Lab Exercise 1 - Ethernet
Objective
To explore the details of Ethernet frames. Ethernet is a popular link layer protocol. Review Ethernet before doing this lab.
Requirements
Wireshark: This lab uses the Wireshark software tool to capture and examine a packet trace.
ping: This lab uses “ping” to send and receive messages. ping is a standard command-line utility for checking that another computer is responsive. It is widely used for network troubleshooting and comes pre-installed on Window, Linux, and Mac. While ping has various options, simply issuing the command “ping www.bit.edu.cn” will cause your computer to send a small number of ICMP ping requests to the remote computer (here www.bing.com), each of which should elicit an ICMP ping response.
Turn in
Hand in the trace file you captured and exercise report including your answers to the questions and figures you drew.
Step 1: Capture a Trace
1. Pick a remote web server or other publicly reachable Internet host and use ping to
send some ping messages and check that it sends replies. For example, “ping www.bit.edu.cn”. You should see several replies indicating that the pings reached the remote host and were returned.
Figure 1: Using pingto bounce messages off a remote host
2. Launch Wireshark and start a capture of Ethernet frames with a filter of “icmp”,
making sure that “enable MAC name resolution” is checked. The latter will translate Ethernet (MAC) addresses to provide vendor information. Also check that the Link-layer header type pulldown says “Ethernet”.
Figure 2: Setting the capture options for ping traffic
3. When the capture is started, repeat the ping command above. This time, the
packets will also be recorded by Wireshark.
4. After the ping command is complete, return to Wireshark and uses the menus or
buttons to stop the trace. You should now have a short trace similar to that shown in the figure below.
Figure 3: Trace of ping traffic, showing Ethernet details of the first packet
Step 2: Inspect the Trace
Select any packet in the trace (in the top panel) to see details of its structure (in the middle panel) and the bytes that make up the packet (in the bottom panel). Now we can inspect the details of the packets.
In the middle panel, expand the Ethernet header fields (using the “+” expander or icon) to see their details. Our interest is the Ethernet header, and you may ignore the higher layer protocols (which are IP and ICMP in this case). You can click on the Ethernet header to see the bytes that correspond to it in the packet highlighted in the bottom panel.
Step 3: Ethernet Frame Structure
To show your understanding of the Ethernet frame format, draw a figure of the ping message that shows the position and size in bytes of the Ethernet header fields. Your figure can simply show the frame as a long, thin rectangle. The leftmost fields come first in the packet and are sent on the wire first. On this drawing, show the range of the Ethernet header and the Ethernet payload. Add a dashed box at the end to represent the 4-byte checksum; we know it is there even if Wireshark does not show us this field.
Figure 4: Ethernet frame structure