5.1.4.3 Lab — Using Wireshark to Examine Ethernet Frames
Part 1: Examine the Header Fields in an Ethernet II Frame
Part 2: Use Wireshark to Capture and Analyze Ethernet Frames
Part 1: Examine the Header Fields in an Ethernet II Frame
What is significant about the contents of the destination address field?
It starts with the broadcast ARP protocol from the router asking who has 192.168.2.22. Then it starts showing the source ip address then destination addresses then rebroadcasting from your router. ____________________________________________________________________________________
____________________________________________________________________________________
Why does the PC send out a broadcast ARP prior to sending the first …show more content…
Notice that the plus sign changes to a minus (-) sign.
What type of frame is displayed? _159 bytes 1272 bits_ 0x806______________________________.
e. The last two lines displayed in the middle section provide information about the data field of the frame.
Notice that the data contains the source and destination IPv4 address information.
What is the source IP address? 192.168.2.32_________________________________
What is the destination IP address? 239.255.255.250______________________________
You can click any line in the middle section to highlight that part of the frame (hex and ASCII) in the
Packet Bytes pane (bottom section).
Click the Internet Control Message Protocol line in the middle section and examine what is highlighted in the Packet Bytes pane.
What do the last two highlighted octets spell? ______
Click the next frame in the top section and examine an Echo reply frame. Notice that the source and destination MAC addresses have reversed, because this frame was sent from the default gateway router as a reply to the first ping.
What device and MAC address is displayed as the destination address?
_ff-ff-ff-ff-ff-ff …show more content…
In the first echo (ping) request frame, what are the source and destination MAC addresses?
Source: 1c-65-9d-eb-c4-57_________________________________
Destination: 6d-e6-40-00-38-06______________________________
What are the source and destination IP addresses contained in the data field of the frame?
Source: 192.168.2.32 _________________________________.
Destination: 72.21.91.8______________________________
Compare these addresses to the addresses you received in Step 7. The only address that changed is the destination IP address. Why has the destination IP address changed, while the destination MAC address remained the same?
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
Reflection
Wireshark does not display the preamble field of a frame header. What does the preamble
Part 1: Examine the Header Fields in an Ethernet II Frame
Part 2: Use Wireshark to Capture and Analyze Ethernet Frames
Part 1: Examine the Header Fields in an Ethernet II Frame
What is significant about the contents of the destination address field?
It starts with the broadcast ARP protocol from the router asking who has 192.168.2.22. Then it starts showing the source ip address then destination addresses then rebroadcasting from your router. ____________________________________________________________________________________
____________________________________________________________________________________
Why does the PC send out a broadcast ARP prior to sending the first …show more content…
Notice that the plus sign changes to a minus (-) sign.
What type of frame is displayed? _159 bytes 1272 bits_ 0x806______________________________.
e. The last two lines displayed in the middle section provide information about the data field of the frame.
Notice that the data contains the source and destination IPv4 address information.
What is the source IP address? 192.168.2.32_________________________________
What is the destination IP address? 239.255.255.250______________________________
You can click any line in the middle section to highlight that part of the frame (hex and ASCII) in the
Packet Bytes pane (bottom section).
Click the Internet Control Message Protocol line in the middle section and examine what is highlighted in the Packet Bytes pane.
What do the last two highlighted octets spell? ______
Click the next frame in the top section and examine an Echo reply frame. Notice that the source and destination MAC addresses have reversed, because this frame was sent from the default gateway router as a reply to the first ping.
What device and MAC address is displayed as the destination address?
_ff-ff-ff-ff-ff-ff …show more content…
In the first echo (ping) request frame, what are the source and destination MAC addresses?
Source: 1c-65-9d-eb-c4-57_________________________________
Destination: 6d-e6-40-00-38-06______________________________
What are the source and destination IP addresses contained in the data field of the frame?
Source: 192.168.2.32 _________________________________.
Destination: 72.21.91.8______________________________
Compare these addresses to the addresses you received in Step 7. The only address that changed is the destination IP address. Why has the destination IP address changed, while the destination MAC address remained the same?
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
Reflection
Wireshark does not display the preamble field of a frame header. What does the preamble