• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Uccn1003  -may10_-_lab_07_-_intro_to_protocols_in_packet_tracer
 

Uccn1003 -may10_-_lab_07_-_intro_to_protocols_in_packet_tracer

on

  • 792 views

 

Statistics

Views

Total Views
792
Views on SlideShare
791
Embed Views
1

Actions

Likes
0
Downloads
9
Comments
0

1 Embed 1

http://www.techgig.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Uccn1003  -may10_-_lab_07_-_intro_to_protocols_in_packet_tracer Uccn1003 -may10_-_lab_07_-_intro_to_protocols_in_packet_tracer Document Transcript

    • UCCN1003 Data Communications and NetworksLab 07: Introduction to Protocols in Packet TracerInstructions: 1. Read the “Introduction” section for the background 2. Perform all the lab exercises, starting with exercise 1 3. Follow all the steps. 4. Record the results in all italic bold actions. 5. Paste your screen captures on a Word Document and save it. 6. Answer all the questions in italic and in blanks based on the observation of the results. 7. Write your answer in the same Word Document. 8. Please follow the sequence of the exercises, and don’t skip any step. 9. There is an appendix for protocol reference towards the end of this lab.Introduction to ProtocolIn the networking and communications area, a protocol is the formal specification that definesthe procedures that must be followed when transmitting or receiving data. Protocols define theformat, timing, sequence, and error checking used on the network.In plain English, the above means that if you have 2 or more devices (e.g computers) which wantto communicate, then they need a common "Protocol" which is a set of rules that guide thecomputers on how and when to talk to each other.There are hundreds of protocols out there and it is impossible to put them all in the lab. Onlysome of the more popular protocols have been included in this lab.One thing which you should keep in mind is that as you move from the lower layers (Physical) tothe upper layers (Applications), more processing time is needed by the device thats dealing withthe protocol.As there are a lot more network protocols around, you can read up on them and learn more aboutthem.Exercise 1: Observation of ICMP and ARP 1. Set up the network according to the following figure. Make sure that Packet Tracer is in “Simulation mode” (NOT “Realtime mode”) while you are constructing the network in. Just put in the IP addresses but don’t configure any route yet. All masks are /24. 1
    • 2. Click on “Edit Filters”. Select only “ARP” and “ICMP”. If some of the bubbles are still red in the network, click on “Auto Capture / Play” to let some time passes, so these bubbles can turn green to indicate hardware connectivity.3. Click on the following “envelope” icon, and then click it on PC1 and PC3 to simulate a ping. Click on “Auto Capture / Play” and observe the “movements” of packets in the form of “envelopes”.4. When the simulation has finished, a dialog box pops out. Click on “View Previous Events”. Double click on little square box of the first row of the “Event List” under “info” (next to ICMP). The dialog box shown on the following right should pop out. Try 2
    • to get the “Event List” as shown in the following figure (with ICMP and ARP). Save the network file as “lab7-1.pkt”.5. Click on the “Outbound PDU Details” tab, and answer the following questions by referring to the information in the “Outbound PDU Details” and appendix of this lab: a. What is the source IP address? _________________________________________________ b. What is the destination IP address? _________________________________________________ c. What is the value of the protocol field in IP header? _________________________________________________ d. What does this value of the protocol in part(c) mean? _________________________________________________ e. What is the total length of the IP packet? _________________________________________________ 3
    • f. What is value of the TYPE in the ICMP header? _________________________________________________ g. What does the value of “TYPE” in the ICMP header mean? _________________________________________________6. In the second line of the “Event List”, an ARP has been issued. Again, double click on the square box next to the ARP and click on the “Outbound PDU Details” tab. Answer the following questions with the help of appendix: a. Why an ARP has to be issued? _________________________________________________ b. What is the destination MAC address? _________________________________________________ c. What is special about destination MAC address in part (b)? _________________________________________________ d. What is the value of TYPE in the Ethernet header? _________________________________________________ e. What does the value of TYPE in part (d) mean? _________________________________________________ f. What is the value of Hardware Type of the ARP header and what does this value indicate? _________________________________________________ g. What is the value of Protocol Type of the ARP header and what does this value indicate? _________________________________________________ h. What is the value of HLEN of the ARP header and what does this value indicate? _________________________________________________ 4
    • i. What is the value of PLEN of the ARP header and what does this value indicate? _________________________________________________ j. From the ARP header, which device’s MAC address that PC1 is interested? _________________________________________________7. Double click on the square box (under column “Info) of the 4th line of the “Event List” in which the ARP data has been sent from Switch0 to Router0. The left dialog box of the following table should pop out. Click on the “Next Layer >>” and “Previous Layer <<” in order to read the description of Layer 2 of both “In Layers” and “Out Layers”. (Note: “In Layers” and “Inbound PDU Details” show the layers and frame information before the device process the frame. “Out Layers” and “Outbound PDU Details” show the layers and frame information after the device (e.g. Router0) process the frame.)8. Now, click on “Inbound PDU Details” tab (Router0) and answer the following questions with the help of appendix: a. What is the value of the Opcode of the ARP header and what does it mean? _________________________________________________ 5
    • b. What is the source MAC address? _________________________________________________9. Now, click on “Outbound PDU Details” (Router0) tab and answer the following questions with the help of appendix: a. What is the new value of the Opcode of the ARP header and what does it mean? _________________________________________________ b. Which device does the destination MAC address belong to? _________________________________________________ c. There are similar MAC addresses in both the headers, which set of MAC addresses (Ethernet header or ARP header) will Switch0 process? _________________________________________________ d. When this “Outbound” frame reaches PC1, what is PC1 going to do with the information contained in this frame? (Note: Double click on the square box of line 7 of “Event List”, the ARP frame at PC1. Click on “Next Layer >>” until the “Layer 2” is highlighted with yellow shade. Read the description, the answer can be found in the description.) _________________________________________________10. Double click on the square box of Line 8 (ICMP of PC1), then click on “Outbound PDU Details”. Compare what you observe with the “Outbound PDU Details” of Line 1 of the “Event List” (the first ICMP). What have you observed? _________________________________________________11. Double click square box (should be red in color) on the last line of the “Event List” which is an ICMP in PC1, then click on the “Inbound PDU Details” tab. Answer the following questions with the help of appendix of this lab. a. What are the values of TYPE and CODE of the first ICMP header? _________________________________________________ b. What does the combination of the two values mean? _________________________________________________ 6
    • 12. Configure default routes for both Router0 and Router1. (Note: Do not switch back to Realtime mode).Router0(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2Router1(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.1 13. Now, save the network as “Lab7-2.pkt”. 14. Re-open the file “Lab7-2.pkt” again. After you see all the bubbles turn to green, switch to “Simulation mode”. You should get what is shown in the following figure (Event List with an ICMP and ARP). 15. Check the ARP table of Router0 and Router1 by typing the following command, and record what you have observed.Router0#show arpRouter1#show arp 16. Click on “Auto Capture / Play” button and observe the movements of the “envelope”. When the simulation is finished, press “View Previous Events”. You should get an “Event List” which is similar to the following figure. 7
    • 17. Double click on the square box of second last of the “Event List” (Router0, Router1, ARP). Click on the “Inbound PDU Detail” tab. Answer the following questions: a. What is the destination MAC Address? _________________________________________________ b. What is the Target MAC Address? _________________________________________________ c. What is the Target IP Address? _________________________________________________ 18. Check the ARP table of Router0 and Router1 again by typing the following command, and record what you have observed. Compare this ARP table with the previous ARP table (Ex1.15) that you have recorded.Router0#show arpRouter1#show arp 19. Temporarily switch to “Realtime mode” and switch back to “Simulation mode”. 20. Click on “Auto Capture / Play”, you should get an “Event List” similar to the following figure. 8
    • 21. Double click on the square box of first ARP of the “Event List” (--, Router1, ARP). Click on the “Inbound PDU Detail” tab. Answer the following questions: a. What is the Target IP Address? _________________________________________________ b. What is the source IP Address in ARP header? _________________________________________________22. Temporarily switch to “Realtime mode” and switch back to “Simulation mode”.23. Click on “Auto Capture / Play”, you should get an “Event List” similar to the following figure. ICMP should travel from PC1 to PC3 and back without any ARP.24. Double click on the square box of 7th ICMP of the “Event List” (Switch1, PC3, ICMP). Click on the “Inbound PDU Detail” tab. Answer the following questions: 9
    • a. What is the value of TYPE in Ethernet header and what does it mean? _________________________________________________ b. Which is the TTL value of the IP header? _________________________________________________25. Double click on the square box of first ICMP of the “Event List” (--, PC1, ICMP). Click on the “Inbound PDU Detail” tab. Answer the following questions: a. Which device does the destination MAC address belong to? _________________________________________________ b. Which is the TTL value of the IP header? _________________________________________________26. Click on the “Outbound PDU Detail” tab. Answer the following questions: a. Which device does the destination MAC address belong to? _________________________________________________ b. Which is the TTL value of the IP header? _________________________________________________ c. Which are the values of the TYPE and CODE in the ICMP header? _________________________________________________ d. What does the combination of the two values mean? _________________________________________________27. Double click on the square box of last ICMP of the “Event List” (Switch0, PC1, ICMP). Click on the “Inbound PDU Detail” tab. Answer the following questions: a. Which device does the source MAC address belong to? _________________________________________________ 10
    • b. Which is the TTL value of the IP header? _________________________________________________Exercise 2: Observation of ICMP of Trace RouteTrace route is a special case of ICMP, in which the first set of ICMP packets is ICMP requestwith TTL=1. The second set of ICMP packets is ICMP request with TTL=2. The TTL value ofthe IP header is being incremented by 1 until the ICMP hits the true destination. As the first setof ICMP packets with TTL=1 reach the first router, the router will decrease the TTL by 1 (TTL =1-1 = 0). When TTL=0, the router will drop the packet, and sends an ICMP error message backto the sender. The second router will do the same thing to the second set of ICMP packets withTTL= 2. With this process, a “route” (with all the gateway IP) is formed as the output of thecommand prompt. 1. Open “Lab7-2.pkt” again. While you are waiting for all the bubbles to turn green (in Realtime mode). Click on the entry of the bottom right corner and then click on “Delete”, as indicated in the following figure. 2. Use PC1 to ping PC3 in “Realtime mode” (command prompt). This is to make sure PC1 is successfully ping PC3 with the ARP tables properly built. 3. Click on “Simulation mode”. In command prompt of PC1, type “tracert 192.168.5.2”. You should have a similar screen as the following figure. After that click on “Auto 11
    • Capture / Play”. The whole event will take a while. At the same time, observe the movement of the envelopes together with the output at the command prompt. At the end of the simulation, clink on “View Previous Events”. (If you count the entries of the “Event List”, you should have around 75 entries)4. Double click on the square box of first ICMP of the “Event List” (--, PC1, ICMP). Click on the “Outbound PDU Detail” tab. Answer the following questions: a. What is the value of the TTL in IP header? _________________________________________________ b. What is the source and destination IP Address? _________________________________________________ c. What are the values of TYPE and CODE of the ICMP header? _________________________________________________ d. What does the combination of value in part (c) mean? _________________________________________________5. Double click on the square box of 4th ICMP of the “Event List” (--, Router0, ICMP). Click on the “Outbound PDU Detail” tab. Answer the following questions: 12
    • a. What is the value of the TTL in IP header? _________________________________________________ b. What is the total length of the IP packet? _________________________________________________ c. What is the source and destination IP Address? _________________________________________________ d. What are the values of TYPE and CODE of the ICMP header? _________________________________________________ e. What does the combination of value in part (d) mean? _________________________________________________6. Double click on the square box of 19th ICMP of the “Event List” (--, PC1, ICMP), the 1st of the four square with same color after a group of three red square, as indicated in the figure. Click on the “Outbound PDU Detail” tab. Answer the following question: 13
    • a. What is the value of the TTL in IP header? _________________________________________________ 7. Double click on the square box of 23th ICMP of the “Event List” (--, Router1, ICMP). Click on the “Outbound PDU Detail” tab. Answer the following questions: a. What is the source and destination IP address? _________________________________________________ b. Which device does the destination MAC address belong to? _________________________________________________ 8. Double click on the square box of “11th to the last” ICMP of the “Event List” (--, PC1, ICMP). “11th to the last” means counting 11 steps backward from the last line of ICMP. Click on the “Outbound PDU Detail” tab. Answer the following question: a. What is the value of the TTL in IP header? _________________________________________________ 9. Double click on the square box to the last ICMP of the “Event List” (Switch0, PC1, ICMP). Click on the “Inbound PDU Detail” tab. Answer the following question: a. What is the value of the TTL in IP header? _________________________________________________ b. What are the values of TYPE and CODE of the ICMP header? _________________________________________________ c. What does the combination of value in part (d) mean? _________________________________________________Exercise 3: Observation of DHCP 14
    • There are four phases in the DHCP process: DHCP Discover, DHCP Offer, DHCP Request, andDHCP Acknowledge. 1. Add an additional server with the IP according to the following figure. Do this in “Simulation mode”. 2. Set the DHCP service according to the following figure. 3. Edit the Event List Filters to view the events of DHCP only, as shown in the following figure. Then, save the network as “Lab7-3.pkt”. 15
    • 4. Open “Lab7-3.pkt” again. Wait for all the bubbles to turn green and then switch to “Simulation mode”.5. Double click on PC3. Click on “Desktop” tab, then click on “IP Configuration”. Click on “DHCP” as shown in the following figure. In the “Event List”, “DHCP” should show up.6. Click on “Auto Capture / Play”, and observe the movement of envelopes. As usual, wait until the simulation ends and click on “View Previous Events”.7. Click on the 1st DHCP of the “Event List” (--, PC3, DHCP). Click on the “Outbound PDU Details” tab. Answer the following questions: a. What is the value of the destination MAC address? _________________________________________________ b. What is the source and destination IP addresses? _________________________________________________ c. What is the value of protocol field in IP header and what does it mean? _________________________________________________ d. What are the source and destination ports? _________________________________________________ e. What is the server address in the DHCP header? 16
    • _________________________________________________ f. What is the value of the Opcode in the DHCP header and what does it mean? _________________________________________________8. Click on the 6th DHCP of the “Event List” (Server0, Switch1, DHCP). Click on the “Outbound PDU Details”. Answer the following questions: a. What is the value of the destination MAC address? _________________________________________________ b. What is the source and destination IP addresses? _________________________________________________ c. What are the source and destination ports? _________________________________________________ d. What is the server address in the DHCP header? _________________________________________________ e. What is the value of the Opcode in the DHCP header and what does it mean? _________________________________________________9. Click on the 10th DHCP of the “Event List” (PC3, Switch1, DHCP). Click on the “Outbound PDU Details”. Answer the following questions: a. What is the value of the destination MAC address? _________________________________________________ b. What is the source and destination IP addresses? _________________________________________________ c. What are the source and destination ports? _________________________________________________ 17
    • d. What is the server address in the DHCP header? _________________________________________________ e. What is the value of the Opcode in the DHCP header and what does it mean? _________________________________________________ f. What is the value of the YOUR client address in the DHCP header? _________________________________________________10. Click on the Last DHCP of the “Event List” (Switch1, PC3, DHCP). Click on the “Inbound PDU Details”. Answer the following questions: a. What is the value of the destination MAC address? _________________________________________________ b. What is the source and destination IP addresses? _________________________________________________ c. What are the source and destination ports? _________________________________________________ d. What is the server address in the DHCP header? _________________________________________________ e. What is the value of the Opcode in the DHCP header and what does it mean? _________________________________________________ f. What is the value of the YOUR client address in the DHCP header? _________________________________________________ 18
    • Exercise 4: Observation of DNS 1. Configure the DNS service based on the following figure. 2. Switch to “Simulation mode”. Edit the Event List Filter to view only DNS. 3. Key in the DNS server IP in PC1 as indicated in the following figure. 4. Go to command prompt of PC1 and type in “nslookup abc.com”. The first DNS entry should pop up in the “Event List”. 5. Click on “Auto Capture / Play”, and observe the movement of DNS envelope. 6. Refer only to the last line of DNS events. Answer the following questions: a. What are the source and destination IP addresses (last DNS event)? _________________________________________________ 19
    • b. What are the source and destination ports?_________________________________________________c. What is the transport layer protocol of the DNS events?_________________________________________________d. What is the most important value of DNS query?_________________________________________________e. What is the most important value of DNS answer?_________________________________________________ 20
    • AppendixICMP (Internet Control Message Protocol) HeaderICMP messages generally contain information about routing difficulties with IP datagrams orsimple exchanges such as time-stamp or echo transactions.The ICMP header structure is shown as follows (blue portion only):Type and Code Type Code Description 0 Echo reply. 3 Destination unreachable. 3 0 Network unreachable. 3 1 Host unreachable. 3 2 Protocol unreachable. 3 3 Port unreachable. 3 4 Fragmentation needed and DF set. 3 5 Source route failed. 4 Source quench. 5 Redirect. 5 0 Redirect datagrams for the network. 5 1 Redirect datagrams for the host. 5 2 Redirect datagrams for the type of service & network. 5 3 Redirect datagrams for the type of service & host. 8 Echo request 11 Time exceeded. 11 0 Time to live exceeded in transit. 11 1 Fragment reassemble time exceeded. 12 Parameter problem. 13 Timestamp. 14 Timestamp reply. 15 Information request. 16 Information reply.Checksum 21
    • This field contains error checking data calculated from the ICMP header+data, with value 0 forthis field. When the checksum is computed, the checksum field should first be cleared to 0.When the data packet is transmitted, the checksum is computed and inserted into this field. Whenthe data packet is received, the checksum is again computed and verified against the checksumfield. If the two checksums do not match then an error has occurred.IdentifierAn identifier to aid in matching requests/replies; may be zero. This field contains an ID value,should be returned in case of ECHO REPLY.Sequence numberSequence number to aid in matching requests/replies. This field contains a sequence value,should be returned in case of ECHO REPLY.IP (Internet Protocol) HeaderThe Internet Protocol (IP), is the routing layer datagram service of the TCP/IP suite. All otherprotocols within the TCP/IP suite, except ARP and RARP, use IP to route frames from host tohost. The IP frame header contains routing information and control information associated withdatagram delivery.The IP header structure is as follows (blue portion only):VersionVersion field indicates the format of the Internet header. Version Description 0 reserved 4 IPv4, Internet Protocol version 4 5 ST, ST Datagram Mode. 6 IPv6, Internet Protocol version 6 7 TP/IX, The Next Internet. 8 PIP, The P Internet Protocol. 22
    • IHL (Header Length)Internet header length is the length of the Internet header in 32-bit words. Points to the beginningof the data. The minimum value for a correct header is 5. Any value contained in the half-word(4 bits) has to be multiplied by 4 in order to get the true value of header length (e.g. a value of 5is 5*4=20 bytes).Type of serviceIndicates the quality of service desired. Networks may offer service precedence, meaning thatthey accept traffic only above a certain precedence at times of high load. There is a three-waytrade-off between low delay, high reliability and high throughput.Bits 0-2: Precedence111 Network control.110 Internetwork control.101 CRITIC/ECP.100 Flash override.011 Flash.010 Immediate.001 Priority.000 Routine.Bit 3: Delay0 Normal delay.1 Low delay.Bit 4: Throughput0 Normal throughput.1 High throughput.Bit 5: Reliability0 Normal reliability.1 High reliability.Bits 6-7: Reserved for future use.Total lengthLength of the datagram measured in bytes, including the Internet header and data. This fieldallows the length of a datagram to be up to 65,535 bytes, although such long datagrams areimpractical for most hosts and networks.IdentificationIdentifying value assigned by the sender to aid in assembling the fragments of a datagram.Flags3 bits. Control flags of fragmentation: 23
    • Bit 0 is reserved and must be zeroBit 1: Don’t fragment bit:0 May fragment.1 Don’t fragment.Bit 2: More fragments bit:0 Last fragment.1 More fragments.Fragment offset13 bits. Indicates where this fragment belongs in the datagram. The fragment offset is measuredin units of 8 bytes (64 bits). The first fragment has offset zero.Time to liveIndicates the maximum time the datagram is allowed to remain in the Internet system. If thisfield contains the value zero, the datagram must be destroyed. This field is modified in Internetheader processing. The time is measured in units of seconds. However, since every module thatprocesses a datagram must decrease the TTL by at least one (even if it processes the datagram inless than 1 second), the TTL must be thought of only as an upper limit on the time a datagrammay exist. The intention is to cause undeliverable datagrams to be discarded and to bound themaximum datagram lifetime.ProtocolIndicates the next level protocol used in the data portion of the Internet datagram. The valueindicated in the following table is in decimal. The table only shows description of the first 48values of this protocol field. For values between 49 to 255, please refer to:http://www.networksorcery.com/enp/protocol/ip.htm#Protocol Value Description/Protocol 0 HOPOPT, IPv6 Hop-by-Hop Option. 1 ICMP, Internet Control Message Protocol. 2 IGAP, IGMP for user Authentication Protocol. IGMP, Internet Group Management Protocol. RGMP, Router-port Group Management Protocol. 3 GGP, Gateway to Gateway Protocol. 4 IP in IP encapsulation. 5 ST, Internet Stream Protocol. 6 TCP, Transmission Control Protocol. 7 UCL, CBT. 8 EGP, Exterior Gateway Protocol. 9 IGRP, Interior Gateway Routing Protocol. 10 BBN RCC Monitoring. 11 NVP, Network Voice Protocol. 12 PUP. 24
    • 13 ARGUS. 14 EMCON, Emission Control Protocol. 15 XNET, Cross Net Debugger. 16 Chaos. 17 UDP, User Datagram Protocol. 18 TMux, Transport Multiplexing Protocol. 19 DCN Measurement Subsystems. 20 HMP, Host Monitoring Protocol. 21 Packet Radio Measurement. 22 XEROX NS IDP. 23 Trunk-1. 24 Trunk-2. 25 Leaf-1. 26 Leaf-2. 27 RDP, Reliable Data Protocol. 28 IRTP, Internet Reliable Transaction Protocol. 29 ISO Transport Protocol Class 4. 30 NETBLT, Network Block Transfer. 31 MFE Network Services Protocol. 32 MERIT Internodal Protocol. 33 DCCP, Datagram Congestion Control Protocol. 34 Third Party Connect Protocol. 35 IDPR, Inter-Domain Policy Routing Protocol. 36 XTP, Xpress Transfer Protocol. 37 Datagram Delivery Protocol. 38 IDPR, Control Message Transport Protocol. 39 TP++ Transport Protocol. 40 IL Transport Protocol. 41 IPv6 over IPv4. 42 SDRP, Source Demand Routing Protocol. 43 IPv6 Routing header. 44 IPv6 Fragment header. 45 IDRP, Inter-Domain Routing Protocol. 46 RSVP, Reservation Protocol. 47 GRE, General Routing Encapsulation. 48 DSR, Dynamic Source Routing Protocol.Header checksumA checksum on the header only. Since some header fields change, e.g., Time To Live, this isrecomputed and verified at each point that the Internet header is processed.Source address / destination address32 bits each. The values contain source IP address and destination IP address. 25
    • DataNot included as header.ARP (Address Resolution Protocol) HeaderTCP/IP uses the Address Resolution Protocol (ARP) and the Reverse Address ResolutionProtocol (RARP) to initialize the use of Internet addressing on an Ethernet or other network thatuses its own media access control (MAC). ARP allows a host to communicate with other hostswhen only the Internet address of its neighbors is known. Before using IP, the host sends abroadcast ARP request containing the Internet address of the desired destination system.The ARP/RARP header structure is shown in the illustration below. ORHardware typeSpecifies a hardware interface type for which the sender requires a response. Value Description/Protocol 0 reserved. 1 Ethernet 2 Experimental Ethernet. 3 Amateur Radio AX.25. 26
    • 4 Proteon ProNET Token Ring. 5 Chaos. 6 IEEE 802. 7 ARCNET. 8 Hyperchannel. 9 Lanstar. 10 Autonet Short Address. 11 LocalTalk. 12 LocalNet (IBM PCNet or SYTEK LocalNET). 13 Ultra link. 14 SMDS. 15 Frame Relay. 16 ATM, Asynchronous Transmission Mode. 17 HDLC. 18 Fibre Channel. 19 ATM, Asynchronous Transmission Mode 20 Serial Line. 21 ATM, Asynchronous Transmission Mode. 22 MIL-STD-188-220. 23 Metricom. 24 IEEE 1394.1995. 25 MAPOS. 26 Twinaxial. 27 EUI-64. 28 HIPARP. 29 IP and ARP over ISO 7816-3. 30 ARPSec. 31 IPsec tunnel. 32 Infiniband. 33 CAI, TIA-102 Project 25 Common Air Interface. 34 Wiegand Interface. 35 Pure IP. 36 HW_EXP1Protocol typeSpecifies the type of high-level protocol address the sender has supplied. Value Description/Protocol 0x800 IPHardware Address Length (HLen)Hardware address length in bytes. (e.g. If this is Ethernet, the value should be 6)Protocol Address Length (PLen)Protocol address length in bytes. (e.g. If the protocol is IP, the value should be 4) 27
    • Operation or OpcodeThe values and descriptions are as follows: Value Description 1 ARP request. 2 ARP response. 3 RARP request. 4 RARP response. 5 Dynamic RARP request. 6 Dynamic RARP reply. 7 Dynamic RARP error. 8 InARP request. 9 InARP reply.Sender hardware addressAs the title indicates.Sender protocol addressAs the title indicates.Target hardware addressAs the title indicates.Target protocol addressAs the title indicates.Ethernet HeaderEthernet is a widely used data communications network standard developed by DEC, Intel, andXerox. It uses a bus topology and CMSA/CD access method. The terms Ethernet and the IEEE802.3 standard are often used interchangeably.The Ethernet header structure is shown in the illustration below (blue portion only).(without Preamble)(with Preamble) 28
    • PreambleThe Preamble consists of bytes all of the form 10101010, and is used by the receiver to allow itto establish bit synchronization. Preamble is only read and used by the NIC hardware. It has nomeaning for users, and Wireshark won’t show it.Destination address:The destination MAC address to be sent to.Source addressThe MAC address of the sender.Length/TypeIn this field of Ethernet protocol, if the value is between 0x0000 to 0x05dc, the value means thelength of the Ethernet frame. If the value is above 0x6000, the value indicates the next layerprotocol contained inside the frame. Type Description/Protocol 0x0000 to Length of the frame. 0x05dc 0x0600 XEROX NS IDP. 0x0660 DLOG. 0x0661 0x0800 IP, Internet Protocol. 0x0801 X.75 Internet. 0x0802 NBS Internet. 0x0803 ECMA Internet. 0x0804 Chaosnet. 0x0805 X.25 Level 3. 0x0806 ARP, Address Resolution Protocol. 0x0807 XNS compatability. 0x0808 Frame Relay ARP. 0x8035 DRARP, Dynamic RARP. RARP, Reverse Address Resolution Protocol 0x80F3 AARP, AppleTalk Address Resolution Protocol. 0x8100 EAPS, Ethernet Automatic Protection Switching. 0x8137 IPX, Internet Packet Exchange. 0x814c SNMP, Simple Network Management Protocol. 0x86dd IPv6, Internet Protocol version 6. 0x8808 MPCP, Multi-Point Control Protocol. 0x880b PPP, Point-to-Point Protocol. 0x880c GSMP, General Switch Management Protocol. 0x8847 MPLS, Multi-Protocol Label Switching (unicast). 0x8848 MPLS, Multi-Protocol Label Switching (multicast). 29
    • 0x8863 PPPoE, PPP Over Ethernet (Discovery Stage). 0x8864 PPPoE, PPP Over Ethernet (PPP Session Stage). 0x886f Network Load Balancing. 0x888e EAPOL, EAP over LAN. 0x88a2 AoE, ATA over Ethernet. 0x88ca TIPC, Transparent Inter Process Communication Protocol. 0x88bb LWAPP, Light Weight Access Point Protocol. 0x88cc LLDP, Link Layer Discovery Protocol. 0x88dc WSMP, WAVE Short Message Protocol.Data unit + pad (not included as header)The data itself.Frame Check SequenceThis field contains the Frame Check Sequence (FCS) which is calculated using a CyclicRedundancy Check (CRC). The FCS allows Ethernet to detect errors in the Ethernet frame andreject the frame if it appears damaged. Same as Preamble, the FCS is only read and used by NIChardware.UDP (User Datagram Protocol) HeaderThe User Datagram Protocol (UDP), , provides a simple, but unreliable message service fortransaction-oriented services. Each UDP header carries both a source port identifier anddestination port identifier, allowing high-level protocols to target specific applications andservices among hosts.The UDP header structure is shown as follows:Source portSource port is an optional field. When used, it indicates the port of the sending process and maybe assumed to be the port to which a reply should be addressed in the absence of any otherinformation. If not used, a value of zero is inserted.Destination portDestination port has a meaning within the context of a particular Internet destination address. 30
    • LengthThe length in octets of this user datagram, including this header and the data. The minimumvalue of the length is eight.ChecksumThe 16-bit one’s complement of the one’s complement sum of a pseudo header of informationfrom the IP header, the UDP header and the data, padded with zero octets at the end (if necessary)to make a multiple of two octets.DataUDP data field (not included as header).DNS (Domain Name Server) HeaderDHCP (Dynamic Host Control Protocol) HeaderThe Dynamic Host Configuration Protocol (DHCP) provides Internet hosts with configurationparameters. DHCP is an extension of BOOTP. DHCP consists of two components: a protocol fordelivering host-specific configuration parameters from a DHCP server to a host and amechanism for allocation of network addresses to hosts.The format of the header is shown in the following illustration: OR 31
    • OpcodeThe message operation code. Messages can be either BOOTREQUEST or BOOTREPLY. Value Description 1 DHCP Discover. 2 DHCP Offer 3 DHCP Request 5 DHCP AcknowledgeHardware TypeThe hardware type of DHCP is similar to hardware type of ARP. Value Description/Protocol 0 reserved. 1 Ethernet 2 Experimental Ethernet. 3 Amateur Radio AX.25. 4 Proteon ProNET Token Ring. 5 Chaos. 6 IEEE 802. 7 ARCNET. 8 Hyperchannel. 9 Lanstar. 10 Autonet Short Address. 11 LocalTalk. 12 LocalNet (IBM PCNet or SYTEK LocalNET). 13 Ultra link. 14 SMDS. 32
    • 15 Frame Relay. 16 ATM, Asynchronous Transmission Mode. 17 HDLC. 18 Fibre Channel. 19 ATM, Asynchronous Transmission Mode 20 Serial Line. 21 ATM, Asynchronous Transmission Mode. 22 MIL-STD-188-220. 23 Metricom. 24 IEEE 1394.1995. 25 MAPOS. 26 Twinaxial. 27 EUI-64. 28 HIPARP. 29 IP and ARP over ISO 7816-3. 30 ARPSec. 31 IPsec tunnel. 32 Infiniband. 33 CAI, TIA-102 Project 25 Common Air Interface. 34 Wiegand Interface. 35 Pure IP.Hardware address lengthThe hardware address length (8 bits).Hop count.This field is used by relay agents.Transaction ID.A random number chosen by the client, used by the client and server to associate messages andresponses between a client and a server.Number of seconds.The elapsed time in seconds since the client began an address acquisition or renewal process.Flags.Only the first bit of this 16 bits field is used. Indicate broadcast.Client IP address32 bits.Your IP address32 bits.Server IP address32 bits. 33
    • Gateway IP address32 bits.Client hardware address16 bytes.Server host name64 bytes.Boot filename128 bytes. 34