Step 3: Ethernet Frame Structure—5POINTS To show your understanding of the Ether

Question

Step 3: Ethernet Frame Structure—5POINTS To show your understanding of the Ethernet frame format, draw a figure of the ping message that shows the position and size in bytes of the Ethernet header fields. Your figure can simply show the frame as a long, thin rectangle. The leftmost fields come first in the packet and are sent on the wire first. On this drawing, show the range of the Ethernet header and the Ethernet payload. Add a dashed box at the end to represent the 4-byte checksum; we know it is there even if Wireshark does not show us this field. To work out sizes, observe that when you click on a protocol block in the middle panel (the block itself, not the “+” expander) then Wireshark will highlight the bytes it corresponds to in the packet in the lower panel and display the length at the bottom of the window. You may also use the overall packet size shown in the Length column or Frame detail block. Turn-in: Hand in your drawing of an Ethernet frame.

Step 4: Scope of Ethernet Addresses—5POINTS Each Ethernet frame carries a source and destination address. One of these addresses is that of your computer. It is the source for frames that are sent, and the destination for frames that are received. But what is the other address? Assuming you pinged a remote Internet server, it cannot be the Ethernet address of the remote server because an Ethernet frame is only addressed to go within one LAN. Instead, it will be the Ethernet address of the router or default gateway, such as your AP in the case of 802.11. This is the device that connects your LAN to the rest of the Internet. In contrast, the IP addresses in the IP block of each packet do indicate the overall source and destination endpoints. They are your computer and the remote server. Draw a figure that shows the relative positions of your computer, the router, and the remote server. Label your computer and the router with their Ethernet addresses. Label your computer and the remote server with their IP addresses. Show where the Ethernet and the rest of the Internet fit on the drawing. Turn-in: Hand in your drawing.

Step 5: Broadcast Frames---5POINTS The trace that you gathered above captured unicast Ethernet traffic sent between a specific source and destination, e.g., your computer to the router. It is also possible to send multicast or broadcast Ethernet traffic, destined for a group of computers or all computers on the Ethernet, respectively. We can tell from the address whether it is unicast, multicast, or broadcast. Broadcast traffic is sent to a reserved Ethernet address that has all bits set to “1”. Multicast traffic is sent to addresses that have a “1” in the first bit sent on the wire; broadcast is a special case of multicast. Broadcast and multicast traffic is widely used for discovery protocols, e.g., a packet sent to everyone in an effort to find the local printer. Start a capture for broadcast and multicast Ethernet frames with a filter of “ether multicast”, wait up to 30 seconds to record background traffic, and then stop the capture. If you do not capture any packets with this filter then use the trace that we supplied. On most Ethernets, there is a steady chatter of background traffic as computers exchange messages to maintain network state, which is why we try to capture traffic without running any other programs. The capture filter of “ether multicast” will capture both multicast and broadcast Ethernet frames, but not regular unicast frames. You may have to wait a little while for these packets to be captured, but on most LANs with multiple computers you will see at least a packet every few seconds. Examine the multicast and broadcast packets that you captured, looking at the details of the source and destination addresses. Most likely one has the broadcast Ethernet address, as broadcast frames tend to be more common than multicast frames. Look at a broadcast frame to see what address is used for broadcast by Ethernet. Expand the Ethernet address fields of either broadcast or multicast frames to see which bit is set to distinguish broadcast/multicast or group traffic from unicast traffic. Answer the following questions: 1. What is the broadcast Ethernet address, written in standard form as Wireshark displays it? 2. Which bit of the Ethernet address is used to determine whether it is unicast or multicast/broadcast? CN5E Labs (1.0) © 2012 D. Wetherall 7 Turn-in: Hand in your answers to the above questions.

Explore on your own (IEEE 802.3)---5POINTS We encourage you to explore Ethernet on your own once you have completed this lab. As one possibility, recall that there are two types of Ethernet frame, IEEE 802.3 and DIX Ethernet. DIX is common and what we considered above, while IEEE 802.3 is rare. If you are rather lucky, you may see some IEEE 802.3 frames in the trace you have captured. If not, then there are some of these packets in the trace that we supplied. To search for IEEE 802.3 packets, enter a display filter (above the top panel of the Wireshark window) of “llc” (that was lowercase “LLC”) because the IEEE 802.3 format has the LLC protocol on top of it. LLC is also present on top of IEEE 802.11 wireless, but it is not present on DIX Ethernet.Have a look at the details of an IEEE 802.3 frame, including the LLC header. The figure shows the details for our trace. Observe that the Type field is now a Length field. In our example, the frame is short enough that there is also padding of zeros identified as a Trailer or Padding. The changes lead to a few questions for you to ponder:

1. How long are the combined IEEE 802.3 and LLC headers compared to the DIX Ethernet headers? You can use Wireshark to work this out. Note that the Trailer/Padding and Checksum may be shown as part of the header, but they come at the end of the frame.

2. How does the receiving computer know whether the frame is DIX Ethernet or IEEE 802.3? Hint: you may need to both use Wireshark to look at packet examples and read your text near where the Ethernet formats are described. 3. If IEEE 802.

3 has no Type field, then how is the next higher layer determined? Use Wireshark to look for the demultiplexing key. Turn-in: Your answers to the above questions

Explanation / Answer

1.

The IEEE 802.3 header is 14 bytes, the same as DIX Ethernet. (Both additionally have a trailer with a checksum and cushioning if necessary.) LLC includes another 3 bytes of headers for a sum of 17 bytes of headers.

2.

The DIX Ethernet Type field and IEEE 802.3 Length field are similarly situated. On the off chance that the esteem is under 0x600 (1536) at that point it is translated as a casing length. On the off chance that the esteem is bigger than 0x600 (1536) at that point it is translated as a Type esteem.

3.

IEEE 802.3 includes the LLC header promptly after the IEEE 802.3 header to pass on the following higher layer convention. LLC utilizes a solitary introductory byte called the DSAP (goal benefit passage) instead of the two bytes in the Type field.

Please hit LIKE if you find this answer helpful.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.