Lab 2 procedures

The interfaces of the machines in this lab are

Interface

machine and name Ethernet Address IPv4 Address

monitor eth0 52:54:00:88:8A:01 64.64.64.108/24

monitor eth1 52:54:00:E9:55:CA 10.100.1.254/24

monitor eth2 52:54:00:49:E1:21 10.100.2.254/24

Win10 (ws1) ethernet 52:54:00:A4:43:29 10.100.1.5/24

Linux (ws2) eth0 52:54:00:A5:73:04 10.100.2.5/24

The command ping 10.100.2.5 was run in a command window on the Windows workstation (ws1) This caused 4 ICMP echo request packets to be sent from ws1 to the Linux workstation (ws2). Each of these caused a ICMP echo reply to be sent from ws2 to ws1. A tcpdump processes captured all packets seen on the monitor eth1 interface and that data is the pcap you will download.

You will download this pcap file lab2.pcap (Provided in Canvas)

lab2.pcap -> http://users.cs.fiu.edu/~esj/cgs4285/labs/lab2.pcap

You will open this pcap file in Wireshark.

Questions to answer in the Lab report

Question 1 (2 points)

Identify a frame with a destination broadcast address in the lab2.pcap file. What is the source ethernet address of this packet?

1. 52:54:00:a4:43:29

Question 2 (2 points)

Identify a frame with a destination broadcast address in the lab2.pcap file. Use table above to identify the interface that transmitted this packet that was captured.

1. Win10 (ws1) ethernet

Question 3 (2 points)

In the frame following the frame from question 2, what were the source and destination ethernet addresses.

Ethernet II, Src: RealtekU_e9:55:ca (52:54:00:e9:55:ca), Dst: RealtekU_a4:43:29 (52:54:00:a4:43:29)

Address Resolution Protocol (reply) Question 4 (3 points)

Identify a frame with a destination broadcast address in the lab2.pcap file. What is the ethernet TYPE or LENGTH code? How do you know it is a TYPE or LENGTH? Yes, Wireshark will tell you, but how does Wireshark know? What is the implication of it it being type or length?

Question 5 (4 points)

Identify a frame with a source IP address of 10.100.2.5 in the lab2.pcap file. What is the source and destination Ethernet address of this frame? Which system and interface (from table above) sent this frame when it was captured? Was this system/interface the same as the system/interface that made the ping reply (Linux eth0)?

Question 6 (3 points)

Identify a frame with a destination ethernet address of 01:80:c2:00:00:00. (The top frame summary might identify this as "Spanning Tree for Bridges". What type of destination address is this? How do you know what type it is?

Question 7 (3 points)

Identify a frame with a destination ethernet address of 01:80:c2:00:00:00. What is the ethernet TYPE or LENGTH code. How do you know it is a TYPE or LENGTH? Yes, Wireshark will tell you, but how does Wireshark know? What is the implication of it it being type or length?

Question 8 (2 points)

Include in your report the ascii export all expanded output of the frame from Question 1.

Question 9 (2 points)

Include in your report the ascii export all expanded output of the frame from Question 5.

Question 10 (2 points)

Include in your report the ascii export all expanded output of the frame from Question 6.