CSC358 Wireshark Assignment 5 Solution, Exercises of Computer Programming

The mac address contains an OUI (Organizationally Unique Identifier) field. It is a 24-bit number that uniquely identifies a vendor or manufacturer. They are ...

Typology: Exercises

2022/2023

Uploaded on 03/01/2023

skips
skips 🇺🇸

4.4

(11)

222 documents

1 / 10

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CSC358 Wireshark Assignment 5 Solution
1. In the packet that contains the http GET message, what is the source mac address? Is this your
computer’s mac address?
Solution:
The source mac address is: 78:ca:39:b2:bc:fd.
It is my computer’s mac address.
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download CSC358 Wireshark Assignment 5 Solution and more Exercises Computer Programming in PDF only on Docsity!

CSC358 Wireshark Assignment 5 Solution

  1. In the packet that contains the http GET message, what is the source mac address? Is this your computer’s mac address? Solution: The source mac address is: 78:ca:39:b2:bc:fd. It is my computer’s mac address.
  1. What is the destination mac address of the above packet, is this the mac address of gaia.cs.umass.edu? If not, then which device has this mac address? Solution: The mac address of the destination is 00:90:0b:27:12:11. This is not the Ethernet address of gaia.cs.umass.edu. It is the mac address for my router or internet gateway address.
  1. Do you notice that WireShark can display the manufacturer of the sender (source) and receiver (destination) of this packet? How this can be done? What is the manufacture of the mac address cc:20:e8:11:22:33? Solution: The mac address contains an OUI (Organizationally Unique Identifier) field. It is a 24-bit number that uniquely identifies a vendor or manufacturer. They are purchased and assigned by the IEEE. The OUI is basically the first three octets of a MAC address. Wireshark tries to convert the first 3 bytes of an ethernet address to an abbreviated manufacturer name by looking up OUI database. The manufacturer of cc:20:e8:11:22:33 is Apple.
  1. How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear in the Ethernet frame? Explain how do you obtain this result. Solution: After 528 bits or 66 bytes the G in get appears. Or before “G”, we have14 ethernet header + 20 IP header + 32 tcp header = 66 bytes
  1. Is the destination of the above packet a real computer? If not, who will receive the above packet? Solution: No. The mac address ff:ff:ff:ff:ff:ff is used for broadcast. All machines on the local area network (LAN) will receive it.
  1. Which type of arp packet is the above one? What operation does this packet try accomplishing? Find the corresponding packet of the above arp packet. Which type of arp packet is this one? What information it provides? Solution: It is a address resolution request. It tries to find the mac address of the 192.168.1.1. The corresponding packet: It is a reply for the above request. It provides the mac address of 192.168.1.1.
  1. Notice that the 6th packet in the trace file is also an arp packet, explain why we didn’t see a corresponding arp packet to this one. Solution: There is no reply in this trace, because we are not at the machine that sent the request. The ARP request is broadcast, but arp reply is an unicast packet, only the targeted machine will receive it.