Names of student : -Nguyễn Tiến Đức

-Trần Hoàng Đăng Khoa

Class : 16DTCLC1
Subject : Computer Networking
Lab 4 : Ethernet

1.What is the 48-bit Ethernet address of your computer?

Answer:
 The 48-bit Ethernet address of my computer is: 1c:df:0f:b7:0a:3f

2. What is the 48-bit destination address in the Ethernet frame? Is this the
Ethernet address of gaia.cs.umass.edu? What device has this as its Ethernet
address?

 The 48-bit destination address in the Ethernet frame is :

88:d7:f6:36:0a:bf
 This is not the Ethernet address of gaia.cs.umass.edu. It is the address
of my AsustekC router .
3.Give the hexadecimal value for the two-byte Frame type field. What upper
layer protocol does this correspond to?

 The hexadecimal value is : IPv4 (0x0800), this is correspond to IP

protocol

4. How many bytes from the very start of the Ethernet frame does the ASCII
“G” in “GET” appear in the Ethernet frame?

 It’s appear that the the ASCII “G” in “GET” is : 54 bytes

5. What is the value of the Ethernet source address? Is this the address of
your computer, or of gaia.cs.umass.edu (Hint: the answer is no). What
device has this as its Ethernet address?

 The Ethernet address of my computer is: 1c:df:0f:b7:0a:3f

6. What is the destination address in the Ethernet frame? Is this the Ethernet
address of your computer?

 The destination address in the Ethernet frame is : 88:d7:f6:36:0a:bf,

it’s not my Ethernet computer address

7. Give the hexadecimal value for the two-byte Frame type field. What
upper layer protocol does this correspond to?

 The hex value for the Frame type field is 0x0800. This value
corresponds to the IP protocol

8. How many bytes from the very start of the Ethernet frame does the
ASCII “O” in “OK” (i.e., the HTTP response code) appear in the Ethernet
frame?

 The ASCII “O” appears 52 bytes from the start of the Ethernet frame.
9. Write down the contents of your computer’s ARP cache. What is the
meaning of each column value?

 The Internet Address column contains the IP address, the Physical

Address column contains the MAC address, and the type indicates the
protocol type.

10. What are the hexadecimal values for the source and destination
addresses in the Ethernet frame containing the ARP request message?

 The source address is : 70:8b:cd:24:69:b6

 The destination address is : ff:ff:ff:ff:ff:ff
11. Give the hexadecimal value for the two-byte Ethernet Frame type field.
What upper layer protocol does this correspond to?

 The hexadecimal value Ethernet Frame type field is : 0x0806, for ARP
protocol

12.

a) How many bytes from the very beginning of the Ethernet frame does the
ARP opcode field begin ?

 The ARP opcode field begins 20 bytes from the very beginning of the
Ethernet frame

b) What is the value of the opcode field within the ARP-payload part of the

Ethernet frame in which an ARP request is made?

 The hex value for opcode field within the ARP-payload of the request
is 0x0001, for request
c) Does the ARP message contain the IP address of the sender?

Yes, the ARP message containing the IP address 192.168.1.1 for the sender.

d) Where in the ARP request does the “question” appear – the Ethernet

address of the machine whose corresponding IP address is being queried?

The field “Target MAC address” is set to 00:00:00:00:00:00 to question the

machine whose corresponding IP address (192.168.1.6) is being queried.

13)

a) How many bytes from the very beginning of the Ethernet frame does the

ARP opcode field begin?

 The ARP opcode field begins 20 bytes from the very beginning of the
Ethernet frame.
b) What is the value of the opcode field within the ARP-payload part of the

Ethernet frame in which an ARP response is made?

 The hex value for opcode field within the ARP-payload of the request
is 0x0002, for reply.

c) Where in the ARP message does the “answer” to the earlier ARP request

appear – the IP address of the machine having the Ethernet address whose

corresponding IP address is being queried?

 The answer to the earlier ARP request appears in the “Sender MAC
address” field, which contains the Ethernet address 3c:a0:67:41:9e:5b
for the sender with IP address 192.168.1.7.
14. What are the hexadecimal values for the source and destination
addresses in the Ethernet frame containing the ARP reply message?

 The hex value for the source address is d8:cb:8a:a2:09:0e and for the
destination is a0:65:18:81:a0:9d

15. Open the ethernet-ethereal-trace-1 trace file in

http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip. The first and

second ARP packets in this trace correspond to an ARP request sent by the
computer running Wireshark, and the ARP reply sent to the computer
running Wireshark by the computer with the ARP-requested Ethernet
address. But there is yet another computer on this network, as indicated by
packet 6 – another ARP request. Why is there no ARP reply (sent in
response to the ARP request in packet 6) in the packet trace?

 There is no reply in this trace, because we are not at the machine that
sent the request. The ARP request is broadcast, but the ARP reply is
sent back directly to the sender’s Ethernet address.
LAB 4 : ICMP

1.What is the IP address of your host? What is the IP address of the destination
host?

The IP address of my host: 192.168.1.10

The IP adress of the destination host: 150.95.104.136

2.Why is it that an ICMP packet does not have source and destination port numbers

The ICMP packet does not have source and destination port numbers because it
was designed to communicate network-layer information between hosts and
routers, not between application layer processes. Each ICMP packet has a "Type"
and a "Code". The Type/Code combination identifies the specific message being
received. Since the network software itself interprets all ICMP messages, no port
numbers are needed to direct the ICMP message to an application layer process.

3. Examine one of the ping request packets sent by your host. What are the ICMP
type and code numbers? What other fields does this ICMP packet have? How
many bytes are the checksum, sequence number and identifier fields?

The ICMP type: 8

The code numbers: 0

The ICMP packet also has checksum, identifier, sequence number, and data
fields.

The checksum, sequence number and identifier fields are two bytes each.

4. Examine the corresponding ping reply packet. What are the ICMP type and code
numbers? What other fields does this ICMP packet have? How many bytes are the
checksum, sequence number and identifier fields?

The ICMP type: o

The ICMP code numbers: 0

The ICMP packet also has checksum, identifier, sequence number, and data

fields. The checksum, sequence number and identifier fields are two bytes each.
5. What is the IP address of your host? What is the IP address of the target
destination host?

The IP address of my host: 192.168.1.10

The IP address of the target destination host: 150.95.104.136

6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol
number still be 01 for the probe packets? If not, what would it be?

 No. If ICMP sent UDP packets instead, the IP protocol number should
be 0x11.

7. Examine the ICMP echo packet in your screenshot. Is this different from
the ICMP ping query packets in the first half of this lab? If yes, how so?

The ICMP echo packet has the same fields as the ping query packets.

ICMP query packets :

ICMP echo packet :

8. Examine the ICMP error packet in your screenshot. It has more fields than
the ICMP echo packet. What is included in those fields?

ICMP error packet :

 The ICMP error packet is not the same as the ICPM echo packets. It
contains both the IP header and the first 8 bytes of the original ICMP
packet that the error is for.
9. Examine the last three ICMP packets received by the source host. How
are these packets different from the ICMP error packets? Why are they
different?

The last three ICMP packets

 The last three ICMP packets are message type 0 (echo reply) rather
than 11 (TTL expired). They are different because the datagrams have
made it all the way to the destination host before the TTL expired

10.Within the tracert measurements, is there a link whose delay is

significantly longer than others? Refer to the screenshot in Figure 4, is there
a link whose delay is significantly longer than others? On the basis of the
router names, can you guess the location of the two routers on the end of this
link?

 There is a link between steps12 that has a significantly longer delay,

the link is from Germany.
LAB4 : IP

1. What is the IP address of your computer?

Answer: The IP address: 10.10.43.50

2. Within the IP packet header, what is the value in the upper layer protocol
field?
 The value in the upper layer protocol field: ICMP (1)

3. How many bytes are in the IP header? How many bytes are in the payload
of the IP datagram? Explain how you determined the number of payload
bytes.
 In the IP header are 20 bytes.
 Total Length: 56 bytes
 This gives 36 bytes in the payload of the IP datagram.
 4. Has this IP datagram been fragmented? Explain how you determined
whether or not the datagram has been fragmented.
 The more fragments bit = 0, so the data is not fragmented .

5. Which fields in the IP datagram always change from one datagram to the
next within this series of ICMP messages sent by your computer?
 Identification, Time to live are always change

6. Which fields stay constant? Which of the fields must stay constant? Which
fields must change? Why?
The fields that stay constant across the IP datagrams are:
• Version (since we are using IPv4 for all packets)
• header length (since these are ICMP packets)
• source IP (since we are sending from the same source) • destination IP
(since we are sending to the same dest)
• Differentiated Services (since all packets are ICMP they use the same
Type of Service class)
• Upper Layer Protocol (since these are ICMP packets)
The fields that must stay constant are:
• Version (since we are using IPv4 for all packets)
• header length (since these are ICMP packets)
• source IP (since we are sending from the same source)
• destination IP (since we are sending to the same dest)
• Differentiated Services (since all packets are ICMP they use the same
Type of Service class)
• Upper Layer Protocol (since these are ICMP packets)
The fields that must change are:
• Identification(IP packets must have different ids)
• Time to live (traceroute increments each subsequent packet)
• Header checksum (since header changes, so must checksum)
7. Describe the pattern you see in the values in the Identification field of the IP
datagram.
 The pattern is that the IP header Identification fields increment with
each ICMP Echo (ping) request.
8. What is the value in the Identification field and the TTL field?
 The identification field: 0x5a3b
 The TTL field: 255

9. Do these values remain unchanged for all of the ICMP TTL-exceeded

replies sent to your computer by the nearest (first hop) router? Why?
 The identification field changes for all the ICMP TTL-exceeded
replies because the identification field is a unique value. When two
or more IP datagrams have the same identification value, then it
means that these IP datagrams are fragments of a single large IP
datagram. The TTL field remains unchanged because the TTL for
the first hop router is always the same.
10. Find the first ICMP Echo Request message that was sent by your computer
after you changed the Packet Size in pingplotter to be 2000. Has that
message been fragmented across more than one IP datagram?
 Yes, this packet has been fragmented across more than one IP
datagram
  Yes, this packet has been fragmented across more than one IP
datagram

11. Print out the first fragment of the fragmented IP datagram. What
information in the IP header indicates that the datagram been fragmented?
What information in the IP header indicates whether this is the first fragment
versus a latter fragment? How long is this IP datagram?
Answer: The Flags bit for more fragments is set, indicating that the
datagram has been fragmented. Since the fragment offset is 0, we know that
this is the first fragment. This first datagram has a total length of 1500,
including the header.
12. Print out the second fragment of the fragmented IP datagram. What
information in the IP header indicates that this is not the first datagram
fragment? Are the more fragments? How can you tell?
 Since the fragment offset is 185, we know that this is the
second fragment. This first datagram has a total length of 1500,
including the header. The Flags bit for more fragments is not set,
indicating that there are no more fragments.
13. What fields change in the IP header between the first and second fragment?
 The IP header fields that changed between the fragments are: total
length, flags, fragment offset, and checksum.
14. How many fragments were created from the original datagram?
 After switching to 3500, there are 3 packets created from the original
datagram.
15. What fields change in the IP header among the fragments?
 The IP header fields that changed between all of the packets are:
fragment offset, and checksum. Between the first two packets and the
last packet, we see a change in total length, and also in the flags. The
first two packets have a total length of 1500, with the more fragments
bit set to 1, and the last packet has a total length of 540, with the more
fragments bit set to 0.