1. What is the 48-bit Ethernet address of your computer? 你的电脑 48 位的地址是多少

从图中看出:AzureWaveTec_17:5f:66 (28:d0:43:17:5f:66)

2. What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of gaia.cs.umass.edu? 以太网帧中的 48 位目标地址是什么?这是 gaia.cs.umass.edu 的以太网地址 吗?

HuaweiTechno_8a:5d:45 (c8:33:e5:8a:5d:45),不是

3. Give the hexadecimal value for the two-byte Frame type field. What upper layer protocol does this correspond to? 以太网帧上层协议 16 进制值是什么?这对应的上层协议是什么?

是0x0800,对应的是IPv4

4. How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear in the Ethernet frame? 从以太帧的开始,一直到“GET”中的 ASCII“G”出现在以太网帧中为止,有多少字节?

  以太网头:14 字节

  IP 头:20 字节

  TCP 头:20 字节

因此 TCP 载荷第一个字节在第 54 字节因此 TCP 载荷第一个字节在第 54 字节

5. What is the value of the Ethernet source address? Is this the address of your computer, or of gaia.cs.umass.edu (Hint: the answer is no). What device has this as its Ethernet address? 这个乙太网帧中,以太网源地址的值是多少?这是你的计算机的地址,还是 gaia.cs.umass.edu 的地址(提示:答案是否定的)。拥有这个以太网地址的 设备是什么?

源 MAC(十六进制):28:d0:43:17:5f:66,它不是 gaia.cs.umass.edu 的地址,应该是与我计算机连接的路由器接口的地址。这是发送该以太网帧的本地网络接口的 MAC 地址(从 OUI 名称 AzureWaveTec 可见,这是某个终端设备上用的 AzureWave Wi-Fi / 网卡模块的厂商标识)。

6. What is the destination address in the Ethernet frame? Is this the Ethernet address of your computer? 以太网帧中的目的地址是什么?这是您的计算机的以太网地址吗?

       目的 MAC(十六进制):c8:33:e5:8a:5d:45,是我计算机的以太网地址

7. Give the hexadecimal value for the two-byte Frame type field. What upper layer protocol does this correspond to? 以太网帧上层协议 16 进制值是什么?这对应的上层协议是什么?

是0x0800,对应的是IPv4

8. How many bytes from the very start of the Ethernet frame does the ASCII “O” in “OK” (i.e., the HTTP response code) appear in the Ethernet frame? 从以太帧的开始,一直到“OK”中的 ASCII“O”出现在以太网帧中为止,有多少字节?

       响应载荷文本为 HTTP/1.1 200 OK\r\n...,

以太网(14) + IP(20) + TCP(20) = 54(TCP 载荷起始)

载荷内偏移为 13 → 总偏移 = 54 + 13 = 67 字节。

9. Write down the contents of your computer’s ARP cache. What is the meaning of each column value? 写下计算机 ARP 缓存的内容。每个列值的含义是什么?

代表意思分别是:IP   MAC   类型

实验使用作者的抓包结果http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip

10. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP request message? 包含 ARP 请求消息的以太网帧中源和目标地址的十六进制值是什么?

源:00:d0:59:a9:3d:68,目的地址:ff:ff:ff:ff:ff:ff

11. Give the hexadecimal value for the two-byte Ethernet Frame type field. What upper layer protocol does this correspond to? 以太网帧上层协议 16 进制值是什么?

Type: ARP (0x0806)

12. Download the ARP specification from ftp://ftp.rfc-editor.org/in-notes/std/std37.txt.

a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin? ARP 操作码字段开始从以太网帧的最开始有多少字节?

       不包含opcode开始,有20个字节

b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP request is made? 在进行 ARP 请求的以太网帧的 ARP 负载部分中,操作码字段的值是多少?

       0x0001,从Opcode看出

c) Does the ARP message contain the IP address of the sender? ARP 消息是否包含发送方的 IP 地址?

       包含字段Sender MAC address: LinksysGroup_da:af:73 (00:06:25:da:af:73),所以有,可以用来更新ARP表

d) Where in the ARP request does the “question” appear – the Ethernet address of the machine whose corresponding IP address is being queried? 在 ARP 请求中从哪里看出我们要查询相应 IP 的以太网地址

       目标IP地址以及目标MAC地址00:00:00:00:00:00,可以看出是广播

13. Now find the ARP reply that was sent in response to the ARP request. 找到相应 ARP 请求的而发送 ARP 回复

a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin? ARP 操作码字段开始从以太网帧的最开始有多少字节?

       不包含opcode开始,有20个字节

b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP response is made? 在进行 ARP 响应的以太网帧的 ARP 负载部分中,操作码字段的值是多少?

      0x0002,Opcode看出

c) Where in the ARP message does the “answer” to the earlier ARP request appear – the IP address of the machine having the Ethernet address whose corresponding IP address is being queried? 在响应 ARP 中从哪里看出现早期 ARP 请求的答案?

       发送方IP和发送方MAC地址

14. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP reply message? 包含 ARP 回复消息的以太网帧中的源地址和目标地址的十六进制值是多少?

       Sender MAC address: LinksysGroup_da:af:73 (00:06:25:da:af:73)

       Target MAC address: AmbitMicrosy_a9:3d:68 (00:d0:59:a9:3d:68)

15. Open the ethernet-ethereal-trace-1 trace file in http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip. The first and second ARP packets in this trace correspond to an ARP request sent by the computer running Wireshark, and the ARP reply sent to the computer running Wireshark by the computer with the ARP-requested Ethernet address. But there is yet another computer on this network, as indicated by packet 6 – another ARP request. Why is there no ARP reply (sent in response to the ARP request in packet 6) in the packet trace? 在作者抓包结果中,他有两台电脑,一台运行 wireshark 进行抓包,一台没有,那么为什么运行 wireshark 那台电脑发送 ARP 请求得到了应答,另外一台电脑的 ARP 请求没有得到应答?(没有相应第 6 帧的 ARP 的请求)

       有可能是这个电脑缓存了该地址的MAC值,所以没有发送请求,或者ARP配置错误,没发回来

# 网络
Logo
2048 AI社区

有“AI”的1024 = 2048,欢迎大家加入2048 AI社区

更多推荐

cover

实测:上传Python爬虫代码,AI如何自动写出万字数据分析论文(附章节映射表+降重技巧)

avatar 2048 AI社区
cover

2026上海AI应用开发公司推荐:技术实力与行业适配性评估报告

avatar 2048 AI社区
cover

2026年PDF转DWG完全指南:3种方法实测,附免费工具推荐

avatar 2048 AI社区