CAPTURING AND ANALYZING ETHERNET FRAMES With this activity,youwill useareal life illustration of the encapsulation processthatdemonstrateshow application datais packaged byprotocols ofthevariouscommunicationlayers priortobeing sentoverthenetwork This lab alsointroducesWireshark,a protocol analyzerusedduringthis course BACKGROUND Thesecondmoduleofthis courseaddressestheconceptoflayered communicationmodel,encapsulationandpeertopeercommunication Using a simple httpsession,this lab demonstrates how application datais segmented, than labeled bythevariousprotocols oftheTCP IP protocol stacktotravelacrossthe networkfromasourcetoa destination REQUIREMENTS To performthis lab,youneedWiresharkinstalled onyourPC (download availablefromhttps www wireshark org download html andaweb browser Answer all questions by entering the responses to the best of your knowledge in the red fields In this assignment it would be best to disable IPv6 temporarily Further information will be provided in the class You may verify whether you use IPv6 or not, by going to the following address https www whatismyip com Note that few ISP now assign IPv6 addresses to their clients STEP1 CAPTURE SETUP Makesure not touse the VPNduring this exercise It is recommended that disabled IPv6 temporarily Open a terminal (command line on windows) and type the following command ping 4 httpbin org The above command should display the IP address of server Hit Ctrl C to stop Write down the IP address in here Server's IP Address StartWiresharkandselect Options underthe Capture menu In the new window, click on Manage Interfaces and select only the interface used on your computer for Internet access Click OK Inthe Capture Interface window,mouse overtheactivenetworkinterface, locate and writedown theIPV4address in the followingfield The IPv4 address is in the format 999 999 999 999 Your IP V4 Address The Enable promiscuousmode on all interfaces option allows youtocapture all packetstravelingonthesharedsegment Forthis lab,deselectthis modesoonlythepacketssentspecifically fromortoyourcomputerwill becaptured Close the Option window Inthe capture filter field enterthefollowing information host This filter indicates thatyouwanttocapturepackets going to and coming from ahostwith thespecifiedIPaddress,in this caseaweb server Click onthe blue shark fin in the top menu to Start the capture,anewwindow should open STEP2 BROWSERSETUP Go to http httpbin org Make sure you use the http prefix If for some reason you don't see any HTTP frame (see question 11), make sure you delete your browser's cache and cookies, close your browser, and open a new one, and try the full address including the HTTP prefix Go backtotheWiresharkwindow The resultsofthecapture will appear Click onthe red square icon toterminatethecapture session If it doesn't work If the capture didn't work, review your capture settings, then clearyourcachetoremove thehttpfile alreadyonyourPC and try the entire procedure again STEP3 CAPTURE ANALYSIS FRAMETYPES How many frames did you capture Enter your answer here How many framescontain HTTP data Enter your answer here FRAMESTRUCTURE Selecttheframecontaining HTTP 1 1 200 OK in theinfofield 1 right click onit andselect Show packet in new window Observethedisplayed sections Youcanclick onthearrow signs toexpand eachfield Readthefollowing points andfill theblankswith the appropriateinformation Thefirstsectioncalled Frame is asummaryoftheframecreatedby Wireshark This informationdoesnottraveloverthenetwork Neither doesanyinformationappearingonlines startingwith an arrowsign Thesecondsectioncontainsinformationrelevanttothe Enter text layeroftheOSImodelandtothe Enter text layeroftheTCP IP suite Thethird sectioncontainsinformationrelevanttothe Enter text layeroftheOSImodelandtothe Enter text layeroftheTCP IP suite Thefourthsectioncontainsinformationrelevanttothe Enter text layeroftheOSImodelandtothe Enter text layeroftheTCP IP suite Thefifthsectioncontainsinformationrelevanttotheupperthreelayersof theOSImodel Enter text , Enter text and Enter text andtothe Enter text layeroftheTCP IP suite FRAMECONTENT(OSILAYER2) Click onthearrow sign toexpandthesecondsectionoftheframe(Ethernet II) Writedown thetwo addresses Address 1 and Address 2 (Use the numerical value) Whataretheseaddressescalled Address type Whatnumeralsystemdoesit use Numerical system Whichphysical devices 2 dotheycorrespondto Device 1 and Device 2 Whichlayer 2 standard is being used Standard name Closethesectionbyclicking onthearrow sign PACKET CONTENT(OSILAYER3) Click onthearrow sign toexpandthethird sectionoftheframe(Internet protocol) Writedown thetwo addresses Address 1 and Address 2 Whatare theseaddresses called Address type Whichdevices 1 dotheycorrespondto Device 1 and Device 2 Whichtransport protocol is the data intended to Protocol name Closethesectionbyclicking onthearrow sign SEGMENTCONTENT(OSILAYER4) Click onthearrow sign toexpandthefourthsectionoftheframe(TransmissionControl protocol) Writedown thetwo addresses Address 1 and Address 2 Whatare theseaddresses called Address type Whichapplication is the datacoming from Application name Whatis the size ofthe dataportion of this segment Data size Closethesectionbyclicking onthearrow sign andselectthelast frameof this session Whatis the size ofthe dataportion of this segment Data size APPLICATIONDATA(OSILAYERS5,6AND7) Close the Packet capture window and go back to the main capture page Using the same frame Click onthesectioncalled HypertextTransferProtocol This section containshtmlmeta data Inthebottomwindow, highlight thetext HTTP 1 1 Whatis the correspondinghexadecimalvalueofthelettersHTTP Enter value here Right click on the same value and select Show bytes as bits Whatis thebinaryvalueofthelettersHTTP Enter value here YoucanuseanASCIItableforhelp(http www asciitable com) STEP 4 SUMMARY List all the addressesappearing in TheEthernetheader Enter text TheNetworkheader Enter text TheTransportheader Enter text For each layer, you should indicate the source and destination addresses by type as well as the destination protocol STEP 5 HTTPS In item 9, you used http In this step, we want to try the https instead Repeat the above exercise, by typing the following address in your browser https httpbin org Go to Wireshark and observe the new frames Can you find the frame corresponding to the step 13 Enter text Why do you think you do not get a similar result Enter text 1 In case HTTP 1 1 200 OK is not found, you may look for HTTP 1 1 304 Not Modified or similar frames The format us HTTP 1 1 followed by a 3 digit code followed by a text message 2 PC, hub, switch, router, server

The Answer is in the image, click to view ...

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on May 20, 2024

CAPTURING AND ANALYZING ETHERNET FRAMES With this activity,youwill useareal-life illustration of the encapsulation processthatdemonstrateshow application datais packagedbyprotocols ofthevariouscommunicationlayers priortobeing sentoverthenetwork.This lab alsointroducesWireshark,a protocol analyzerusedduringthis course.

CAPTURING AND ANALYZING ETHERNET FRAMES

With this activity,youwill useareal-life illustration of the encapsulation processthatdemonstrateshow application datais "packaged"byprotocols ofthevariouscommunicationlayers priortobeing sentoverthenetwork.This lab alsointroducesWireshark,a protocol analyzerusedduringthis course.

BACKGROUND

Thesecondmoduleofthis courseaddressestheconceptoflayered communicationmodel,encapsulationandpeertopeercommunication.Using a simple httpsession,this lab demonstrates_how application datais segmented, than"labeled"bythevariousprotocols oftheTCP/IP protocol stacktotravelacrossthe networkfromasourcetoa destination.

REQUIREMENTS

To performthis lab,youneedWiresharkinstalled onyourPC (download availablefromhttps://www.wireshark.org/download.html andaweb browser. Answer all questions by entering the responses to the best of your knowledge in the red fields.

In this assignment it would be best to disable IPv6 temporarily. Further information will be provided in the class. You may verify whether you use IPv6 or not, by going to the following address:

https://www.whatismyip.com/

Note that few ISP now assign IPv6 addresses to their clients.

STEP1-CAPTURE SETUP

Makesure *not*touse the VPNduring this exercise. It is recommended that disabled IPv6 temporarily.
Open a terminal (command line on windows) and type the following command:

ping -4 httpbin.org

The above command should display the IP address of server. Hit Ctrl+C to stop.

Write down the IP address in here:Server's IP Address

StartWiresharkandselectOptions undertheCapturemenu.
In the new window, click on "Manage Interfaces" and select only the interface used on your computer for Internet access. Click OK.
IntheCapture Interfacewindow,mouse-overtheactivenetworkinterface, locate and writedown theIPV4address in the followingfield. The IPv4 address is in the format 999.999.999.999. Your IP V4 Address.
The"Enable promiscuousmode on all interfaces"option allows youtocapture all packetstravelingonthesharedsegment.Forthis lab,deselectthis modesoonlythepacketssentspecifically fromortoyourcomputerwill becaptured. Close the Option window.
Inthecapture filterfield enterthefollowing information:

host<>

This filter indicates thatyouwanttocapturepacketsgoing toandcoming fromahostwith thespecifiedIPaddress,in this caseaweb server.

Click onthe blue shark finin the top menu to Startthe capture,anewwindow should open.

STEP2-BROWSERSETUP

Go to http://httpbin.org/.

Make sure you use the "http" prefix. If for some reason you don't see any HTTP frame (see question 11), make sure you delete your browser's cache and cookies, close your browser, and open a new one, and try the full address including the HTTP prefix.

Go backtotheWiresharkwindow. The resultsofthecapture will appear.Click onthe red square icontoterminatethecapture session.

If it doesn't work

If the capture didn't work, review your capture settings, then clearyourcachetoremove thehttpfile alreadyonyourPC and try the entire procedure again.

STEP3-CAPTURE ANALYSIS

FRAMETYPES

How many frames did you captureEnter your answer here?
How many framescontain HTTP data?Enter your answer here.

FRAMESTRUCTURE

Selecttheframecontaining"HTTP/1.1 200 OK"in theinfofield[1]. right-click onit andselectShow packet in new window.
Observethedisplayed sections.Youcanclick onthearrow signs toexpand eachfield.Readthefollowing points andfill theblankswith the appropriateinformation.
Thefirstsectioncalled Frame[#] is asummaryoftheframecreatedby Wireshark.This informationdoesnottraveloverthenetwork.Neither doesanyinformationappearingonlines startingwith an arrowsign.
Thesecondsectioncontainsinformationrelevanttothe Enter text layeroftheOSImodelandtothe Enter text layeroftheTCP/IP suite.
Thethird sectioncontainsinformationrelevanttothe Enter text layeroftheOSImodelandtothe Enter text layeroftheTCP/IP suite.
Thefourthsectioncontainsinformationrelevanttothe Enter text layeroftheOSImodelandtothe Enter text layeroftheTCP/IP suite.
Thefifthsectioncontainsinformationrelevanttotheupperthreelayersof theOSImodel Enter text, Enter text and Enter text andtothe Enter textlayeroftheTCP/IP suite.

FRAMECONTENT(OSILAYER2)

Click onthearrow sign toexpandthesecondsectionoftheframe(Ethernet II).Writedown thetwo addresses:Address 1andAddress 2 (Use the numerical value).
Whataretheseaddressescalled?Address type.
Whatnumeralsystemdoesit use?Numerical system.
Whichphysical devices[2]dotheycorrespondto?Device 1 andDevice 2.
Whichlayer 2 standard is being used?Standard name.
Closethesectionbyclicking onthearrow sign.

PACKET CONTENT(OSILAYER3)

Click onthearrow sign toexpandthethird sectionoftheframe(Internet protocol).Writedown thetwo addresses:Address 1and Address 2.
Whatare theseaddresses called? Address type.
Whichdevices¹dotheycorrespondto? Device 1and Device 2.
Whichtransport protocol is the data intended to? Protocol name
Closethesectionbyclicking onthearrow sign

SEGMENTCONTENT(OSILAYER4)

Click onthearrow sign toexpandthefourthsectionoftheframe(TransmissionControl protocol).
Writedown thetwo addresses: Address 1 and Address 2.
Whatare theseaddresses called? Address type
Whichapplication is the datacoming from?Application name
Whatis the size ofthe dataportion of this segment?Data size
Closethesectionbyclicking onthearrow sign andselectthelast frameof this session.
Whatis the size ofthe dataportion of this segment?Data size

APPLICATIONDATA(OSILAYERS5,6AND7)

Close the Packet capture window and go back to the main capture page. Using the same frame:

Click onthesectioncalled "HypertextTransferProtocol".This section containshtmlmeta-data
Inthebottomwindow, highlight thetext"HTTP/1.1.
Whatis the correspondinghexadecimalvalueofthelettersHTTP. Enter value here
Right-click on the same value and select "Show bytes as bits". Whatis thebinaryvalueofthelettersHTTP. Enter value here

YoucanuseanASCIItableforhelp(http://www.asciitable.com).

STEP 4 - SUMMARY

List all the addressesappearing in:

TheEthernetheader:Enter text
TheNetworkheader:Enter text
TheTransportheader:Enter text

For each layer, you should indicate the source and destination addresses by type as well as the destination protocol.

STEP 5 - HTTPS

In item 9, you used http. In this step, we want to try the https instead.

Repeat the above exercise, by typing the following address in your browser:

https://httpbin.org/.

Go to Wireshark and observe the new frames.

Can you find the frame corresponding to the step 13?Enter text
Why do you think you do not get a similar result?Enter text

[1] In case HTTP/1.1 200 OK is not found, you may look for "HTTP/1.1 304 Not Modified" or similar frames. The format us HTTP/1.1 followed by a 3-digit code followed by a text message.

[2] PC, hub, switch, router, server.