MCS-377 Lab 3: Link Layer (Fall 2006)
Due: November 9, 2006
Objective
You will again use ethereal to look at packet traces.
This time, however, you will be analyzing the link-level Ethernet
frames, as well as the ARP and DHCP protocols used to connect Ethernet
addresses with IP addresses. Unlike the first two labs, you are not
trying to build working software or produce scientific results.
Instead, you are just going to get some hands-on experience with the
format of the Ethernet, ARP, and DHCP packets. You will demonstrate
the results of that experience by answering a series of questions.
Underlying labs from the textbook authors
This lab consists of two "Ethereal Lab" assignments written by our
textbook authors, though with a few modifications of my own, which are
described in the next section. The two underlying labs are available
in PDF form:
- Ethernet
and ARP
- DHCP
Modifications to the labs
Each lab describes a procedure for capturing your own packet traces
to analyze. Because you do not have administrative privileges
on our lab machines, you will not be able to do this unless you
use your own machine. Instead, you can use the precaptured traces
Kurose and Ross have supplied. You do not need to download those
traces from the zip file the labs mention; instead, I have them on our
computer in the following two files:
~max/MCS-377/ethernet-ethereal-trace-1
~max/MCS-377/dhcp-ethereal-trace-1
In the Ethernet and ARP lab, there is a mention of the command
arp -d *
as a way to clear the ARP cache on
Linux. This command is in error. (Apparently, there is no way to
clear the cache other than by deleting each individual entry.)
However, this is irrelevant, as it is part of what you could only do
with administrative privileges.
The following are modifications to individual questions within the
two labs:
- Ethernet/ARP 3
- Ignore the part about bits within the flag field, unless you have
more clue what flag field Kurose and Ross are talking about than I
do.
- Ethernet/ARP 5
- The CRC field is not available to you. Here is a replacement
question 5 to answer instead. Of the bytes preceding the G, the first
some number are the Ethernet frame header. Does this include the
preamble bytes, or are those bytes omitted from the capture? Given
this, how many bytes of frame header are present? What are the
remainder of the bytes before the G?
- Ethernet/ARP 8
- Again, ignore the part about bits within the flag field, unless you have
more clue what flag field Kurose and Ross are talking about than I
do.
- Ethernet/ARP 10
- Skip this question. (The CRC field is not available to you.)
- Ethernet/ARP 13
- Again, ignore the part about bits within the flag field, unless you have
more clue what flag field Kurose and Ross are talking about than I
do.
- Ethernet/ARP 14
- In part (d), reverse the words "Ethernet" and "IP". [This note
was added after the lab assignment was completed.]
- Ethernet/ARP 15
- In part (c), the answer you are looking for is the ethernet
address, not the IP address.
- Ethernet/ARP 17
- You will already have the trace file open, unless you used your
own machine to do a capture.
- Ethernet/ARP EX-1 and EX-2
- Skip these.
- DHCP 2
- The "timing datagram" should really be a "timing diagram," i.e.,
something roughly like Figure 3.31 on page 235.
- DHCP 10
- This problem ties to Chapter 4, which we haven't covered yet. You
are therefore likely to need to ask me to explain it.
- DHCP 13
- Replace "DHCP request" by "DHCP release".
Report
You do not need to try to make any kind of coherent story out of
your lab report. Just answer the questions that Kurose and Ross pose.
Course web site: http://www.gac.edu/~max/courses/F2006/MCS-377/
Instructor: Max Hailperin <max@gac.edu>