计算机网络实验：Ethernet and ARP(2)

13. Give the hexadecimal value for the two-byte Ethernet Frame type field. What do the bit(s) whose value is 1 mean within the flag field?

The hexadecimal value for the two-byte Ethernet Frame type field is 0x0806. There is no flag field.

14.Download the ARP specification from ftp://ftp.rfc-editor.org/innotes/std/std37.txt. A readable, detailed discussion of ARP is also at http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html.

a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin?

There are 14 bytes of Ethernet frame header. In the ARP data, before the ARP opcode field begin, there are 6 bytes. So there are 20 bytes before the ARP opcode field begin.

b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP request is made?

The value of the opcode field within the ARP-payload part of the Ethernet framein which an ARP request is made is 1.

c) Does the ARP message contain the IP address of the sender?

Yes, it contains. In here, the IP address of the sender is 192.168.1.105.

d) Where in the ARP request does the “question” appear – the Ethernet address of the machine whose corresponding IP address is being queried?

The field “Target MAC address” is set to 00:00:00:00:00:00 to question the machine’s Ethernet addresswhose corresponding IP address.

15.Now find the ARP reply that was sent in response to the ARP request.

a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin?

There are 14 bytes of Ethernet frame header. In the ARP data, before the ARP opcode field begin, there are 6 bytes. So there are 20 bytes before the ARP opcode field begin.

b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP response is made?

The value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP response is made is 2

c) Where in the ARP message does the “answer” to the earlier ARP request appear – the IP address of the machine having the Ethernet address whose corresponding IP address is being queried?

“Sender MAC address” is the answer to the earlier ARP request. In here, it contain the MAC address of 192.168.1.1, which is 00:06:25:da:af:73

16.What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP reply message?

The hexadecimal values for the source addresses in the Ethernet frame containing the ARP reply message is 00:06:25:da:af:73.

The hexadecimal values for thedestination addresses in the Ethernet frame containing the ARP reply message is 00:d0:59:a9:3d;68.

17. Open the ethernet-ethereal-trace-1 trace file in http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip. The first and second ARP packets in this trace correspond to an ARP request sent by the computer running Wireshark, and the ARP reply sent to the computer running Wireshark by the computer with the ARP-requested Ethernet address. But there is yet another computer on this network, as indiated by packet 6 – another ARP request. Why is there no ARP reply (sent in response to the ARP request in packet 6) in the packet trace?

This a broadcastARP packet sent by 192.168.1.104. So every host in the same subnet will receive the packet. But the ARP is to try find the MAC address of 192.168.1.117. So only the host which have the IP address of 192.168.1.117 will reply. Now “my” host’s IP address is 192.168.1.105. So “my” host won’t reply. And “my” host didn’t receive the reply packet. So there is no ARP reply (sent in response to the ARP request in packet 6) in the packet trace.

Extra Credit

EX-1. The arp command: arp -s InetAddrEtherAddr allows you to manually add an entry to the ARP cache that resolves the IP address InetAddr to the physical address EtherAddr. What would happen if, when you manually added an entry, you entered the correct IP address, but the wrong Ethernet address for that remote interface?

If I entered the correct IP address, but the wrong Ethernet address for that remote

interface, then I will get the wrong MAC address when I try to connect with the IP address that I entered. This is just like what happened in ARP spoofing.

EX-2. What is the default amount of time that an entry remains in your ARP cache before being removed.You can determine this empirically (by monitoring the cache contents) or by looking this up in your operation system documentation. Indicate how/where you determined this value.

In default, in Windows Server 2003 and Windows XP, the entry in the ARP cache will store 2 minutes. If an entry is used in this 2 minutes, the deadline will delay another 2 minutes until it have past 10 minutes. When an entry is stored for 10 minutes, then it must be removed.

百度搜索“77cn”或“免费范文网”即可找到本站免费阅读全部范文。收藏本站方便下次阅读，免费范文网，提供经典小说综合文库计算机网络实验：Ethernet and ARP(2)在线全文阅读。