通信网原理实验报告Ethernet and ARP

实验一 Ethernet and ARP

一、实验目的

1.加强对以太网帧格式的理解； 2.理解ARP协议的工作原理。 二、实验环境 1.PC机一台； 2.WireShark软件。 三、实验内容

1. Capturing and analyzing Ethernet frames 2. The Address Resolution Protocol 四、实验步骤及思考

（一）Capturing and analyzing Ethernet frames

HTTP GET Message

－ 1 －

(1)Based on the contents of the Ethernet frame containing the HTTP

GET message

1. What is the 48-bit Ethernet address of your computer?

Answer：The 48-bit Ethernet address of my computer is:c8:0a:a9:db:9b:f3

The Ethernet address of my computer

2. What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of gaia.cs.umass.edu? (Hint: the answer is no). What device has this as its Ethernet address?

[Note: this is an important question, and one that students sometimes get wrong. Re-read pages 468-469 in the text and make sure you understand the answer here.]

－ 2 －

Answer：

1)The 48-bit destination address in the Ethernet frame is:00:23:89:8d:50:71

The destination address in the Ethernet frame

2)This is not the Ethernet address of gaia.cs.umass.edu.

3)It is the address of my Linksys router, whick is the link used to get off the subnet.

3.Give the hexadecimal value for the two-byte Frame type field. What do the bit(s) whose value is 1 mean within the flag field? Answer：

1)The hexadecimal value for the two-byte Frame type field is:ox0800

The hexadecimal value for the two-byte Frame type

2) The value is 1 within the flag field means the fragment has not been fragmented.

－ 3 －

Flag

4.How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear in the Ethernet frame? Answer：

1)The ASCII “G” appears 54 bytes from the very start of the Ethernet frame. 2)Calculation process as follows:There are 14 bytes of Ethernet frame,20 bytes of IP header and 20 bytes of TCP header before HTTP data is encountered.

5. What is the hexadecimal value of the CRC field in this Ethernet frame? Answer：

1)There is no CRC field.

2)Because the CRC calculated before the Wireshark packet sniffer start up.

－ 4 －

(2)Based on the contents of the Ethernet frame containing the first byte of the HTTP response message

6. What is the value of the Ethernet source address? Is this the address of your computer, or of gaia.cs.umass.edu (Hint: the answer is no). What device has this as its Ethernet address? Answer：

1)The value of the Ethernet source address is: 00:23:89:8d:50:71

HTTP response message

2)This is neither the address of your computer,northe address of gaia.cs.umass.edu.

3)It is the address of my Linksys router,which is the link used to get onto

－ 5 －

my subnet.

7. What is the destination address in the Ethernet frame? Is this the Ethernet address of your computer? Answer：

1)The destination address in the Ethernet frame is:c8:0a:a9:db:9b:f3 2)It is the address of my computer.

(The 48-bit Ethernet address of my computer is:c8:0a:a9:db:9b:f3)

8. Give the hexadecimal value for the two-byte Frame type field. What

do the bit(s) whose value is 1 mean within the flag field? Answer：

1)The hexadecimal value for the two-byte Frame type field is: 0x0800.

－ 6 －

2)The value is 1 within the flag field means the fragment has not been fragmented.

Flag field

9. How many bytes from the very start of the Ethernet frame does the ASCII “O” in “OK” (i.e., the HTTP response code) appear in the Ethernet frame? Answer：

1)The ASCII “O” appears 54 bytes from the very start of the Ethernet frame. 2)Calculation process as follows:There are 14 bytes of Ethernet frame,20 bytes of IP header and 20 bytes of TCP header before HTTP data is encountered.

10. What is the hexadecimal value of the CRC field in this Ethernet frame? Answer：

1)There is no CRC field.

2)The reason:Because the CRC calculated before the Wireshark packet sniffer start up.

(二)The Address Resolution Protocol （1）ARP Caching

11. Write down the contents of your computer’s ARP cache. What is the meaning of each column value?

－ 7 －

Answer：

1)The Internet Address column contains the IP address,.

2)The Physical Address column contains the MAC address, and the type indicates the protocol type. 3)Observing ARP in action

12. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP request message? Answer：

－ 8 －

1)The hexadecimal values for the source addresses in the Ethernet frame containing the ARP request message is: 00:23:89:8d:50:71

2)The destination addresses in the Ethernet frame containing the ARP request message is: ff:ff:ff:ff:ff:ff

13. Give the hexadecimal value for the two-byte Ethernet Frame type field. What do the bit(s) whose value is 1 mean within the flag field? Answer：

The hexadecimal value for the two-byte Ethernet Frame type field is:0x0806.

14. Download the ARP specification from

ftp://ftp.rfc-editor.org/innotes/std/std37.txt. A readable, detailed discussion of ARP is also at

http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html. a) How many bytes from the very beginning of the Ethernet frame does

－ 9 －

the ARP opcode field begin?

Answer：The ARP opcode field begins 20 bytes from the very beginning of the Ethernet frame.

b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP request is made?

Answer：The hex value for opcode field withing the ARP-payload of the request is 1.

c) Does the ARP message contain the IP address of the sender?

Answer：Yes, the ARP message containg the IP address 192.168.1.105 for the sender.

－ 10 －

d) Where in the ARP request does the “question” appear – the Ethernet address of the machine whose corresponding IP address is being queried?

Answer：The field “Target MAC address” is set to 00:00:00:00:00:00 to question the machine whose corresponding IP address (192.168.1.105) is being queried.

15. Now find the ARP reply that was sent in response to the ARP request.

a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin?

Answer：The ARP opcode field begins 20 bytes from the very beginning of the Ethernet frame.

－ 11 －

b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP response is made?

Answer：The hex value for opcode field withing the ARP-payload part of the Ethernet frame is 2．

c) Where in the ARP message does the “answer” to the earlier ARP request appear – the IP address of the machine having the Ethernet address whose corresponding IP address is being queried?

Answer：The answer to the earlier ARP request appears in the”Sender MAC address” field, which contains the Ethernet address 00:d0:59:a9:3d:68 for the sender with IP address 192.168.1.1.

－ 12 －

16. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP reply message? Answer：The hex value for the source address is 00:06:25:da:af:73 and for the destination is 00:d0:59:a9:3d:68 .

17. Open the ethernet-ethereal-trace-1 trace file in

http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip. The first and second ARP packets in this trace correspond to an ARP request sent by the computer running Wireshark, and the ARP reply sent to the computer running Wireshark by the computer with the ARP-requested Ethernet address. But there is yet another computer on this network, as indiated by packet 6 – another ARP request. Why is there no ARP reply (sent in response to the ARP request in packet 6) in the packet trace? Answer：There is no reply in this trace, because we are not at the machine

－ 13 －

that sent the request. The ARP request is broadcast, but the ARP reply is sent back directly to the sender’s Ethernet address.

五、实验结论

1.CRC在WireShark中是不能被抓到的，原因是CRC在抓包之前已经被计算好。

2.ARP Request消息的Type字段值为1；ARP Replyt消息的Type字段值为2。

3.MAC address是唯一的。

4.清空ARP缓存时（ARP –d ）会出现如下的情况：

5.ARP –a 可以查看ARP缓存中的内容。 六、实验总结

通过这次实验，我对ARP协议有了进一步的理解，在实验过程中遇到了许多问题，但经过查阅资料并和学姐交流，最终解决了这些问题，以实验的方式验证课本上的理论知识，学习也变得更有意义。

－ 14 －

本文来源：https://www.bwwdw.com/article/geup.html