Tên:Trương Anh Bảo

MSSV:1811550

Wireshark Lab 5
1. What is the IP address of your host? What is the IP address of the destination host?
Answer: The IP address of my host is 192.168.1.101. The IP address of the destination host is
143.89.14.34

2. Why is it that an ICMP packet does not have source and destination port numbers?
Answer: The ICMP packet does not have source and destination port numbers because it was
designed to communicate network-layer information between hosts and routers, not between
application layer processes. Each ICMP packet has a "Type" and a "Code". The Type/Code
combination identifies the specific message being received. Since the network software itself
interprets all ICMP messages, no port numbers are needed to direct the ICMP message to an
application layer process.
3. Examine one of the ping request packets sent by your host. What are the ICMP type and code
numbers? What other fields does this ICMP packet have? How many bytes are the checksum,
sequence number and identifier fields?
Answer: The ICMP type is 8, and the code number is 0. The ICMP packet also has checksum,
identifier(BE),identifier(LE), sequence number(BE),sequence number(LE), and data fields. The
checksum, identifier(BE),identifier(LE), sequence number(BE),sequence number(LE) fields are
two bytes each.
4. Examine the corresponding ping reply packet. What are the ICMP type and code numbers?
What other fields does this ICMP packet have? How many bytes are the checksum, sequence
number and identifier fields?
Answer: The ICMP type is 0, and the code number is 0. The ICMP packet also has checksum,
identifier(BE),identifier(LE), sequence number(BE),sequence number(LE), and data fields. The
checksum, identifier(BE),identifier(LE), sequence number(BE),sequence number(LE) fields are
two bytes each.

5. What is the IP address of your host? What is the IP address of the target destination host?
Answer: The IP address of my host is 10.228.223.79. The IP address of the destination host is
128.93.162.63.
6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for
the probe packets? If not, what would it be?
Answer: Answer: No. If ICMP sent UDP packets instead, the IP protocol number should be 0x11
7. Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping query
packets in the first half of this lab? If yes, how so?
Answer: The ICMP echo packet has the same fields as the ping query packets.
8. Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo
packet. What is included in those fields?
Answer: The ICMP error packet is not the same as the ping query packets. It contains both the
IP header and the first 8 bytes of the original ICMP packet that the error is for.

9. Examine the last three ICMP packets received by the source host. How are these packets
different from the ICMP error packets? Why are they different?
 Answer: The last three ICMP packets are message type 0 (echo reply) rather than 11 (TTL
expired). They are different because the datagrams have made it all the way to the destination
host before the TTL expired.

10. Within the tracert measurements, is there a link whose delay is significantly longer than others?
Refer to the screenshot in Figure 4, is there a link whose delay is significantly longer than
others? On the basis of the router names, can you guess the location of the two routers on the
end of this link?
 Answer: There is a link between steps 11 and 12 that has a significantly longer delay.Those two
routers on the end of this link might be in Hong Kong and Paris,France.

Wireshark Lab 6
1. What is the 48-bit Ethernet address of your computer?
Answer: The Ethernet address of my computer is 28:3a:4d:7d:46:6f
2. What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of
gaia.cs.umass.edu? (Hint: the answer is no). What device has this as its Ethernet address?
Answer: The destination address b0:51:8e:09:c3:b5 is not the Ethernet address of
gaia.cs.umass.edu. It is the address of my Holltech_09 router, which is the link used to get off
the subnet

3. Give the hexadecimal value for the two-byte Frame type field. What upper layer protocol does
this correspond to?
Answer: The hex value for the Frame type field is 0x0800. This corresponds to the IP protocol
(the frame type filed indicates that the nest layer above IP – the layer to which the payload of
ths Ethernet frame will be passed – is IP.

4. . How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear
in the Ethernet frame?
Answer: The ASCII “G” appears 52 bytes from the start of the Ethernet frame. There are 14 B
Ethernet frame, and then 20 bytes of IP header followed by 20 bytes of TCP header before the
HTTP data is encountered.
5. What is the value of the Ethernet source address? Is this the address of your computer, or of
gaia.cs.umass.edu (Hint: the answer is no). What device has this as its Ethernet address?
Answer: The source address b0:51:8e:09:c3:b5 is neither the Ethernet address of
gaia.cs.umass.edu nor the address of my computer. It is the address of my Holltech_09 router,
which is the link used to get onto my subnet.

6. What is the destination address in the Ethernet frame? Is this the Ethernet address of your
computer?
Answer: The destination address 28:3a:4d:7d:46:6f is the address of my computer.
7. Give the hexadecimal value for the two-byte Frame type field. What upper layer protocol does
this correspond to?
Answer: The hex value for the Frame type field is 0x0800. This value corresponds to the IP
protocol

8. How many bytes from the very start of the Ethernet frame does the ASCII “O” in “OK” (i.e., the
HTTP response code) appear in the Ethernet frame?
 Answer: The ASCII “O” appears 52 bytes from the start of the Ethernet frame. Again, there are
14 bytes of Ethernet frame, and then 20 bytes of IP header followed by 20 bytes of TCP header
before the HTTP data is encountered.

9. Write down the contents of your computer’s ARP cache. What is the meaning of each column
value?
Answer: The Internet Address column contains the IP address, the Physical Address column
contains the MAC address, and the type indicates the protocol type.
10. What are the hexadecimal values for the source and destination addresses in the Ethernet
frame containing the ARP request message?
Answer: The hex value for the source address is 28:3a:4d:7d:46:6f. The hex value for the
destination address is ff:ff:ff:ff:ff:ff, the broadcast address.

11. Give the hexadecimal value for the two-byte Ethernet Frame type field. What upper layer
protocol does this correspond to?
Answer: The hex value for the Ethernet Frame type field is 0x0806, for ARP.
12. a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field
begin?
Answer: The ARP opcode field begins 20 bytes from the very beginning of the Ethernet frame

b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in
which an ARP request is made?
Answer: The hex value for opcode field withing the ARP-payload of the request is 0x0001, for
request.

c) Does the ARP message contain the IP address of the sender?

d) Where in the ARP request does the “question” appear – the Ethernet address of the machine
whose corresponding IP address is being queried?
Answer: The field “Target MAC address” is set to 00:00:00:00:00:00 to question the machine
whose corresponding IP address (10.228.0.1) is being queried.
13. a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field
begin?
Answer: The ARP opcode field begins 20 bytes from the very beginning of the Ethernet frame
b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in
which an ARP response is made?
Answer: The hex value for opcode field withing the ARP-payload of the request is 0x0002, for
reply.

c) Where in the ARP message does the “answer” to the earlier ARP request appear – the IP
address of the machine having the Ethernet address whose corresponding IP address is being
queried?
Answer: The answer to the earlier ARP request appears in the”Sender MAC address” field, which
contains the Ethernet address b0:51:8e:09:c3:b5 for the sender with IP address 10.228.0.1
14. What are the hexadecimal values for the source and destination addresses in the Ethernet
frame containing the ARP reply message?
Answer: The hex value for the source address is b0:51:8e:09:c3:b5 and for the destination is
28:3a:4d:7d:46:6f.
15. Open the ethernet-ethereal-trace-1 trace file in http://gaia.cs.umass.edu/wireshark-
labs/wireshark-traces.zip. The first and second ARP packets in this trace correspond to an ARP
request sent by the computer running Wireshark, and the ARP reply sent to the computer
running Wireshark by the computer with the ARP-requested Ethernet address. But there is yet
another computer on this network, as indicated by packet 6 – another ARP request. Why is
there no ARP reply (sent in response to the ARP request in packet 6) in the packet trace?
Answer: There is no reply in this trace, because we are not at the machine that sent the request.
The ARP request is broadcast, but the ARP reply is sent back directly to the sender’s Ethernet
address.