CN LAB
V SEM
ASSIGNMENT 2: WIRESHARK
1. In the packet that contains the http GET message, what is the source mac
address? Is this your computer’s mac address?
2. What is the destination mac address of the above packet?
Is this the mac address of (destination’s server / your router or gateway)?
Who is the manufacturer of this device?
(hint: use “ip neigh” command in terminal to see mac address of your router)
3. What is the hexadecimal frame type field in the ethernet header of this packet?
What is the correspond upper layer protocol?
(hint: Expand the ethernet option and notice the hexadecimal value in brackets)
4. Do you notice that WireShark can display the manufacturer of the sender
(source) and receiver (destination) of this packet?
How this can be done? (Full description is required)
Who is the manufacture of the mac address [Link]? (lookup IEEE OUI
database)
(hint: Read about OUI in MAC on internet,
OUI database link: [Link]
�5. How many bytes from the very start of the Ethernet frame does the ASCII “G” in
“GET” appear in the Ethernet frame?
What is the length of IP header and TCP header of the selected packet?
Calculate the length of ethernet header using above information.
{hint: first see the packet bytes on screen (if Packet bytes screen is not disable
then enable by Going to preference option in edit menu) then count the data in
number of bytes before the first G.
For example, in given figure there is 54 bytes of data before first G.
Ethernet header length= total bytes of header (54 in this case) - TCP header – IP
header}
�[Link] install vzctl using command: sudo apt install vzctl
Then Close your browser and Open wireshark again. Start packet capturing.
Go to terminal and enter command “sudo arpsend -D -e ‘router address’
‘interface name’ “
example: sudo arpsend -D -e [Link] enp0s3
Focus on the first ARP packet in the packet list. What is the frame type in ethernet
header? What is the destination mac address?
7. Is the destination of the above packet a real computer? If not, who will receive
the above packet?
(hint: Read about ARP on internet)
8. Which type of arp packet is the above one? What operation does this packet try
accomplishing?
Find the corresponding packet of the above arp packet.
Which type of arp packet is this one? What information it provides?
9. In the first packet, what is the target mac address in the arp header? Is it the
same as the destination mac address in ethernet header? If not, will this be a
problem?
(You may need refer to internet for this question)
[Link] the Correct Choice.
The ARP request is (broadcast\unicast)
Arp reply is an (broadcast\unicast) packet.
