Networking Laboratory Lab 0 (Sample Lab)

Peter Parker (pp1964)
Mary Jane Watson (mjw2093)

---------------------------------


Ex 1
-------
1. Attach the content of the file /proc/version to your lab report.

  ---> Key point : Attach the text content of the file into the lab report. Do not submit separate file. <---

--------------------------------------------------------------------------------------
Linux version 2.6.24-26-generic (buildd@vernadsky) (gcc version 4.2.4 (Ubuntu 4.2.4-1ubuntu3)) #1 SMP Tue Dec 1 18:37:31 UTC 2009
--------------------------------------------------------------------------------------



Ex 2(A)
-------
1. Include the wireshark output that shows ARP requests and replies between X and Y. 

  ---> Key point #1 : Text output of packet capture is included below. Do not submit separate pcap file. <---
  ---> Key point #2 : Make sure that only the relevant information is included in the output. <---                  

  ---> Hint: The question asked about requests and replies, not about the details of each ARP packet.
             Therefore, the following output shows only one-line summary of the ARP packets captured.
             The pcap file can be exported to text using File -> Export menu in wireshark. 

--------------------------------------------------------------------------------------
No.     Time        Source                Destination           Protocol Info
      8 0.208953    Cisco_26:9c:00        Broadcast             ARP      Who has 128.59.21.85?  Tell 128.59.16.1
     13 0.492413    Cisco_26:9c:00        Broadcast             ARP      Who has 128.59.17.0?  Tell 128.59.16.1
     14 0.576407    SunMicro_62:6a:39     Broadcast             ARP      Who has 128.59.16.30?  Tell 128.59.16.20
     17 0.776756    DellComp_23:cc:8d     Broadcast             ARP      Who has 128.59.16.129?  Tell 128.59.17.212
     28 1.478360    Cisco_26:9c:00        Broadcast             ARP      Who has 128.59.20.33?  Tell 128.59.16.1
     29 1.576337    SunMicro_62:6a:39     Broadcast             ARP      Who has 128.59.16.30?  Tell 128.59.16.20
--------------------------------------------------------------------------------------



Ex 2(B)
-------
1. What is the name of the command-line tool that captures packets? 

   tcpdump


2. Include the wireshark output and explain the fields in ARP. 

  ---> Key point : Make sure relevant information from the packet capture is included in the output. <---

  ---> Hint: The following output is from the same pcap file as the output in Ex 2(A). 
             It was exported to text with some options enabled. 
             The one below uses "packet details + as seen on screen".
             I had the ARP part expanded on screen. 
             Ethernet frame information is not relevant, so the details are not included in the output.

  As the following output shows, ARP has the hardware type field, protocol type field, blah, blah, blah.......

--------------------------------------------------------------------------------------
No.     Time        Source                Destination           Protocol Info
      8 0.208953    Cisco_26:9c:00        Broadcast             ARP      Who has 128.59.21.85?  Tell 128.59.16.1

Frame 8 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_26:9c:00 (00:d0:06:26:9c:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    Sender MAC address: Cisco_26:9c:00 (00:d0:06:26:9c:00)
    Sender IP address: 128.59.16.1 (128.59.16.1)
    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Target IP address: 128.59.21.85 (128.59.21.85)

No.     Time        Source                Destination           Protocol Info
     13 0.492413    Cisco_26:9c:00        Broadcast             ARP      Who has 128.59.17.0?  Tell 128.59.16.1

Frame 13 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_26:9c:00 (00:d0:06:26:9c:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    Sender MAC address: Cisco_26:9c:00 (00:d0:06:26:9c:00)
    Sender IP address: 128.59.16.1 (128.59.16.1)
    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Target IP address: 128.59.17.0 (128.59.17.0)

No.     Time        Source                Destination           Protocol Info
     14 0.576407    SunMicro_62:6a:39     Broadcast             ARP      Who has 128.59.16.30?  Tell 128.59.16.20

Frame 14 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: SunMicro_62:6a:39 (00:03:ba:62:6a:39), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    Sender MAC address: SunMicro_62:6a:39 (00:03:ba:62:6a:39)
    Sender IP address: 128.59.16.20 (128.59.16.20)
    Target MAC address: Broadcast (ff:ff:ff:ff:ff:ff)
    Target IP address: 128.59.16.30 (128.59.16.30)

No.     Time        Source                Destination           Protocol Info
     17 0.776756    DellComp_23:cc:8d     Broadcast             ARP      Who has 128.59.16.129?  Tell 128.59.17.212

Frame 17 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: DellComp_23:cc:8d (00:08:74:23:cc:8d), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    Sender MAC address: DellComp_23:cc:8d (00:08:74:23:cc:8d)
    Sender IP address: 128.59.17.212 (128.59.17.212)
    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Target IP address: 128.59.16.129 (128.59.16.129)

No.     Time        Source                Destination           Protocol Info
     28 1.478360    Cisco_26:9c:00        Broadcast             ARP      Who has 128.59.20.33?  Tell 128.59.16.1

Frame 28 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco_26:9c:00 (00:d0:06:26:9c:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    Sender MAC address: Cisco_26:9c:00 (00:d0:06:26:9c:00)
    Sender IP address: 128.59.16.1 (128.59.16.1)
    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Target IP address: 128.59.20.33 (128.59.20.33)

No.     Time        Source                Destination           Protocol Info
     29 1.576337    SunMicro_62:6a:39     Broadcast             ARP      Who has 128.59.16.30?  Tell 128.59.16.20

Frame 29 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: SunMicro_62:6a:39 (00:03:ba:62:6a:39), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    Sender MAC address: SunMicro_62:6a:39 (00:03:ba:62:6a:39)
    Sender IP address: 128.59.16.20 (128.59.16.20)
    Target MAC address: Broadcast (ff:ff:ff:ff:ff:ff)
    Target IP address: 128.59.16.30 (128.59.16.30)

--------------------------------------------------------------------------------------