2011 Vietnamese-German University Nguyen Dinh Thong [COMPUTER NETWORKING] [Type the abstract of the document here. The abstract is typically a short summary of the contents of the document. Type the abstract of the document here. The abstract is typically a short summary of the contents of the document.] Table of Contents Content .......................................................................................................... Error! Bookmark not defined. Exercises ........................................................................................................................................................ 2 Chapter 01: Introduction .......................................................................................................................... 2 Chapter 02: Application Layer ............................................................................................................... 4 Problem 1: ............................................................................................................................................. 4 Problem 2: ............................................................................................................................................. 4 Problem 3: ............................................................................................................................................. 5 Problem 4: ............................................................................................................................................. 5 Problem 5: ............................................................................................................................................. 5 Problem 6: ............................................................................................................................................. 5 Chapter 3: Transport Layer ....................................................................................................................... 6 Chapter 4: Network Layer ......................................................................................................................... 7 Chapter 5: Link Layer ................................................................................................................................ 9 Wireshark Labs ............................................................................................................................................ 10 Wireshark HTTP....................................................................................................................................... 10 Wireshark DNS .................................................................................................................................... 13 Wireshark UDP .................................................................................................................................... 15 Wireshark TCP ..................................................................................................................................... 16 Wireshark IP ........................................................................................................................................ 18 Wireshark ICMP .................................................................................................................................. 19 Wireshark DHCP .................................................................................................................................. 20 Wireshark EthernetARP ...................................................................................................................... 22 Exercises Chapter 01: Introduction 1. Design and describe an application-level protocol to be used between an Automatic Teller Machine, and a bank's centralized computer. Your protocol should allow a user's card and password to be verified, the account balance (which is maintained at the centralized computer) to be queried, and an account withdrawal (i.e., when money is given to the user) to be made. Your protocol entities should be able to handle the all-too-common case in which there is not enough money in the account to cover the withdrawal. Specify your protocol by listing the messages exchanged, and the action taken by the Automatic Teller Machine or the bank's centralized computer on transmission and receipt of messages. Sketch the operation of your protocol for the case of a simple withdrawal with no errors, using some form of sequence diagram. Explicitly state the assumptions made by your protocol about the underlying end-to-end transport service. 2. This elementary problem begins to explore propagation delay and transmission delay, two central concepts in data networking. Consider two hosts, Hosts A and B, connected by a single link of rate R bps. Suppose that the two hosts are separted by m meters, and suppose the propagation speed along the link is s meters/sec. Host A is to send a packet of size L bits to Host B. a. Express the propagation delay, dprop in terms of m and s. b. Determine the transmission time of the packet, dtrans in terms of L and R. c. Ignoring processing and queing delays, obtain an expression for the end-to-end delay. d. Suppose Host A begins to transmit the packet at time t=0. At time t=dtrans, where is the last bit of the packet? e. Suppose dprop is greater than dtrans . At time t=dtrans, where is the first bit of the packet? f. Suppose dprop is less than dtrans . At time t=dtrans, where is the first bit of the packet? g. Suppose s=2.5*108, L=100 bits and R=28 kbps. Find the distance m so that dprop equals dtrans. 3. Consider an application that transmits data at a steady rate (e.g., the sender generates one packet of N bits every k time units, where k is small and fixed). Also, when such an application starts, it will stay on for relatively long period of time. a. Would a packet-switched network or a circuit-switched network be more appropriate for this application? Why? b. Suppose that a packet-switched network is used and the only traffic in this network comes from such applications as described above. Furthermore, assume that the sum of the application data rates is less that the capacities of each and every link. Is some form of congestion control needed? Why or why not? 4. Consider the queueing delay in a router buffer (preceding an outbound link). Suppose all packets are L bits, the transmission rate is R bps and that N packets arrive to the buffer every LN/R seconds. Find the average queueing delay of a packet. 5. Suppose two hosts, A and B are sparated be 10000 km and are connected by a direct link of R=1Mbps. Suppose the propagation speed over the link ist 2.5x108 m/s a. Calculate the bandwidth-delay product. b. Consider sending a file of 400000 Bit from host A to host B. Suppose the file is sent continuously as one big message. What is the maximum number of bits that will be in the link at any given time? c. Provide an interpretation of the delay-bandwidth product. d. What is the width (in meter) of a bit in the link? Chapter 02: Application Layer 1. Two HTTP request methods are GET and POST. Are there any other methods in HTTP/1.0 or in HTTP/1.1. If yes, what are these methods used for? 2. Within the web browser, a link is clicked to obtain a web page. Suppose that a DNS look-up is necessary to obtain the IP address, because the IP address for the associated URL is not cached. Suppose that n DNS servers are visited before your host receives the IP address from DNS; the successive visits incur an RTT of RTT1, …, RTTn. Further suppose that the Web page associated with the link contains exactly one object, consisting of a small amount of HTML text. Let RTT0 denote the RTT between the local host and the server containing the object. Assuming zero transmission time of the object, how much time elapses from when the client clicks on the link until the client receives the object (according to Kurose, Ross, Problems, chapter) 3. Referring to question (2), suppose the page contains three very small objects. Neglecting transmission times, how much time elapses with (a) nonpersistent HTTP with no parallel TCP connections, (b) nonpersistent HTTP with arallel connections, (c) persistent HTTP with pipelining. 4. What are the well known port numbers for FTP (File transfer protocol), TFTP (trivial file transfer protocol) and NTP (network time protocol)? Visit: http/www.iana.org for an answer. Give a second source to obtain an answer to the question. 5. Consider an e-commerce site that wants to keep a purchase record for each of its customers. Describe how this can be done with cookies 6. Is it possible that an organization's Web server and mail server have exactly the same alias for a hostname (e.g., foo.com)? What would be the "type" for the RR that contains the hostname of the mail server? Problem 1: Beside GET and POST, there are some other methods in HTTP/1.0 and HTTP 1.1 such as HEAD: asks server to leave requested object out of response. PUT: uploads file in entity body to path specified in URL field. DELETE: deletes file specified in URL field. Problem 2: -Total amount of time to obtain the IP address is: RTT1+ RTT2+…+ RTTn -The object/file transmission time is 2RTT + Transmission time -Since RTT0 = RTT, and Transmission time of the object is assumed zero. Therefore, the time elapses from when the client clicks on the link until the client receives the object is: 2RTT0 + RTT1+RTT2+…+RTTn Problem 3: Problem 4: - The well known port numbers for o FTP: 21 o TFTP: 69 o NTP: 123 - Second source for list of TCP and UDP http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers port numbers Problem 5: Problem 6: -It is possible. - Mail server: mail.hostname. Example hostname: foo.com -> mail server can be ‘mail.foo.com’. : Chapter 3: Transport Layer 1. Consider transferring an enormous file of L bytes from host A to host B. Assumme an MSS of 1460 bytes. a. What us the maximum length of L such that TCP sequence numbers are not exhausted? Recall that the TCP number field has four bytes. b. For the L you obtain in (a), find how long it takes to transmit the file. Assme that a total of 66 bytes of transport, network and data-link header are added to each segment before the resulting packet is sent out over a 10 Mbps link. Ignore flow control and congestion control, so A can pump out the segments back-to-back and continuously.? 2. Consider the following plot of TCP window size as a function of time. Assuming TCP Reno is the protocol experiencing the behavior shown above, answer the following questions. In all cases, you should provide a short discussion justifying your answer. a. Identify the intervals of time when TCP slow start is operating. b. Identify the intervals of time when TCP congestion avoidance is operating. c. After 16th transmission round, is segment loss detected by a triple duplicate ACK or by a timeout? d. After the 22nd transmission round, is segment loss detected by a triple duplicate ACK or by a timeout? e. What is the initial value of Threshold at the first transmission round? f. What is the value of Threshold at the 18th transmission round? g. What is the value of Threshold at the 24th transmission round? h. During what transmission round is the 7th segment sent? i. Assuming a packet loss is detected after the 26th round by the receipt of a triple duplicate ACK, what will be the values of the congestion window size of Threshold? 3. Consider sending an object of size O=100 Kbytes from server to client. Let S=536 bytes and RTT=100 msec. Suppose the transport protocol uses static windows with window size W. a. For a transmission rate of 28 kbps, determine the minimum possible latency. Determine the minimum window size that achieves this latency. b. Repeat a) for 1 Mbps. Chapter 4: Network Layer 1. What is the 32 Bit binary equivalent of the IP address 223.1.3.27? 2. Suppose an application generates chunks 40 bytes of data every 20 msec, and each chunk gets encapsulated in a TCP segment and then an IP datagram. What percentage of each datagram will be overhead and what percentage will be application data? 3. Consider sending a 3000 byte datagram into a link that has a MTU of 500 bytes. Suppose the original datagram is stamped with the identification number 422. How many fragments are generated? What are their characteristics? 4. Consider the topology shown in Figure 1. Denote the three subnets with hosts (starting clockwise at 12:00) as Networks A, B, and C. Denote the subnets without hosts as Networks D, E, and F. a. Assign network addresses to each of these six subnets, with the following constraints: All addresses must be allocated from 214.97.254/17; Subnet A should have enough addresses to support 250 interfaces; Subnet B should have enough addresses to support 120 interfaces; and Subnet C should have enough addresses to support 120 interfaces. Of course, subnets D, E and F should each be able to support two interfaces. For each subnet, the assignment should take the form a.b.c.d/x or a.b.c.d/x – e.f.g.h/y. b. Using your answer to part (a), provide the forwarding tables (using longest prefix matching) for each of the three routers. 5. Compare and contrast the IPv4 and the IPv6 header fields. Do they have any fields in common? 6. Consider a datagram network using 8-Bit host addresses. Suppose a router uses longest prefix matching and has the following forwarding table: Prefix match Interfaces 10 11 1 111 2 Otherwise (default) 3 For each of the four interfaces, give the associated range of destination host addresses and the number of addresses in the range. Chapter 5: Link Layer 1. Consider three LANs interconnected by two routers, as shown in the diagram below. a. Redraw the diagram to include adapters. b. Assign IP addresses to all of the interfaces. For LAN 1 use addresses of the form 111.111.111.xxx ; for LAN 2 uses addresses of the form 122.222.222.xxx ; and for LAN 3 use addresses of the form 133.333.333.xxx . c. Assign MAC addresses to all of the adapters. d. Consider sending an IP datagram from host A to host F. Suppose all the ARP tables are up-todate. Enumerate all the steps as done for the single-router example in the lectures. e. Repeat (d), now assuming that the ARP table in the sending host is empty (and the other tables are up-to-date). 2. Suppose nodes A and B are on the same 10 Mbps Ethernet segment, and the propagation delay between the two nodes is 225 bit times. Suppose node A begins transmitting a frame, and before it finishes station B begins transmitting a frame. Can A finish transmitting before it detects that B has transmitted? Why or why not? If the answer is yes, then A incorrectly believes that its frame was successfully transmitted without a collision. Hint: Suppose at time t=0 bit times, A begins transmitting a frame. In the worst case, A transmits a minimum size frame of 512+64 bit times. So A would finish transmitting the frame at t=512+64 bit times. Thus the answer is no if B's signal reaches A before bit time t=512+64 bits. In the worst case, when does B's signal reach A? 3. Suppose nodes A and B are on the same 10 Mbps Ethernet segment, and the propagation delay between the two nodes is 225 bit times. Suppose A and B send frames at the same time, the frames collide, and then A and B choose different values of K in the CSMA/CD algorithm. Assuming no other nodes are active, can the retransmissions from A and B collide? For our purposes, it suffices to work out the following example. Suppose A and B begin transmission at t=0 bit times. They both detect collisions at t=225 bit times. They finish transmitting jam signal at t= 225+48= 273 bit times. Suppose KA=0 and KB=1. At what time does B schedule its retransmission? At what time does A begin transmission? (Note, the nodes must wait for an idle channel after returning to Step 2-- see protocol.) At what time does A's signal reach B? Does B refrain from transmitting at its scheduled time? Wireshark Labs Wireshark HTTP 1. The Basic HTTP GET/response interaction 1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running? Answer: - My browser verion: HTTP 1.1 -Version of HTTP the server running: 2. What languages (if any) does your browser indicate that it can accept to the server? Answer: Accept-Language: vi-vn,vi;q=0.8,en-us;q=0.5,en;q=0.3\r\n => Vietnamese and English are both accepted by the server. 3. What is the IP address of your computer? Of the gaia.cs.umass.edu server? Answer: -IP address of my computer: 192.168.1.177 -IP address of the gaia.cs.umass.edu server: 128.119.245.12 4. What is the status code returned from the server to your browser? Answer: - Status code: 304 – Not modified. 5. When was the HTML file that you are retrieving last modified at the server? 6. How many bytes of content are being returned to your browser? 7. By inspecting the raw data in the packet content window, do you see any headers within the data that are not displayed in the packet-listing window? If so, name one. 2. The HTTP CONDITIONAL GET/response interaction 8. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an IFMODIFIED-SINCE” line in the HTTP GET? 9. Inspect the contents of the server response. Did the server explicitly return the contents of the file? How can you tell? 10. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET? If so, what information follows the “IF-MODIFIEDSINCE:” header? 11. What is the HTTP status code and phrase returned from the server in response to this second HTTP GET? Did the server explicitly return the contents of the file? Explain. 3. Retrieving Long Documents 12. How many HTTP GET request messages were sent by your browser? 13. How many data-containing TCP segments were needed to carry the single HTTP response? 14. What is the status code and phrase associated with the response to the HTTP GET request? 15. Are there any HTTP status lines in the transmitted data associated with a TCP-induced Continuation”? 4. HTML Documents with Embedded Objects 16. How many HTTP GET request messages were sent by your browser? To which Internet addresses were these GET requests sent? 17. Can you tell whether your browser downloaded the two images serially, or whether they were downloaded from the two web sites in parallel? Explain. 5 HTTP Authentication 18. What is the server’s response (status code and phrase) in response to the initial HTTP GET message from your browser? 19. When your browser’s sends the HTTP GET message for the second time, what new field is included in the HTTP GET message? Wireshark DNS 1. nslookup 1. Run nslookup to obtain the IP address of a Web server in Asia. 2. Run nslookup to determine the authoritative DNS servers for a university in Europe. 3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail servers for Yahoo! mail. 2. ipconfig -No question. 3. Tracing DNS with Wireshark 4. Locate the DNS query and response messages. Are then sent over UDP or TCP? 5. What is the destination port for the DNS query message? What is the source port of DNS response message? 6. To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your local DNS server. Are these two IP addresses the same? 7. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”? 8. Examine the DNS response message. How many “answers” are provided? What do each of these answers contain? 9. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of the SYN packet correspond to any of the IP addresses provided in the DNS response message? 10. This web page contains images. Before retrieving each image, does your host issue new DNS queries? 11. What is the destination port for the DNS query message? What is the source port of DNS response message? 12. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server? 13. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”? 14. Examine the DNS response message. How many “answers” are provided? What do each of these answers contain? 15. Provide a screenshot. 16. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server? 17. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”? 18. Examine the DNS response message. What MIT nameservers does the response message provide? Does this response message also provide the IP addresses of the MIT namesers? 19. Provide a screenshot. 20. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server? If not, what does the IP address correspond to? 21. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any “answers”? 22. Examine the DNS response message. How many “answers” are provided? What does each of these answers contain? 23. Provide a screenshot. Wireshark UDP 1. Select one packet. From this packet, determine how many fields there are in the UDP header. (Do not look in the textbook! Answer these questions directly from what you observe in the packet trace.) Name these fields. 2. From the packet content field, determine the length (in bytes) of each of the UDP header fields. 3. The value in the Length field is the length of what? Verify your claim with your captured UDP packet. 4. What is the maximum number of bytes that can be included in a UDP payload. 5. What is the largest possible source port number? 6. What is the protocol number for UDP? Give your answer in both hexadecimal and decimal notation. (To answer this question, you’ll need to look into the IP header.) 7. Search “UDP” in Google and determine the fields over which the UDP checksum is calculated. 8. Examine a pair of UDP packets in which the first packet is sent by your host and the second packet is a reply to the first packet. Describe the relationship between the port numbers in the two packets. Extra Credit 1. Capture a small UDP packet. Manually verify the checksum in this packet. Show all work and explain all steps. Wireshark TCP 1. Capturing a bulk TCP transfer from your computer to a remote server 2. A first look at the captured trace 1. What is the IP address and TCP port number used by the client computer (source)that is transferring the file to gaia.cs.umass.edu? To answer this question, it’s probably easiest to select an HTTP message and explore the details of the TCP packet used to carry this HTTP message, using the “details of the selected packet header window” (refer to Figure 2 in the “Getting Started with Wireshark” Lab ifyou’re uncertain about the Wireshark windows. 2. What is the IP address of gaia.cs.umass.edu? On what port number is it sending and receiving TCP segments for this connection? 3. What is the IP address and TCP port number used by you(source) to transfer the file to gaia.cs.umass.edu? 3. TCP Basics 4. What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu? What is it in the segment that identifies the segment as a SYN segment? 5. What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN? What is the value of the ACKnowledgement field in the SYNACK segment? How did gaia.cs.umass.edu determine that value? What is it in the segment that identifies the segment as a SYNACK segment? 6. What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command, you’ll need to dig into the packet content field at the bottom of the Wireshark window, looking for a segment with a “POST” within its DATA field. 7. Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. What are the sequence numbers of the first six segments in the TCP connection (including the segment containing the HTTP POST)? At what time was each segment sent? When was the ACK for each segment received? Given the difference between when each TCP segment was sent, and when its acknowledgement was received, what is the RTT value for each of the six segments? What is the EstimatedRTT value (see page 249 in text) after the receipt of each ACK? Assume that the value of the EstimatedRTT is equal to the measured RTT for the first segment, and then is computed using the EstimatedRTT equation on page 249 for all subsequent segments. Note: Wireshark has a nice feature that allows you to plot the RTT for each of the TCP segments sent. Select a TCP segment in the “listing of captured packets” window that is being sent from the client to the gaia.cs.umass.edu server. Then select: Statistics->TCP Stream Graph->Round Trip Time Graph. 8. What is the length of each of the first six TCP segments? 9. What is the minimum amount of available buffer space advertised at the received for the entire trace? Does the lack of receiver buffer space ever throttle the sender? 10. Are there any retransmitted segments in the trace file? What did you check for (in the trace) in order to answer this question? 11. How much data does the receiver typically acknowledge in an ACK? Can you identify cases where the receiver is ACKing every other received segment (see Table 3.2 on page 257 in the text). 12. What is the throughput (bytes transferred per unit time) for the TCP connection? Explain how you calculated this value. 4. TCP congestion control in action 13. Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number versus time plot of segments being sent from the client to the gaia.cs.umass.edu server. Can you identify where TCP’s slowstart phase begins and ends, and where congestion avoidance takes over? Comment on ways in which the measured data differs from the idealized behavior of TCP that we’ve studied in the text. 14. Answer each of two questions above for the trace that you have gathered when you transferred a file from your computer to gaia.cs.umass.edu Wireshark IP 1. Capturing packets from an execution of traceroute 2. A look at the captured trace 1. Select the first ICMP Echo Request message sent by your computer, athe Internet Protocol part of the packet in the packet details window. What is the IP address of your computer? 2. Within the IP packet header, what is the value in the upper layer protocol field? 3. How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes. 4. Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented. 5. Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer? 6. Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why? 7. Describe the pattern you see in the values in the Identification field of the IP datagram 8. What is the value in the Identification field and the TTL field? 9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router? Why? Fragmentation 10. Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet Size in pingplotter to be 2000. Has that message been fragmented across more than one IP datagram? [Note: if you find your packet has not been fragmented, you should download the zip file http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract the ip-ethereal-trace-1packet trace. If your computer has an Ethernet interface, a packet size of 2000 should cause fragmentation.] 11. Print out the first fragment of the fragmented IP datagram. What information in the IP header indicates that the datagram been fragmented? What information in the IP header indicates whether this is the first fragment versus a latter fragment? How long is this IP datagram? 12. Print out the second fragment of the fragmented IP datagram. What information in the IP header indicates that this is not the first datagram fragment? Are the more fragments? How can you tell? 13. What fields change in the IP header between the first and second fragment? 14. How many fragments were created from the original datagram? 15. What fields change in the IP header among the fragments? Wireshark ICMP 1. ICMP and Ping 1. What is the IP address of your host? What is the IP address of the destination host? 2. Why is it that an ICMP packet does not have source and destination port numbers? 3. Examine one of the ping request packets sent by your host. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields? 4. Examine the corresponding ping reply packet. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields? 2. ICMP and Traceroute 5. What is the IP address of your host? What is the IP address of the target destination host? 6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for the probe packets? If not, what would it be? 7. Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping query packets in the first half of this lab? If yes, how so? 8. Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo packet. What is included in those fields? 9. Examine the last three ICMP packets received by the source host. How are these packets different from the ICMP error packets? Why are they different? 10. Within the tracert measurements, is there a link whose delay is significantly longer than others? Refer to the screenshot in Figure 4, is there a link whose delay is significantly longer than others? On the basis of the router names, can you guess the location of the two routers on the end of this link? Wireshark DHCP DHCP Experiment 1. Are DHCP messages sent over UDP or TCP? 2. Draw a timing datagram illustrating the sequence of the first four-packet Discover/Offer/Request/ACK DHCP exchange between the client and server. For each packet, indicated the source and destination port numbers. Are the port numbers the same as in the example given in this lab assignment? 3. What is the link-layer (e.g., Ethernet) address of your host? 4. What values in the DHCP discover message differentiate this message from the DHCP request message? 5. What is the value of the Transaction-ID in each of the first four (Discover/Offer/Request/ACK) DHCP messages? What are the values of the Transaction-ID in the second set (Request/ACK) set of DHCP messages? What is the purpose of the Transaction-ID field? 6. A host uses DHCP to obtain an IP address, among other things. But a host’s IP address is not confirmed until the end of the four-message exchange! If the IP address is not set until the end of the four-message exchange, then what values are used in the IP datagrams in the four-message exchange? For each of the four DHCP messages (Discover/Offer/Request/ACK DHCP), indicate the source and destination IP addresses that are carried in the encapsulating IP datagram. 7. What is the IP address of your DHCP server? 8. What IP address is the DHCP server offering to your host in the DHCP Offer message? Indicate which DHCP message contains the offered DHCP address. 9. In the example screenshot in this assignment, there is no relay agent between the host and the DHCP server. What values in the trace indicate the absence of a relay agent? Is there a relay agent in your experiment? If so what is the IP address of the agent? 10. Explain the purpose of the router and subnet mask lines in the DHCP offer message. 11. In the example screenshots in this assignment, the host requests the offered IP address in the DHCP Request message. What happens in your own experiment? 12. Explain the purpose of the lease time. How long is the lease time in your experiment? 13. What is the purpose of the DHCP release message? Does the DHCP server issue an acknowledgment of receipt of the client’s DHCP request? What would happen if the client’s DHCP release message is lost? 14. Clear the bootp filter from your Wireshark window. Were any ARP packets sent or received during the DHCP packet-exchange period? If so, explain the purpose of those ARP packets. Wireshark EthernetARP 1. Capturing and analyzing Ethernet frames 1. What is the 48-bit Ethernet address of your computer? 2. What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of gaia.cs.umass.edu? (Hint: the answer is no). What device has this as its Ethernet address? [Note: this is an important question, and one that students sometimes get wrong. Re-read pages 468-469 in the text and make sure you understand the answer here.] 3. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s) whose value is 1 mean within the flag field? 4. How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear in the Ethernet frame? 5. What is the hexadecimal value of the CRC field in this Ethernet frame? 6. What is the value of the Ethernet source address? Is this the address of your computer, or of gaia.cs.umass.edu (Hint: the answer is no). What device has this as its Ethernet address? 7. What is the destination address in the Ethernet frame? Is this the Ethernet address of your computer? 8. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s) whose value is 1 mean within the flag field? 9. How many bytes from the very start of the Ethernet frame does the ASCII “O” in “OK” (i.e., the HTTP response code) appear in the Ethernet frame? 10. What is the hexadecimal value of the CRC field in this Ethernet frame? 2. The Address Resolution Protocol 11. Write down the contents of your computer’s ARP cache. What is the meaning of each column value? Observing ARP in action 12. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP request message? 13. Give the hexadecimal value for the two-byte Ethernet Frame type field. What do the bit(s) whose value is 1 mean within the flag field? 14. Download the ARP specification from ftp://ftp.rfc-editor.org/in-notes/std/std37.txt. A readable, detailed discussion of ARP is also at http://www.erg.abdn.ac.uk/users/gorry/course/inetpages/arp.html. a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin? b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP request is made? c) Does the ARP message contain the IP address of the sender? d) Where in the ARP request does the “question” appear – the Ethernet address of the machine whose corresponding IP address is being queried? 15. Now find the ARP reply that was sent in response to the ARP request. a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin? b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an ARP response is made? c) Where in the ARP message does the “answer” to the earlier ARP request appear – the IP address of the machine having the Ethernet address whose corresponding IP address is being queried? 16. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP reply message? 17. Open the ethernet-ethereal-trace-1 trace file in http://gaia.cs.umass.edu/wireshark-labs/wiresharktraces.zip. The first and second ARP packets in this trace correspond to an ARP request sent by the computer running Wireshark, and the ARP reply sent to the computer running Wireshark by the computer with the ARP-requested Ethernet address. But there is yet another computer on this network, as indiated by packet 6 – another ARP request. Why is there no ARP reply (sent in response to the ARP request in packet 6) in the packet trace? Extra Credit EX-1. The arp command: arp -s InetAddr EtherAddr allows you to manually add an entry to the ARP cache that resolves the IP address InetAddr to the physical address EtherAddr. What would happen if, when you manually added an entry, you entered the correct IP address, but the wrong Ethernet address for that remote interface? EX-2. What is the default amount of time that an entry remains in your ARP cache before being removed. You can determine this empirically (by monitoring the cache contents) or by looking this up in your operation system documentation. Indicate how/where you determined this value.