 8 --- Echo (ping) request \\
Code~: 0.
The other fields are~: \\
Checksum~: 2 bytes \\
Identifier~: 2 bytes \\
Sequence Number~: 2 bytes \\
Data.
\item Type~: 0 --- Echo (ping) reply \\
Code~: 0.
The other fields are~: \\
Checksum~: 2 bytes \\
Identifier~: 2 bytes \\
Sequence Number~: 2 bytes \\
Data.
\end{enumerate}
\subsection{ICMP and Traceroute}
\begin{enumerate}\setcounter{enumi}{4}
\item src~: \texttt{192.168.1.101} \\
dst~: \texttt{138.96.146.2}
\item The number for UDP protocol would be 17 (\texttt{0x11}).
\item The echo request is the same is for the first half of this lab.
\item The error ICMP packet has an additional \texttt{Unused} field.
It also includes part of the Echo request that this error is for.
\item These packets are not error messages, but normal ICMP replies (Type 0 instead of Type 11).
The error messages had exceeded TTL values.
This indicates that the ping made it to the destination.
\item The delayed link seems to be NYC --- Pastourelle (n. 9 to n. 10).
This is a link the crosses the Atlantic ocean.
\end{enumerate}
\end{document}
Reference in a new issue View git blame Copy permalink