MCS-377 Lab 3: Link Layer (Fall 2004)

Due: November 12, 2004

Objective

You and a partner will again use ethereal to look at packet traces. This time, however, you will be analyzing the link-level Ethernet frames, as well as the ARP and DHCP protocols used to connect Ethernet addresses with IP addresses. Unlike the first two labs, you are not trying to build working software or produce scientific results. Instead, you are just going to get some hands-on experience with the format of the Ethernet, ARP, and DHCP packets. You will demonstrate the results of that experience by answering a series of questions.

Underlying labs from the textbook authors

This lab consists of two "Ethereal Lab" assignments written by our textbook authors, though with a few modifications of my own, which are described in the next section. The two underlying labs are available in PDF form:

  1. Ethernet and ARP
  2. DHCP

Modifications to the labs

Each lab describes a procedure for capturing your own packet traces to analyze. Because you do not have administrative privileges on our lab machines, you will not be able to do this unless you use your own machine. Instead, you can use the precaptured traces Kurose and Ross have supplied. You do not need to download those traces from the zip file the labs mention; instead, I have them on our computer in the following two files:

~max/MCS-377/ethernet-ethereal-trace-1
~max/MCS-377/dhcp-ethereal-trace-1 

In the Ethernet and ARP lab, there is a mention of the command arp -d * as a way to clear the ARP cache on Linux. This command is in error. (Apparently, there is no way to clear the cache other than by deleting each individual entry.) However, this is irrelevant, as it is part of what you could only do with administrative privileges.

The following are modifications to individual questions within the two labs:

Ethernet/ARP 3
Ignore the part about bits within the flag field, unless you have more clue what flag field Kurose and Ross are talking about than I do.
Ethernet/ARP 5
The CRC field is not available to you. Here is a replacement question 5 to answer instead. Of the bytes preceding the G, the first some number are the Ethernet frame header. Does this include the preamble bytes, or are those bytes omitted from the capture? Given this, how many bytes of frame header are present? What are the remainder of the bytes before the G?
Ethernet/ARP 8
Again, ignore the part about bits within the flag field, unless you have more clue what flag field Kurose and Ross are talking about than I do.
Ethernet/ARP 10
Skip this question. (The CRC field is not available to you.)
Ethernet/ARP 13
Again, ignore the part about bits within the flag field, unless you have more clue what flag field Kurose and Ross are talking about than I do.
Ethernet/ARP 15
In part (c), the answer you are looking for is the ethernet address, not the IP address.
Ethernet/ARP 17
You will already have the trace file open, unless you used your own machine to do a capture.
Ethernet/ARP EX-1 and EX-2
Skip these.
DHCP 2
The "timing datagram" should really be a "timing diagram," i.e., something roughly like Figure 3.31 on page 235.
DHCP 10
This problem ties to Chapter 4, which we haven't covered yet. You are therefore likely to need to ask me to explain it.

Report

You do not need to try to make any kind of coherent story out of your lab report. Just answer the questions that Kurose and Ross pose.


Course web site: http://www.gac.edu/~max/courses/F2004/MCS-377/
Instructor: Max Hailperin <max@gac.edu>