You and a partner will again use ethereal to look at packet traces. This time, however, you will be analyzing the link-level Ethernet frames, as well as the ARP and DHCP protocols used to connect Ethernet addresses with IP addresses. Unlike the first two labs, you are not trying to build working software or produce scientific results. Instead, you are just going to get some hands-on experience with the format of the Ethernet, ARP, and DHCP packets. You will demonstrate the results of that experience by answering a series of questions.
This lab consists of two "Ethereal Lab" assignments written by our textbook authors, though with a few modifications of my own, which are described in the next section. The two underlying labs are available in PDF form:
Each lab describes a procedure for capturing your own packet traces to analyze. Because you do not have administrative privileges on our lab machines, you will not be able to do this unless you use your own machine. Instead, you can use the precaptured traces Kurose and Ross have supplied. You do not need to download those traces from the zip file the labs mention; instead, I have them on our computer in the following two files:
~max/MCS-377/ethernet-ethereal-trace-1 ~max/MCS-377/dhcp-ethereal-trace-1
In the Ethernet and ARP lab, there is a mention of the command
arp -d *
as a way to clear the ARP cache on
Linux. This command is in error. (Apparently, there is no way to
clear the cache other than by deleting each individual entry.)
However, this is irrelevant, as it is part of what you could only do
with administrative privileges.
The following are modifications to individual questions within the two labs:
You do not need to try to make any kind of coherent story out of your lab report. Just answer the questions that Kurose and Ross pose.