**資科三 109703035 莊彩彥**
# Lab 6 (IP)
## Lab 6 - 1
Select the first ICMP Echo Request message sent by your computer, and expand the Internet Protocol part of the packet in the packet details window. What is the IP address of your computer?
:::info
140.119.130.22
:::
## Lab 6 - 2
Within the IP packet header, what is the value in the upper layer protocol field?
:::info
ICMP (0x01)
:::
## Lab 6 - 3
How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes.
:::info
There are 20 bytes in the IP header, and 56 bytes total length, this gives 36 bytes in the payload of the IP datagram.
:::
## Lab 6 - 4
Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented
:::info
The more fragment bit is not set so the data is not fragment.
:::
## Lab 6 - 5
Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer
:::info
Identification, TTL, Header checksum
:::
## Lab 6 - 6
Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why?
:::info
1. Must stay constant
。version (IPv4)
。header length (ICMP packets)
。source IP
。destination IP
。Differentiated Service (all packet use ICMP so use the same types of service)
。Upper Layer protocol (Since they are ICMP packets)
2. Must change
。Identification (IP packets must have different ids)
。Time to live (traceroute incremnts each subsequent packet)
。Header checksum (since header changes, somust checksum)
:::
## Lab 6 - 7
Describe the pattern you see in the values in the Identification field of the IP datagram
:::info
The pattern is that IPheader Identification fields incrementwith each ICMP Echo (ping) request.
:::
## Lab 6 - 8
What is the value in the Identification field and the TTL field?
:::info
Identification: 0xa186 (41350)
TTL: 255
:::
## Lab 6 - 9
Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router? Why?
:::info
* The identification field changes for all the ICMP TTL-exceeded replies because the identification field is a unique value. When two or more IP datagrams have the same identification value, then it means that these IP datagrams are fragments of a single large IP datagram
* The TTL field remains unchanged because the TTL for the first hop router is always the same.
:::
## Lab 6 - 10
Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 2000. Has that message been fragmented across more than one IP datagram?
:::info
Yes, this packet has been fragmented across more than one IP datagram.
:::
## Lab 6 - 11
Print out the first fragment of the fragmented IP datagram. What information in the IP header indicates that the datagram been fragmented? What information in the IP header indicates whether this is the first fragment versus a latter fragment? How long is this IP datagram?
:::info
1. the more fragment field is 1
2. the fragment offset is 0
:::
## Lab 6 - 12
Print out the second fragment of the fragmented IP datagram. What information in the IP header indicates that this is not the first datagram fragment? Are the more fragments?
How can you tell?
:::info
1. the fragment offset is not 0
2. no more fragment
:::
## Lab 6 - 13
What fields change in the IP header between the first and second fragment?
:::info
1. total length
2. the more fragment field
3. fragment offset
4. checksum
first:
second:
:::
# Lab 7 (NAT)
## Lab 7 - 1
What is the IP address of the client?
:::info
192.168.1.100
:::
## Lab 7 - 2
Consider now the HTTP GET sent from the client to the Google server (whose IP address is IP address 64.233.169.104) at time 7.109267. What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP GET?
:::info
src: 192.168.1.100, 4335
dst: 64.233.169.104, 80
:::
## Lab 7 - 3
At what time is the corresponding 200 OK HTTP message received from the Google server?
:::info
7.158797
:::
What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP 200 OK message?
:::info
src: 64.233.169.104, 80
dst: 192.168.1.100, 4335
:::
## Lab 7 - 4
Recall that before a GET command can be sent to an HTTP server, TCP must first set up a connection using the three-way SYN/ACK handshake. At what time is the client-to-server TCP SYN segment sent that sets up the connection used by the GET sent at time 7.109267?
:::info
7.07567
:::
What are the source and destination IP addresses and source and destination ports for the TCP SYN segment?
:::info
src: 192.168.1.100 , 4335
dst: 64.233.169.104 , 80
:::
What are the source and destination IP addresses and source and destination ports of the ACK sent in response to the SYN.
:::info
src: 64.233.169.104 , 80
dst: 192.168.1.100 , 4335
:::
At what time is this ACK received at the client? (Note: to find these segments you will need to clear the Filter expression you entered above in step 2. If you enter the filter “tcp”, only TCP segments will be displayed by Wireshark)
:::info
7.108986
:::
## Lab 7 - 5
In the NAT_ISP_side trace file, find the HTTP GET message was sent from the client to the Google server at time 7.109267 (where t=7.109267 is time at which this was sent as recorded in the NAT_home_side trace file). At what time does this message appear in the NAT_ISP_side trace file?
:::info
6.069168
可以看identification 都是02xa2ac(41644)
:::
What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP GET (as recording in the NAT_ISP_side trace file)?
:::info
src: 71.192.34.104, 4335
dst: 64.233.169.104, 80
:::
Which of these fields are the same, and which are different, than in your answer to question 7-2 above?
:::info
Only source IP has changed.
home_side
isp_side
:::
## Lab 7 - 6
Are any fields in the HTTP GET message changed?
:::info
No.
:::
Which of the following fields in the IP datagram carrying the HTTP GET are changed: Version, Header Length, Flags, Checksum. If any of these fields have changed, give a reason (in one sentence) stating why this field needed to change
:::info
Version : No
Header Length : No
Flags : No
Checksum : Yes(Only the checksum has changed because source ip has changed.)
:::
## Lab 7 - 7
In the NAT_ISP_side trace file, at what time is the first 200 OK HTTP message received from the Google server?
:::info
6.117570
:::
What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP 200 OK message?
:::info
src: 64.233.169.104 , 80
dst: 71.192.34.104 ,4335
:::
Which of these fields are the same, and which are different than your answer to question 7-3 above?
:::info
Only destination IP has changed.
home_side
isp_side
:::
## Lab 7 - 8
In the NAT_ISP_side trace file, at what time were the client-to-server TCP SYN segment and the server-to-client TCP ACK segment corresponding to the segments in question 7-4 above captured?
:::info
**client to server TCP SYN segment : 6.035475**
Identification是0Xa2aa
**server-to-client TCP ACK segment : 6.067775**
Identification是0xf61a
:::
What are the source and destination IP addresses and source and destination ports for these two segments?
:::info
For SYN, src: 71.192.34.104 ,4335, dst: 64.233.169.104, 80
For ACK, src: 64.233.169.104, 80, dst: 71.192.34.104 ,4335
:::
Which of these fields are the same, and which are different than your answer to question 7-4 above?
:::info
For SYN, the source IP address has changed .
For the ACK, the destination IP address has changed.
The port numbers are unchanged.
:::
## Lab 7 - 9
Using your answers to 1-8 above, fill in the NAT translation table entries for HTTP connection considered in questions 1-8 above.
:::info
| WAN side | LAN side |
| -------- | -------- |
| 71.192.34.104 ,4335 | 192.168.1.100 ,4335 |
:::
# Lab 8 (ICMP)
## Lab 8 - 1
What is the IP address of your host? What is the IP address of the destination host?
:::info
Source: 140.119.130.22
Destination IP: 143.89.12.34
:::
## Lab 8 - 2
Why is it that an ICMP packet does not have source and destination port numbers?
:::info
Since ICMP is design for network layer.
:::
## Lab 8 - 3
Examine one of the ping request packets sent by your host. What are the ICMP type and code numbers?
:::info
ICMP Type: 8(Echo(ping) request)
Code:0
:::
What other fields does this ICMP packet have?How many bytes are the checksum, sequence number and identifier fields?
:::info
checksum (2 bytes), identifier, sequence number (2 bytes), and data field.
:::
## Lab 8 - 4
Examine the corresponding ping reply packet. What are the ICMP type and code numbers?
:::info
Type is 0.
Code is 0.
:::
What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?
:::info
checksum (2 bytes), identifier, sequence number (2 bytes), and data field.
:::
## Lab 8 - 5
What is the IP address of your host? What is the IP address of the target destination host?
:::info
Source IP: 140.119.130.22
Destination IP: 143.89.12.134
:::
## Lab 8 - 6
If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for the probe packets? If not, what would it be?
:::info
No. If ICMP sent UDP packets instead , the IP protocol number should be 0x11
:::
## Lab 8 - 7
Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping query packets in the first half of this lab? If yes, how so?
:::info
First ICMP Lab:
Secod ICMP Lab:
欄位一樣但值不一樣
:::
## Lab 8 - 8
Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo packet. What is included in those fields?
:::info
ICMP echo packet:
ICMP Erro packet:
The ICMP erro packet is not the same as the query packets. It contains both the IP header and the first 8 bytes of the original ICMP packet that the error is for.
:::
## Lab 8 - 9
Examine the last three ICMP packets received by the source host. How are these packets different from the ICMP error packets? Why are they different?
:::info
ICMP echo packet:
ICMP Erro packet:
The last three ICMP packets are message type 0(echo reply) rather than 11 (TTL expired). They are different because the datagrams have made it all the way to the destination host before the TTL expired.
:::
# Lab 9 (Ethernet and ARP)
## Lab 9 - 1
What is the 48-bit Ethernet address of your computer?
:::info
MAC address: B4:A9:FC:AE:F1:AA
:::
## Lab 9 - 2
What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of gaia.cs.umass.edu? What device has this as its Ethernet address?
:::info
The destination address is E0:89:9D:03:1E:FE.
No, it is not the Ethernet address of gaia.cs.umassedu.
It is the address of my home router, which is the link used to get off the subnet.(MAC address is same)
:::
## Lab 9 - 3
Give the hexadecimal value for the two-byte Frame type field. What upper layer protocol does this correspond to?
:::info
Hexadecimal value is 0x800
Upper layer protocol is IP.
:::
## Lab 9 - 4
How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear in the Ethernet frame?
:::info
Ethernet: 14 byte
IPv4: 20 byte
TCP: 20 byte
總共54 byte
:::
## Lab 9 - 5
What is the value of the Ethernet source address? Is this the address of your computer, or of gaia.cs.umass.edu?
:::info
The source address is neither the Ethernet address of gaia.cs.umass.edu (http://gaia.cs.umass.edu) nor the addressof my computer. It is the address of my home router ,which is the link used to get onto my subnet.
:::
## Lab 9 - 6
What is the destination address in the Ethernet frame? Is this the Ethernet address of your computer?
:::info
The destination address is the address of my computer.
:::
## Lab 9 - 7
Give the hexadecimal value for the two-byte Frame type field. What upper layer protocol does this correspond to?
:::info
Hexadecimal value is 0x800
Upper layer protocol is IPv4.
:::
## Lab 9 - 8
How many bytes from the very start of the Ethernet frame does the ASCII “O” in “OK” (i.e., the HTTP response code) appear in the Ethernet frame?
:::info
Ethernet: 14 byte
IPv4: 20 byte
TCP: 20 byte
總共54 byte
13 byte+ 54 byte= 67 byte
有67 byte 在OK的O之前
:::
## Lab 9 - 9
Write down the contents of your computer’s ARP cache. What is the meaning of each column value?
:::info
The Internet Address column contains the IP address, the Physical Address column contains the MAC address, and the type indicates the protocol type.
:::
## Lab 9 - 10
What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP request message?
:::info
The hex value for the source address is b4:a9:fc:ae:f1:aa . The hex value for the destination address is e0:89:9d:03:1e:fe, the Cisco_03:1e:fe address.
:::
## Lab 9 - 11
Give the hexadecimal value for the two-byte Ethernet Frame type field. What upper layer protocol does this correspond to?
:::info
The hex value for the Ethernet Frame type field is 0x086, for ARP.
:::
## Lab 9 - 12
Download the ARP specification from ftp://ftp.rfc-editor.org/in-notes/std/std37.txt. A readable, detailed discussion of ARP is also at http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html.
a. How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin?
:::info
The ARP opcode field begin 20 bytes from the very beginning of the Ethernet frame
(Ethernet 14 bytes, Hardware tyoe 2 bytes, Protocol type 2 bytes, Hardware size 1 byte, Protocol size 1 byte.)
:::
b. What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP request is made?
:::info
The hex value for opcode field withing the ARP-payload of the request is 0x0001, for request.
:::
c. Does the ARP message contain the IP address of the sender?
:::info
Yes, the ARP message containing the IP address 140.119.130.22 for the sender.
:::
d. Where in the ARP request does the “question” appear – the Ethernet address of the machine whose corresponding IP address is being queried?
:::info
The field " Target MAC address " is set to e0:89:9d:03:1e:fe to question the machine whose corresponding IP address (140.119.130.254) is being queried.
:::
# Lab10 (DHCP)
## Lab 10 - 1
Are DHCP messages sent over UDP or TCP?
:::info
UDP
:::
## Lab 10 - 2
Draw a timing datagram illustrating the sequence of the first four-packet Discover/Offer/Request/ACK DHCP exchange between the client and server. For each packet, indicated the source and destination port numbers. Are the port numbers the same as in the example given in this lab assignment?
:::info
:::
## Lab 10 - 3
What is the link-layer (e.g., Ethernet) address of your host?
:::info
00:08:74:4f:36:23
:::
## Lab 10 - 4
What values in the DHCP discover message differentiate this message from the DHCP request message?
:::info
The value which differenriate the Discover message from the Request message are in "Option 53: DHCP Message Type".
Discover:
Request:
:::
## Lab 10 - 5
What is the value of the Transaction-ID in each of the first four (Discover/Offer/Request/ACK) DHCP messages?
:::info
Transaction ID: 0x3e5e0ce3
:::
What are the values of the Transaction-ID in the second set (Request/ACK) set of DHCP messages?
:::info
Transaction ID: 0x257e55a3
:::
What is the purpose of the Transaction-ID field?
:::info
Transaction ID is used so that the DHCP server can differentiate between client request during the request process.
:::
## Lab 10 - 6
A host uses DHCP to obtain an IP address, among other things. But a host’s IP address is not confirmed until the end of the four-message exchange! If the IP address is not set until the end of the four-message exchange, then what values are used in the IP datagrams in the four-message exchange? For each of the four DHCP messages (Discover/Offer/Request/ACK DHCP), indicate the source and destination IP addresses that are carried in the encapsulating IP datagram.
:::info
The DHCP client and server both use 255.255.255.255 as the destination address. The client uses source IP address 0.0.0.0, while the server uses its actual IP address as the source.
:::
## Lab 10 - 7
What is the IP address of your DHCP server?
:::info
192.168.1.1
:::
## Lab 10 - 8
What IP address is the DHCP server offering to your host in the DHCP Offer message? Indicate which DHCP message contains the offered DHCP address.
:::info
:::
## Lab 10 - 9
What values in the trace indicate the absence of a relay agent? Is there a relay agent in your experiment? If so what is the IP address of the agent?
:::info
The "Rely agent IP address" is 0.0.0.0, which indicates thatthere is no DHCP Relay used. There was no Relat Agent used in my experient.
:::
## Lab 10 - 10
Explain the purpose of the router and subnet mask lines in the DHCP offer message.
:::info
The router line indicates to the client what its default gateway should be. The subnet mask line tells the client which subnet mask it should use.
:::
## Lab 10 - 11
In the DHCP trace file noted in footnote 2, the DHCP server offers a specific IP address to the client (see also question 8. above). In the client’s response to the first server OFFER message, does the client accept this IP address? Where in the client’s RESPONSE is the client’s requested address?
:::info
In my experience, the host requests the offered IP address in the DHCP Requset message.
:::
## Lab 10 - 12
Explain the purpose of the lease time. How long is the lease time in your experiment?
:::info
1 day
:::
## Lab 10 - 13
What is the purpose of the DHCP release message? Does the DHCP server issue an acknowledgment of receipt of the client’s DHCP request? What would happen if the client’s DHCP release message is lost?
:::info
The client sends a DHCP Release message t ocancel its lease on the IP address given to it by the DHCP server. The DHCP server does not send a message back to client acknowledging the DHCP Release message. If the DHCP Release messages from the client is lost, the DHCP server would have to wait until the lease period is over for that IP address until it could reuse it for another client.
:::
## Lab 10 - 14
Clear the bootp filter from your Wireshark window. Were any ARP packets sent or received during the DHCP packet-exchange period? If so, explain the purpose of those ARP packets.
:::info
Yes, there are ARP requests made by the DHCP server. Before offering an IP address tp a client, the DHCP server issues anARP request for the offered IP to make sure the IP address is not already in use byanother worksheet.
:::**資科三 109703035 莊彩彥**
# Lab 6 (IP)
## Lab 6 - 1
Select the first ICMP Echo Request message sent by your computer, and expand the Internet Protocol part of the packet in the packet details window. What is the IP address of your computer?
:::info
140.119.130.22
:::
## Lab 6 - 2
Within the IP packet header, what is the value in the upper layer protocol field?
:::info
ICMP (0x01)
:::
## Lab 6 - 3
How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes.
:::info
There are 20 bytes in the IP header, and 56 bytes total length, this gives 36 bytes in the payload of the IP datagram.
:::
## Lab 6 - 4
Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented
:::info
The more fragment bit is not set so the data is not fragment.
:::
## Lab 6 - 5
Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer
:::info
Identification, TTL, Header checksum
:::
## Lab 6 - 6
Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why?
:::info
1. Must stay constant
。version (IPv4)
。header length (ICMP packets)
。source IP
。destination IP
。Differentiated Service (all packet use ICMP so use the same types of service)
。Upper Layer protocol (Since they are ICMP packets)
2. Must change
。Identification (IP packets must have different ids)
。Time to live (traceroute incremnts each subsequent packet)
。Header checksum (since header changes, somust checksum)
:::
## Lab 6 - 7
Describe the pattern you see in the values in the Identification field of the IP datagram
:::info
The pattern is that IPheader Identification fields incrementwith each ICMP Echo (ping) request.
:::
## Lab 6 - 8
What is the value in the Identification field and the TTL field?
:::info
Identification: 0xa186 (41350)
TTL: 255
:::
## Lab 6 - 9
Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router? Why?
:::info
* The identification field changes for all the ICMP TTL-exceeded replies because the identification field is a unique value. When two or more IP datagrams have the same identification value, then it means that these IP datagrams are fragments of a single large IP datagram
* The TTL field remains unchanged because the TTL for the first hop router is always the same.
:::
## Lab 6 - 10
Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 2000. Has that message been fragmented across more than one IP datagram?
:::info
Yes, this packet has been fragmented across more than one IP datagram.
:::
## Lab 6 - 11
Print out the first fragment of the fragmented IP datagram. What information in the IP header indicates that the datagram been fragmented? What information in the IP header indicates whether this is the first fragment versus a latter fragment? How long is this IP datagram?
:::info
1. the more fragment field is 1
2. the fragment offset is 0
:::
## Lab 6 - 12
Print out the second fragment of the fragmented IP datagram. What information in the IP header indicates that this is not the first datagram fragment? Are the more fragments?
How can you tell?
:::info
1. the fragment offset is not 0
2. no more fragment
:::
## Lab 6 - 13
What fields change in the IP header between the first and second fragment?
:::info
1. total length
2. the more fragment field
3. fragment offset
4. checksum
first:
second:
:::
# Lab 7 (NAT)
## Lab 7 - 1
What is the IP address of the client?
:::info
192.168.1.100
:::
## Lab 7 - 2
Consider now the HTTP GET sent from the client to the Google server (whose IP address is IP address 64.233.169.104) at time 7.109267. What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP GET?
:::info
src: 192.168.1.100, 4335
dst: 64.233.169.104, 80
:::
## Lab 7 - 3
At what time is the corresponding 200 OK HTTP message received from the Google server?
:::info
7.158797
:::
What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP 200 OK message?
:::info
src: 64.233.169.104, 80
dst: 192.168.1.100, 4335
:::
## Lab 7 - 4
Recall that before a GET command can be sent to an HTTP server, TCP must first set up a connection using the three-way SYN/ACK handshake. At what time is the client-to-server TCP SYN segment sent that sets up the connection used by the GET sent at time 7.109267?
:::info
7.07567
:::
What are the source and destination IP addresses and source and destination ports for the TCP SYN segment?
:::info
src: 192.168.1.100 , 4335
dst: 64.233.169.104 , 80
:::
What are the source and destination IP addresses and source and destination ports of the ACK sent in response to the SYN.
:::info
src: 64.233.169.104 , 80
dst: 192.168.1.100 , 4335
:::
At what time is this ACK received at the client? (Note: to find these segments you will need to clear the Filter expression you entered above in step 2. If you enter the filter “tcp”, only TCP segments will be displayed by Wireshark)
:::info
7.108986
:::
## Lab 7 - 5
In the NAT_ISP_side trace file, find the HTTP GET message was sent from the client to the Google server at time 7.109267 (where t=7.109267 is time at which this was sent as recorded in the NAT_home_side trace file). At what time does this message appear in the NAT_ISP_side trace file?
:::info
6.069168
可以看identification 都是02xa2ac(41644)
:::
What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP GET (as recording in the NAT_ISP_side trace file)?
:::info
src: 71.192.34.104, 4335
dst: 64.233.169.104, 80
:::
Which of these fields are the same, and which are different, than in your answer to question 7-2 above?
:::info
Only source IP has changed.
home_side
isp_side
:::
## Lab 7 - 6
Are any fields in the HTTP GET message changed?
:::info
No.
:::
Which of the following fields in the IP datagram carrying the HTTP GET are changed: Version, Header Length, Flags, Checksum. If any of these fields have changed, give a reason (in one sentence) stating why this field needed to change
:::info
Version : No
Header Length : No
Flags : No
Checksum : Yes(Only the checksum has changed because source ip has changed.)
:::
## Lab 7 - 7
In the NAT_ISP_side trace file, at what time is the first 200 OK HTTP message received from the Google server?
:::info
6.117570
:::
What are the source and destination IP addresses and TCP source and destination ports on the IP datagram carrying this HTTP 200 OK message?
:::info
src: 64.233.169.104 , 80
dst: 71.192.34.104 ,4335
:::
Which of these fields are the same, and which are different than your answer to question 7-3 above?
:::info
Only destination IP has changed.
home_side
isp_side
:::
## Lab 7 - 8
In the NAT_ISP_side trace file, at what time were the client-to-server TCP SYN segment and the server-to-client TCP ACK segment corresponding to the segments in question 7-4 above captured?
:::info
**client to server TCP SYN segment : 6.035475**
Identification是0Xa2aa
**server-to-client TCP ACK segment : 6.067775**
Identification是0xf61a
:::
What are the source and destination IP addresses and source and destination ports for these two segments?
:::info
For SYN, src: 71.192.34.104 ,4335, dst: 64.233.169.104, 80
For ACK, src: 64.233.169.104, 80, dst: 71.192.34.104 ,4335
:::
Which of these fields are the same, and which are different than your answer to question 7-4 above?
:::info
For SYN, the source IP address has changed .
For the ACK, the destination IP address has changed.
The port numbers are unchanged.
:::
## Lab 7 - 9
Using your answers to 1-8 above, fill in the NAT translation table entries for HTTP connection considered in questions 1-8 above.
:::info
| WAN side | LAN side |
| -------- | -------- |
| 71.192.34.104 ,4335 | 192.168.1.100 ,4335 |
:::
# Lab 8 (ICMP)
## Lab 8 - 1
What is the IP address of your host? What is the IP address of the destination host?
:::info
Source: 140.119.130.22
Destination IP: 143.89.12.34
:::
## Lab 8 - 2
Why is it that an ICMP packet does not have source and destination port numbers?
:::info
Since ICMP is design for network layer.
:::
## Lab 8 - 3
Examine one of the ping request packets sent by your host. What are the ICMP type and code numbers?
:::info
ICMP Type: 8(Echo(ping) request)
Code:0
:::
What other fields does this ICMP packet have?How many bytes are the checksum, sequence number and identifier fields?
:::info
checksum (2 bytes), identifier, sequence number (2 bytes), and data field.
:::
## Lab 8 - 4
Examine the corresponding ping reply packet. What are the ICMP type and code numbers?
:::info
Type is 0.
Code is 0.
:::
What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?
:::info
checksum (2 bytes), identifier, sequence number (2 bytes), and data field.
:::
## Lab 8 - 5
What is the IP address of your host? What is the IP address of the target destination host?
:::info
Source IP: 140.119.130.22
Destination IP: 143.89.12.134
:::
## Lab 8 - 6
If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for the probe packets? If not, what would it be?
:::info
No. If ICMP sent UDP packets instead , the IP protocol number should be 0x11
:::
## Lab 8 - 7
Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping query packets in the first half of this lab? If yes, how so?
:::info
First ICMP Lab:
Secod ICMP Lab:
欄位一樣但值不一樣
:::
## Lab 8 - 8
Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo packet. What is included in those fields?
:::info
ICMP echo packet:
ICMP Erro packet:
The ICMP erro packet is not the same as the query packets. It contains both the IP header and the first 8 bytes of the original ICMP packet that the error is for.
:::
## Lab 8 - 9
Examine the last three ICMP packets received by the source host. How are these packets different from the ICMP error packets? Why are they different?
:::info
ICMP echo packet:
ICMP Erro packet:
The last three ICMP packets are message type 0(echo reply) rather than 11 (TTL expired). They are different because the datagrams have made it all the way to the destination host before the TTL expired.
:::
# Lab 9 (Ethernet and ARP)
## Lab 9 - 1
What is the 48-bit Ethernet address of your computer?
:::info
MAC address: B4:A9:FC:AE:F1:AA
:::
## Lab 9 - 2
What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of gaia.cs.umass.edu? What device has this as its Ethernet address?
:::info
The destination address is E0:89:9D:03:1E:FE.
No, it is not the Ethernet address of gaia.cs.umassedu.
It is the address of my home router, which is the link used to get off the subnet.(MAC address is same)
:::
## Lab 9 - 3
Give the hexadecimal value for the two-byte Frame type field. What upper layer protocol does this correspond to?
:::info
Hexadecimal value is 0x800
Upper layer protocol is IP.
:::
## Lab 9 - 4
How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear in the Ethernet frame?
:::info
Ethernet: 14 byte
IPv4: 20 byte
TCP: 20 byte
總共54 byte
:::
## Lab 9 - 5
What is the value of the Ethernet source address? Is this the address of your computer, or of gaia.cs.umass.edu?
:::info
The source address is neither the Ethernet address of gaia.cs.umass.edu (http://gaia.cs.umass.edu) nor the addressof my computer. It is the address of my home router ,which is the link used to get onto my subnet.
:::
## Lab 9 - 6
What is the destination address in the Ethernet frame? Is this the Ethernet address of your computer?
:::info
The destination address is the address of my computer.
:::
## Lab 9 - 7
Give the hexadecimal value for the two-byte Frame type field. What upper layer protocol does this correspond to?
:::info
Hexadecimal value is 0x800
Upper layer protocol is IPv4.
:::
## Lab 9 - 8
How many bytes from the very start of the Ethernet frame does the ASCII “O” in “OK” (i.e., the HTTP response code) appear in the Ethernet frame?
:::info
Ethernet: 14 byte
IPv4: 20 byte
TCP: 20 byte
總共54 byte
13 byte+ 54 byte= 67 byte
有67 byte 在OK的O之前
:::
## Lab 9 - 9
Write down the contents of your computer’s ARP cache. What is the meaning of each column value?
:::info
The Internet Address column contains the IP address, the Physical Address column contains the MAC address, and the type indicates the protocol type.
:::
## Lab 9 - 10
What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP request message?
:::info
The hex value for the source address is b4:a9:fc:ae:f1:aa . The hex value for the destination address is e0:89:9d:03:1e:fe, the Cisco_03:1e:fe address.
:::
## Lab 9 - 11
Give the hexadecimal value for the two-byte Ethernet Frame type field. What upper layer protocol does this correspond to?
:::info
The hex value for the Ethernet Frame type field is 0x086, for ARP.
:::
## Lab 9 - 12
Download the ARP specification from ftp://ftp.rfc-editor.org/in-notes/std/std37.txt. A readable, detailed discussion of ARP is also at http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html.
a. How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin?
:::info
The ARP opcode field begin 20 bytes from the very beginning of the Ethernet frame
(Ethernet 14 bytes, Hardware tyoe 2 bytes, Protocol type 2 bytes, Hardware size 1 byte, Protocol size 1 byte.)
:::
b. What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP request is made?
:::info
The hex value for opcode field withing the ARP-payload of the request is 0x0001, for request.
:::
c. Does the ARP message contain the IP address of the sender?
:::info
Yes, the ARP message containing the IP address 140.119.130.22 for the sender.
:::
d. Where in the ARP request does the “question” appear – the Ethernet address of the machine whose corresponding IP address is being queried?
:::info
The field " Target MAC address " is set to e0:89:9d:03:1e:fe to question the machine whose corresponding IP address (140.119.130.254) is being queried.
:::
# Lab10
## Lab 10 - 1
Are DHCP messages sent over UDP or TCP?
:::info
UDP
:::
## Lab 10 - 2
Draw a timing datagram illustrating the sequence of the first four-packet Discover/Offer/Request/ACK DHCP exchange between the client and server. For each packet, indicated the source and destination port numbers. Are the port numbers the same as in the example given in this lab assignment?
:::info
:::
## Lab 10 - 3
What is the link-layer (e.g., Ethernet) address of your host?
:::info
00:08:74:4f:36:23
:::
## Lab 10 - 4
What values in the DHCP discover message differentiate this message from the DHCP request message?
:::info
The value which differenriate the Discover message from the Request message are in "Option 53: DHCP Message Type".
Discover:
Request:
:::
## Lab 10 - 5
What is the value of the Transaction-ID in each of the first four (Discover/Offer/Request/ACK) DHCP messages?
:::info
Transaction ID: 0x3e5e0ce3
:::
What are the values of the Transaction-ID in the second set (Request/ACK) set of DHCP messages?
:::info
Transaction ID: 0x257e55a3
:::
What is the purpose of the Transaction-ID field?
:::info
Transaction ID is used so that the DHCP server can differentiate between client request during the request process.
:::
## Lab 10 - 6
A host uses DHCP to obtain an IP address, among other things. But a host’s IP address is not confirmed until the end of the four-message exchange! If the IP address is not set until the end of the four-message exchange, then what values are used in the IP datagrams in the four-message exchange? For each of the four DHCP messages (Discover/Offer/Request/ACK DHCP), indicate the source and destination IP addresses that are carried in the encapsulating IP datagram.
:::info
The DHCP client and server both use 255.255.255.255 as the destination address. The client uses source IP address 0.0.0.0, while the server uses its actual IP address as the source.
:::
## Lab 10 - 7
What is the IP address of your DHCP server?
:::info
192.168.1.1
:::
## Lab 10 - 8
What IP address is the DHCP server offering to your host in the DHCP Offer message? Indicate which DHCP message contains the offered DHCP address.
:::info
:::
## Lab 10 - 9
What values in the trace indicate the absence of a relay agent? Is there a relay agent in your experiment? If so what is the IP address of the agent?
:::info
The "Rely agent IP address" is 0.0.0.0, which indicates thatthere is no DHCP Relay used. There was no Relat Agent used in my experient.
:::
## Lab 10 - 10
Explain the purpose of the router and subnet mask lines in the DHCP offer message.
:::info
The router line indicates to the client what its default gateway should be. The subnet mask line tells the client which subnet mask it should use.
:::
## Lab 10 - 11
In the DHCP trace file noted in footnote 2, the DHCP server offers a specific IP address to the client (see also question 8. above). In the client’s response to the first server OFFER message, does the client accept this IP address? Where in the client’s RESPONSE is the client’s requested address?
:::info
In my experience, the host requests the offered IP address in the DHCP Requset message.
:::
## Lab 10 - 12
Explain the purpose of the lease time. How long is the lease time in your experiment?
:::info
1 day
:::
## Lab 10 - 13
What is the purpose of the DHCP release message? Does the DHCP server issue an acknowledgment of receipt of the client’s DHCP request? What would happen if the client’s DHCP release message is lost?
:::info
The client sends a DHCP Release message t ocancel its lease on the IP address given to it by the DHCP server. The DHCP server does not send a message back to client acknowledging the DHCP Release message. If the DHCP Release messages from the client is lost, the DHCP server would have to wait until the lease period is over for that IP address until it could reuse it for another client.
:::
## Lab 10 - 14
Clear the bootp filter from your Wireshark window. Were any ARP packets sent or received during the DHCP packet-exchange period? If so, explain the purpose of those ARP packets.
:::info
Yes, there are ARP requests made by the DHCP server. Before offering an IP address tp a client, the DHCP server issues anARP request for the offered IP to make sure the IP address is not already in use byanother worksheet.
:::
Sign in with Wallet
Connect another wallet