Try   HackMD

Activity: Ethernet Frame Analysis

Part I

Before performing the following tasks, make sure that your virtual switch setup, i.e. launch Virtualbox and boot all your VM's starting with the instructor router, followed by r1 and r2 and finally web and ws1.

Verify that traffic is traversing the bridge in r1.

  • Launch Wireshark
  • Select Capture from the toolbar, and in the dropdown select options.
  • In the dialog that pops up, select Virtualbox Host-Only Network #2 from the interface list
  • In the input box at the bottom of the dialog pane (labelled "Capture filter for selected interfaces:") type "ether multicast"
  • Click on Start. The capture will begin. Let it run for about a minute, then stop the capture

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

In the filter input box at the top of Wireshark window, type "stp" and press Enter

  • Select one of the filtered packets and examine it. Do you notice anything different in how Wireshark displays it?
  • What are the three fields of the ethernet header?
  • Examine the destination MAC address. Where did you see this address before?
  • Still looking at the destination MAC address, expand it and examine the contents inside. What type of address is it?
  • Similarly, examine the source MAC address. What are the characteristics of this address?

Part II

  • Log into each of web, ws1, r1 and r2 and flush the arp cache in each.
  • Run
    arp -n
    to display the arp entries
  • Run
    sudo ip -s -s neigh flush all
    to delete all entries in the cache
    • Alternatively you can delete entries individually by running
      sudo arp -d [ip_address]
  • In ws1, r1 and r2, execute a packet capture as follows:
    sudo tcpdump arp -w [capture_file_name]
    where [capture_file_name] is ws1_capture.pcap, r1_capture.pcap and r2_capture.pcap for ws1, r1 and r2 respectively
  • In web, send a few ping probes to ws1 and 8.8.8.8
  • Stop the captures
  • Copy the capture files to your host and examine them with Wireshark.
    • Create a folder on your host called "captures" in a suitable location, then in Powershell navigation to that folder just created.
    • In Powershell run:
      scp admin@[vm_ip_address]:[capture_file_name] ./
      to copy the specified capture file into the "captures" folder (if you ssh configuration is set up correctly, you can run something like scp r1:r1_capture.pcap ./ )
    • Alternatively, you may use sftp

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

The three capture files each contain ARP packets even though the ping probes were only send to ws1 and google name server. Why?

  • Select one of the ARP packet and examine its contents.
  • What is the destination MAC address? What type of address is it?
  • What is the value of the EtherType field?
  • Expand the contents of the ARP protocol:
    • What is the Protocol type? Why?
    • What is the Target MAC address? Notice anything unusual about it? Why?
Last changed by 
Yves Shema
0
497

Read more

ACIT 2620 Week One

week 1 Objectives: Overview of networking concepts and terminologies Layered networking model Project introduction Packet capture What is the internet?

Sep 3, 2024
Fetch API and local storage

Week 12 Objectives: Fetch API Local Storage Fetch API Allows making HTTP requests programmatically No page reloads

Mar 25, 2024
ACIT 1620 Week 11 Notes

Week 11 Objectives: Maniputating the DOMDOM structure DOM interfaces Event handling: Event target and event object

Mar 18, 2024
ACIT 1620 Week 6 notes

Week 6 Topics: Flexbox Grid Layout Media Queries Flexbox (or Flex Layout) Flexible layout context

Feb 12, 2024
Read more from Yves Shema
Published on HackMD