2011
Vietnamese-German University
Nguyen Dinh Thong
[COMPUTER NETWORKING]
[Type the abstract of the document here. The abstract is typically a short summary of the contents of the
document. Type the abstract of the document here. The abstract is typically a short summary of the contents of
the document.]
Table of Contents
Table of Contents ..................................................................................................................................................... 1
Exercises ................................................................................................................................................................... 3
Chapter 01: Introduction ..................................................................................................................................... 3
Problem 1: ........................................................................................................................................................ 3
Problem 2: ........................................................................................................................................................ 5
Problem 3: ........................................................................................................................................................ 5
Problem 4: ........................................................................................................................................................ 6
Problem 5: ........................................................................................................................................................ 6
Chapter 02: Application Layer .......................................................................................................................... 7
Problem 1: ........................................................................................................................................................ 7
Problem 2: ........................................................................................................................................................ 7
Problem 3: ........................................................................................................................................................ 7
Problem 4: ........................................................................................................................................................ 8
Problem 5: ........................................................................................................................................................ 8
Problem 6: ........................................................................................................................................................ 8
Chapter 3: Transport Layer .................................................................................................................................. 9
Problem 1: ........................................................................................................................................................ 9
Problem 2: ........................................................................................................................................................ 9
Problem 3: ...................................................................................................................................................... 10
Chapter 4: Network Layer .................................................................................................................................. 12
Problem 1: ...................................................................................................................................................... 12
Problem 2: ...................................................................................................................................................... 12
Problem 3: ...................................................................................................................................................... 12
Problem 4: ...................................................................................................................................................... 12
Problem 5: ...................................................................................................................................................... 13
Problem 6: ...................................................................................................................................................... 13
Chapter 5: Link Layer ......................................................................................................................................... 14
Problem 1: ...................................................................................................................................................... 14
Problem 2: ...................................................................................................................................................... 14
Problem 3: ...................................................................................................................................................... 14
Wireshark Labs ....................................................................................................................................................... 15
Wireshark HTTP.............................................................................................................................................. 15
Wireshark DNS ............................................................................................................................................... 21
Wireshark UDP ............................................................................................................................................... 29
Wireshark TCP ................................................................................................................................................ 31
Wireshark IP ................................................................................................................................................... 36
Wireshark ICMP ............................................................................................................................................. 42
Wireshark DHCP ............................................................................................................................................. 46
Wireshark EthernetARP ................................................................................................................................. 53
Exercises
Chapter 01: Introduction
Problem 1:
Design and describe an application-level protocol to be used between an Automatic Teller Machine,
and a bank's centralized computer. Your protocol should allow a user's card and password to be verified, the
account balance (which is maintained at the centralized computer) to be queried, and an account withdrawal
(i.e., when money is given to the user) to be made. Your protocol entities should be able to handle the all-toocommon case in which there is not enough money in the account to cover the withdrawal. Specify your
protocol by listing the messages exchanged, and the action taken by the Automatic Teller Machine or the
bank's centralized computer on transmission and receipt of messages. Sketch the operation of your protocol
for the case of a simple withdrawal with no errors, using some form of sequence diagram. Explicitly state the
assumptions made by your protocol about the underlying end-to-end transport service.
Answer:
Messeage sent from ATM to Centralized computer
CheckCard<CardNumber>
Ask for checking card & Card number
VerifyPassword<Password>
Ask for verifying password
ReportBalance
Ask for retrieving balance
Withdrawl<Amount>
Ask for withdrawl “amount” money
Message sent from Centralize computer to ATM
PasswordRequire
Ask for entering password from user
BalanceDisplay<Balance>
Display balance at ATM
WithdrawlAccepted
Accept withdrawl of user and dispense money
WithdrawRejected
Reject withdrawl of user
Message of Centralize computer
CheckCard(CardNumber)
VerifyPassword(Password)
RetrieveBalance
CheckWithdrawlAmount(Amount)
Check if card is valid
Verify if password is valid
Retrieve account balance
Check if enough for withdrawl
Enough money for withdrawl
NOT enough money for withdrawl
Problem 2:
This elementary problem begins to explore propagation delay and transmission delay, two central
concepts in data networking. Consider two hosts, Hosts A and B, connected by a single link of rate R bps.
Suppose that the two hosts are separated by m meters, and suppose the propagation speed along the link is s
meters/sec. Host A is to send a packet of size L bits to Host B.
a. Express the propagation delay, dprop in terms of m and s.
b. Determine the transmission time of the packet, dtrans in terms of L and R.
c. Ignoring processing and queing delays, obtain an expression for the end-to-end delay.
d. Suppose Host A begins to transmit the packet at time t=0. At time t=dtrans, where is the last bit of
the packet?
e. Suppose dprop is greater than dtrans . At time t=dtrans, where is the first bit of the packet?
f. Suppose dprop is less than dtrans . At time t=dtrans, where is the first bit of the packet?
g. Suppose s=2.5*108, L=100 bits and R=28 kbps. Find the distance m so that dprop equals dtrans.
Answer:
a.
b.
c.
d.
e.
f.
g.
dprop = m /s
dtrans= L/R
End-to-end delay ignoring processing and queing delays is: d= dprop+ dtrans = m/s + L/R
At time t=dtrans, the last bit of packet has just left the host A.
The first bit of packet in on the link and has not come to Host B at time t=dtrans.
At time t=dtrans and dprop<dtrans, the first bit of the packet came to Host B.
dprop = dtrans
<=> m/s = L/R
=> m = L * s / R
=> m = [100 * (2.5 * 10^8 ) ] / [28 * 10^3]
=> m= 892 857.14 meters =892.86 Km
Problem 3:
Consider an application that transmits data at a steady rate (e.g., the sender generates one packet of N
bits every k time units, where k is small and fixed). Also, when such an application starts, it will stay on for
relatively long period of time.
a. Would a packet-switched network or a circuit-switched network be more appropriate for this
application? Why?
b. Suppose that a packet-switched network is used and the only traffic in this network comes from such
applications as described above. Furthermore, assume that the sum of the application data rates is less
that the capacities of each and every link. Is some form of congestion control needed? Why or why
not?
Answer:
a. A circuit-switched network is more appropriate for this application because the transmission rate is
known and bandwidth can be reserved for each application session circuit with no significant
waste.
b. Congestion control is not needed because the capacity of each and every link is greater than the
sum of application data rates.
Problem 4:
Consider the queuing delay in a router buffer (preceding an outbound link). Suppose all packets are L
bits, the transmission rate is R bps and that N packets arrive to the buffer every LN/R seconds. Find the average
queuing delay of a packet.
Answer:
- The queuing delay of 1st packet is:
0 sec
nd
- The queuing delay of 2 packet is:
1 x L/R sec
rd
- The queuing delay of 3 packet is:
2 x L/R sec
th
- The queuing delay of 4 packet is:
3 x L/R sec
=> The queuing delay of packet N is : (N-1) x L/R sec
=> The average queuing delay of a packet = [ L/R x (1+2 + 3 + … + (N-1)) ] /N
(We knew that 1+2+3+..+N = N x (N+1) /2)
= [L/R x ( (N-1) x N /2)] / N
= L/R x (N-1) / 2
= (N-1)L/ (2R)
Problem 5:
Suppose two hosts, A and B are separated be 10000 km and are connected by a direct link of R=1Mbps.
Suppose the propagation speed over the link is 2.5x10^8 m/s
a. Calculate the bandwidth-delay product.
b. Consider sending a file of 400000 Bit from host A to host B. Suppose the file is
sent continuously as one big message. What is the maximum number of bits that
will be in the link at any given time?
c. Provide an interpretation of the delay-bandwidth product.
d. What is the width (in meter) of a bit in the link?
Answer:
We have:
m = 10000km = 10^7 m
R= 1Mbps = 10^6 bps
s = 2.5 x 10^8 m/s
a. Bandwidth-delay product = R x dprop
=(R x m)/s
= (10^6 x 10^7) / (2.5 X 10^8)
=10^5 /2.5
=40000 bits
b. 40 000 bits
c. The bandwidth-delay product: is the maximum number of bits that can be in the link.
d. The width of a bit in the link = Length of link / bandwidth delay product
= 10^7 / 40000 = 250 m
Chapter 02: Application Layer
Problem 1:
Two HTTP request methods are GET and POST. Are there any other methods in HTTP/1.0 or in HTTP/1.1. If yes,
what are these methods used for?
Answer:
Beside GET and POST, there are some other methods in HTTP/1.0 and HTTP 1.1 such as
HEAD: asks server to leave requested object out of response.
PUT: uploads file in entity body to path specified in URL field.
DELETE: deletes file specified in URL field.
Problem 2:
Within the web browser, a link is clicked to obtain a web page. Suppose that a DNS look-up is necessary
to obtain the IP address, because the IP address for the associated URL is not cached. Suppose that n DNS
servers are visited before your host receives the IP address from DNS; the successive visits incur an RTT of
RTT1, …, RTTn. Further suppose that the Web page associated with the link contains exactly one object,
consisting of a small amount of HTML text. Let RTT0 denote the RTT between the local host and the server
containing the object. Assuming zero transmission time of the object, how much time elapses from when the
client clicks on the link until the client receives the object (according to Kurose, Ross, Problems, chapter)
Answer:
-Total amount of time to obtain the IP address is:
RTT1+ RTT2+…+ RTTn
-The object/file transmission time is
2RTT + Transmission time
-Since RTT0 = RTT, and Transmission time of the object is assumed zero. Therefore, the time elapses
from when the client clicks on the link until the client receives the object is:
2RTT0 + RTT1+RTT2+…+RTTn
Problem 3:
Referring to question (2), suppose the page contains three very small objects. Neglecting transmission
times, how much time elapses with
(a) nonpersistent HTTP with no parallel TCP connections,
(b) nonpersistent HTTP with parallel connections,
(c) persistent HTTP with pipelining.
Answer:
a. Nonpersistent HTTP with no parallel TCP connections. Time transmission for 3 object is 3 x2RTT0
=>Total amount of time is:
3 x2 RTT0 + 2RTT0 + RTT1+RTT2 +…+RTTn
= 8RTT0 + RTT1+RTT2+…+RTTn
b. Nonpersitent HTTP with parallel connections.
-If number of parallel connection = 2 , Time transmission for 3 objects is 2 x 2RTT0
=>Total amount of time is:
2 x 2RTT0 + 2RTT0 + RTT1+RTT2 +…+RTTn
=6RTT0 + RTT1+RTT2 +…+RTTn
-If number of parallel connection >= 3 , Time transmission for 3 objects is 2RTT0
=>Total amount of time is:
2RTT0 + 2RTT0 + RTT1+RTT2 +…+RTTn
=4RTT0 + RTT1+RTT2 +…+RTTn
c.
Problem 4:
What are the well known port numbers for FTP (File transfer protocol), TFTP (trivial file transfer
protocol) and NTP (network time protocol)? Visit: http/www.iana.org for an answer. Give a second source to
obtain an answer to the question.
Answer:
-
-
The well-known port numbers for
o FTP: 21
o TFTP: 69
o NTP: 123
Second
source
for
list
of
TCP
and
UDP
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
port
numbers
:
Problem 5:
Consider an e-commerce site that wants to keep a purchase record for each of its customers. Describe
how this can be done with cookies
Answer:
After the first time visit the e-commerce site, the site returns a cookie number and stores it on the host
of the customers. The cookie is managed by the browser. When customer visit the site next times, the browser
send the cookie number back to the site.
Problem 6:
Is it possible that an organization's Web server and mail server have exactly the same alias for a hostname (e.g.,
foo.com)? What would be the "type" for the RR that contains the hostname of the mail server?
Answer:
-It is possible.
- The "type" for the RR that contains the hostname of the mail server would be an MX record.
Chapter 3: Transport Layer
Problem 1:
Consider transferring an enormous file of L bytes from host A to host B. Assumme an MSS of 1460 bytes.
a. What us the maximum length of L such that TCP sequence numbers are not exhausted? Recall that
the TCP number field has four bytes.
b. For the L you obtain in (a), find how long it takes to transmit the file. Assme that a total of 66 bytes of
transport, network and data-link header are added to each segment before the resulting packet is sent
out over a 10 Mbps link. Ignore flow control and congestion control, so A can pump out the segments
back-to-back and continuously.?
Answer:
a. The maximum length of L equal with the maximum number of sequence number. Since there is 32
for sequence number in the TCP segment structure so the maximum length of L=maximum number
of sequence number = 2^32 = 4 294 967 296 (bytes).
b.
-The number of segment is : L/MSS = 2^32 / 1460 = 2 941 758,4 =2 941 759 (segment)
-Each segment is added 66 bytes so total number of byte of the headers is: L1 = 66 x number of
segment = 66 x 2 941 759 = 194 156 094 bytes
-Total byte (denoted is S) need to transmit is : S = L + L1 = 4 294 967 296 + 194 156 094 = 4 489 123
390 (bytes) = 4 489 123 390 x 8 = 35 912 987 120 (bits)
- Time to transmit is t = S/R = 35 912 987 120/ (10x10^6) = 3 591,29 sec
Problem 2:
Consider the following plot of TCP window size as a function of time.
Assuming TCP Reno is the protocol experiencing the behavior shown above, answer the following questions. In
all cases, you should provide a short discussion justifying your answer.
a. Identify the intervals of time when TCP slow start is operating.
b. Identify the intervals of time when TCP congestion avoidance is operating.
c. After 16th transmission round, is segment loss detected by a triple duplicate ACK or by a timeout?
d. After the 22nd transmission round, is segment loss detected by a triple duplicate ACK or by a
timeout?
e. What is the initial value of Threshold at the first transmission round?
f. What is the value of Threshold at the 18th transmission round?
g. What is the value of Threshold at the 24th transmission round?
h. During what transmission round is the 7th segment sent?
i. Assuming a packet loss is detected after the 26th round by the receipt of a triple duplicate ACK, what
will be the values of the congestion window size of Threshold?
Answer:
a. TCP slowstart is operating in the intervals [1,6] and [23,26]
b. TCP congestion advoidance is operating in the intervals [6,16] and [17,22]
c. After the 16th transmission round, packet loss is recognized by a triple duplicate ACK since the
windows size is greater than 1.
d. After the 22nd transmission round, segment loss is detected due to timeout, the windows size is set
to 1.
e. The threshold is initially 32, since it is at this window size that slowtart stops and congestion
avoidance begins.
f. The value of Threshold at the 18th transmission round is 42/2 = 21.
g. The value of Threshold at the 24th transmission round is 26/2 =13.
h.
Transmission round
Segment sent
1
1
2
2-3
3
4-7
4
8-15
th
 Segment 7 is sent at transmission round 3rd .
i.
The values of the congestion window size of Threshold will be set to half of current value of the
congestion windows = 8/2 =4.
Problem 3:
Consider sending an object of size O=100 Kbytes from server to client. Let S=536 bytes and RTT=100 msec.
Suppose the transport protocol uses static windows with window size W.
a. For a transmission rate of 28 kbps, determine the minimum possible latency. Determine the
minimum window size that achieves this latency.
b. Repeat a) for 1 Mbps.
Answer:
We have:
-
O = 100 Kbytes = 100 x 10^3 x 8 = 8x 10^5 bits
S=536 bytes = 536 x 8 = 4288 bits
RTT = 100 msec = 0.1 sec
-
Latency = 2 RTT + 0/R + (K-1)[S/R + RTT – W S/R] 
(With K = O/WS )
Since (K-1)[S/R + RTT – W S/R]  is always greater than or equal 0 . Therefore Latency is minimum
when (K-1) =0  0/WS – 1 = 0  W= O/S = 8 x 10^5 / 4288 = 186.576  187
The minimum possible latency = 2RTT + O/R when W=187
a. R = 28 kbps = 28x10^3 bps.
 Latency
= 2RTT + O/R
=2 x 0.1 + (8 x10^5) / (28 x 10^3)
= 0.2 + 28.571
= 28.771 sec  28.8 sec
b. R = 1 Mbps = 10^6 bps
 Latency
= 2RTT + O/R
= 2x0.1 + (8 x 10^5) / 10^6
= 0.2 + 0.8 = 1 sec
Chapter 4: Network Layer
Problem 1:
1. What is the 32 Bit binary equivalent of the IP address 223.1.3.27?
Answer:
223
1
3
27
11011111 00000001 00000011 00011011
Problem 2:
Suppose an application generates chunks 40 bytes of data every 20 msec, and each chunk gets
encapsulated in a TCP segment and then an IP datagram. What percentage of each datagram will be
overhead and what percentage will be application data?
Answer:
Problem 3:
Consider sending a 3000 byte datagram into a link that has a MTU of 500 bytes. Suppose the original
datagram is stamped with the identification number 422. How many fragments are generated? What
are their characteristics?
Answer:
-The maximum size of data field in each fragment is: 500-20 = 480 bytes. (20 bytes for IP
Header)
=> The number of fragments are generated (3000-20)/480 = 6.2 = 7
-Characteritics:
Order
1
2
3
4
5
6
7
Bytes in data field
480
480
480
480
480
480
3000- (480*6)=120
Identification
422
422
422
422
422
422
422
Offset
0
480
480+480=960
480+480+480=1440
480+480+480+480=1920
480+480+480+480+480=2400
480+480+480+480+480+480=2880
Flag
1
1
1
1
1
1
0
Problem 4:
Consider the topology shown in Figure 1. Denote the three subnets with hosts (starting clockwise at
12:00) as Networks A, B, and C. Denote the subnets without hosts as Networks D, E, and F.
a. Assign network addresses to each of these six subnets, with the following constraints: All
addresses must be allocated from 214.97.254/17; Subnet A should have enough addresses to
support 250 interfaces; Subnet B should have enough addresses to support 120 interfaces; and
Subnet C should have enough addresses to support 120 interfaces. Of course, subnets D, E and
F should each be able to support two interfaces. For each subnet, the assignment should take
the form a.b.c.d/x or a.b.c.d/x – e.f.g.h/y.
b. Using your answer to part (a), provide the forwarding tables (using longest prefix matching)
for each of the three routers.
Answer:
Problem 5:
Compare and contrast the IPv4 and the IPv6 header fields. Do they have any fields in common?
Answer:
Common fields:
Common field
Version
Source address
Destination address
IPv4
IPv4
32 bits
32 bits
IPv6
IPv6
128 bits
128bits
Problem 6:
Consider a datagram network using 8-Bit host addresses. Suppose a router uses longest
prefix matching and has the following forwarding table:
Prefix match Interfaces
Prefix match
Interfaces
1
0
11
1
111
2
Otherwise (default) 3
For each of the four interfaces, give the associated range of destination host addresses and the number
of addresses in the range.
Answer:
Chapter 5: Link Layer
Problem 1:
1. Consider three LANs interconnected by two routers, as shown in the diagram below.
a. Redraw the diagram to include adapters.
b. Assign IP addresses to all of the interfaces. For LAN 1 use addresses of the form 111.111.111.xxx ;
for LAN 2 uses addresses of the form 122.222.222.xxx ; and for LAN 3 use addresses of the form
133.333.333.xxx .
c. Assign MAC addresses to all of the adapters.
d. Consider sending an IP datagram from host A to host F. Suppose all the ARP tables are up-to-date.
Enumerate all the steps as done for the single-router example in the lectures.
e. Repeat (d), now assuming that the ARP table in the sending host is empty (and the
other tables are up-to-date).
Answer:
Problem 2:
Suppose nodes A and B are on the same 10 Mbps Ethernet segment, and the propagation delay between the
two nodes is 225 bit times. Suppose node A begins transmitting a frame, and before it finishes station B begins
transmitting a frame. Can A finish transmitting before it detects that B has transmitted? Why or why not? If the
answer is yes, then A incorrectly believes that its frame was successfully transmitted without a collision. Hint:
Suppose at time t=0 bit times, A begins transmitting a frame. In the worst case, A transmits a minimum size
frame of 512+64 bit times. So A would finish transmitting the frame at t=512+64 bit times. Thus the answer is
no if B's signal reaches A before bit time t=512+64 bits. In the worst case, when does B's signal reach A?
Answer:
Problem 3:
Suppose nodes A and B are on the same 10 Mbps Ethernet segment, and the propagation delay between the
two nodes is 225 bit times. Suppose A and B send frames at the same time, the frames collide, and then A and
B choose different values of K in the CSMA/CD algorithm. Assuming no other nodes are active, can the
retransmissions from A and B collide? For our purposes, it suffices to work out the following example. Suppose
A and B begin transmission at t=0 bit times. They both detect collisions at t=225 bit times. They finish
transmitting jam signal at t= 225+48= 273 bit times. Suppose KA=0 and KB=1. At what time does B schedule its
retransmission? At what time does A begin transmission? (Note, the nodes must wait for an idle channel after
returning to Step 2-- see protocol.) At what time does A's signal reach B? Does B refrain from transmitting at its
scheduled time?
Answer:
Wireshark Labs
Wireshark HTTP
1. The Basic HTTP GET/response interaction
1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?
Answer:
-My browser verion: HTTP 1.1
-Version of HTTP the server running: HTTP 1.1
2. What languages (if any) does your browser indicate that it can accept to the server?
Answer:
Accept-Language: vi-vn,vi;q=0.8,en-us;q=0.5,en;q=0.3
3. What is the IP address of your computer? Of the gaia.cs.umass.edu server?
Answer:
-IP address of my computer: 192.168.1.177
-IP address of the gaia.cs.umass.edu server: 128.119.245.12
4. What is the status code returned from the server to your browser?
Answer:
- Status code: HTTP/1.1 200 OK\r\n
5. When was the HTML file that you are retrieving last modified at the server?
Answer:
Last-Modified: Tue, 26 Jul 2011 11:35:01 GMT\r\n
6. How many bytes of content are being returned to your browser?
Answer:
Content-Length: 128\r\n => 128 bytes
7. By inspecting the raw data in the packet content window, do you see any headers within the data that are
not displayed in the packet-listing window? If so, name one.
2. The HTTP CONDITIONAL GET/response interaction
8. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an IFMODIFIED-SINCE” line in the HTTP GET?
Answer:
There is NO “If-Modified-Since” line from the first HTTP Get.
9. Inspect the contents of the server response. Did the server explicitly return the contents of the file? How
can you tell?
Answer:
Yes. The contents of the file is included in the “Line-based text data” field.
10. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you see an
“IF-MODIFIED-SINCE:” line in the HTTP GET? If so, what information follows the “IF-MODIFIED-SINCE:” header?
Answer:
Yes. The content of the line is: If-Modified-Since: Tue, 26 Jul 2011 11:57:01 GMT\r\n
11. What is the HTTP status code and phrase returned from the server in response to this second HTTP GET?
Did the server explicitly return the contents of the file? Explain.
Answer:
- The HTTP status code and phrase returned form the server: HTTP/1.1 304 Not Modified\r\n
- The server did not explicitly return the contents of the file; the field “Line-based text data” did not
appear in the second HTTP Get. The content of the file was cached at the client browser.
3. Retrieving Long Documents
12. How many HTTP GET request messages were sent by your browser?
Answer:
There are four HTTP Get Request messages was sent by my browser. The URI of the first request is :
http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file3.html. And the URI of three other requests is
http://gaia.cs.umass.edu/favicon.ico .
13. How many data-containing TCP segments were needed to carry the single HTTP response?
Answer:
There are 4 data-containing TCP segments according to frame 6,7,9 and 10.
14. What is the status code and phrase associated with the response to the HTTP GET request?
Answer:
The status code and the phrase: HTTP/1.1 200 OK\r\n
15. Are there any HTTP status lines in the transmitted data associated with a TCP-induced Continuation”?
Answer:
No.
4. HTML Documents with Embedded Objects
16. How many HTTP GET request messages were sent by your browser? To which Internet addresses were
these GET requests sent?
Answer:
There are three (03) HTTP GET request messages were sent by my browser to the following internet
addresses:
- 128.119.245.12
- 128.119.240.90
- 165.193.140.14
17. Can you tell whether your browser downloaded the two images serially, or whether they were downloaded
from the two web sites in parallel? Explain.
5 HTTP Authentication
18. What is the server’s response (status code and phrase) in response to the initial HTTP GET message from
your browser?
Answer:
The server’s response: HTTP/1.1 401 Authorization Required\\r\\n
19. When your browser’s sends the HTTP GET message for the second time, what new field is included in the
HTTP GET message?
Answer:
The new field: Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=\r\n
Wireshark DNS
1. nslookup
1. Run nslookup to obtain the IP address of a Web server in Asia.
Answer:
I ran nslookup and obtained the IP addresses 180.148.142.99 and 180.148.141.1 . Those are address of
the Web Server in Vietnam, www.vietnamexpress.net, an electronic newspaper.
2. Run nslookup to determine the authoritative DNS servers for a university in Europe.
Answer:
I ran nsloolup to determine the authoritative DNS servers for the University Of Manchester.
3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail servers for
Yahoo! mail.
Answer:
I used DNS server curlew.cs.man.ac.uk obtained in above to query for the Yahoo!mail.
2. ipconfig
-No question.
3. Tracing DNS with Wireshark
Part 3a:
4. Locate the DNS query and response messages. Are then sent over UDP or TCP?
Answer:
They are sent over UDP.
5. What is the destination port for the DNS query message? What is the source port of DNS response message?
Answer:
-The Destination port for the DNS query message: 53
-The source port of DNS response message: 53
6. To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your local
DNS server. Are these two IP addresses the same?
Answer:
- The DNS query message sent to IP address: 8.8.8.8
- There are two different IP address for the local DNS server: 8.8.8.8 and 208.67.222.222
7. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any
“answers”?
Answer:
- The “Type” of DNS query is Standar query.
- The query message does NOT contain any “answers”.
8. Examine the DNS response message. How many “answers” are provided? What do each of these answers
contain?
Answer:
-There is only one “answers”.
- The contain of the “answers”:
9. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of the SYN
packet correspond to any of the IP addresses provided in the DNS response message?
Answer:
Yes, the destination IP address of the SYN packet correspond to the IP address (64.170.98.30)) provided
in the DNS response message.
10. This web page contains images. Before retrieving each image, does your host issue new DNS queries?
Answer:
No. My host does not issue new DNS queries before retrieving imanges.
Part 3b:
11. What is the destination port for the DNS query message? What is the source port of DNS response
message?
Answer:
Both destination port for the DNS query message and source port of the DNS response message are 53.
12. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?
Answer:
-DNS query message sent to IP address: 208.77.222.222
-It (208.67.222.222) is my default local DNS server.
13. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any
“answers”?
Answer:
-The type of DNS query: standard query A.
- The query message does not contain any “answers”.
14. Examine the DNS response message. How many “answers” are provided? What do each of these answers
contain?
Answer:
- There is one “answers” in the DNS response message.
-The contain of the “answer”:
15. Provide a screenshot.
Part 3C
16. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?
Answer:
-DNS query message sent to IP address: 208.77.222.222
-It (208.67.222.222) is my default local DNS server.
17. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any
“answers”?
Answer:
- Type of DNS query: NS
- The query message does NOT contain any “answer”.
18. Examine the DNS response message. What MIT nameservers does the response message provide? Does this
response message also provide the IP addresses of the MIT namesers?
Answer:
- The response message provice three nameserves:
W20NS.mit.edu, STRAB.mit.edu and
BITSY.mit.edu.
- The response message does not provide the IP address of the MIT nameservers.
19. Provide a screenshot.
20. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server? If
not, what does the IP address correspond to?
Answer:
-The DNS query message sent to IP address: 18.72.0.3
-It (18.72.0.3) is NOT my default local DNS server.
21. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any
“answers”?
Answer:
- The DNS query type: Standard query A.
-The query message does NOT contain any “answers”.
22. Examine the DNS response message. How many “answers” are provided? What does each of these answers
contain?
Answer:
- There is only one “answers” is provided.
- The contain of the “answers”:
23. Provide a screenshot.
Answer:
Wireshark UDP
1. Select one packet. From this packet, determine how many fields there are in the UDP header. (Do not look in
the textbook! Answer these questions directly from what you observe in the packet trace.) Name these fields.
Answer:
-There are four fields in the UDP header: Source port, Destination port, Length and Checksum.
2. From the packet content field, determine the length (in bytes) of each of the UDP header fields.
Answer:
The length of each of the UDP header fields is 2 bytes length.
3. The value in the Length field is the length of what? Verify your claim with your captured UDP packet.
Answer:
The value in the Length field is the length of 8 header bytes and 28 bytes of data. In the figure above,
the Length is 36 = 8 + 28 (bytes).
4. What is the maximum number of bytes that can be included in a UDP payload.
Answer:
8 bytes are used for header so the maximum number of bytes that can be include in a UDP payload is:
216-8 =65528 bytes
5. What is the largest possible source port number?
Answer:
The largest possible source port number: 216-1 = 65535.
6. What is the protocol number for UDP? Give your answer in both hexadecimal and decimal notation. (To
answer this question, you’ll need to look into the IP header.)
Answer:
-The IP protocol number of UDP: 17 in decimal is 0x11 in hexadecimal.
7. Search “UDP” in Google and determine the fields over which the UDP checksum is calculated.
Answer:
The method used to compute the checksum is defined in RFC 768:
Checksum is the 16-bit one's complement of the one's complement sum of a pseudo header of
information from the IP header, the UDP header, and the data, padded with zero octets at the end (if
necessary) to make a multiple of two octets.[5]
In other words, all 16-bit words are summed using one's complement arithmetic. The sum is then one's
complemented to yield the value of the UDP checksum field.
If the checksum calculation results in the value zero (all 16 bits 0) it should be sent as the one's
complement (all 1s).
Ref: http://en.wikipedia.org/wiki/User_Datagram_Protocol
8. Examine a pair of UDP packets in which the first packet is sent by your host and the second packet is a reply
to the first packet. Describe the relationship between the port numbers in the two packets.
Answer:
Extra Credit
1. Capture a small UDP packet. Manually verify the checksum in this packet. Show all work and explain all
steps.
Wireshark TCP
1. Capturing a bulk TCP transfer from your computer to a remote server
2. A first look at the captured trace
1. What is the IP address and TCP port number used by the client computer (source)that is transferring the file
to gaia.cs.umass.edu? To answer this question, it’s probably easiest to select an HTTP message and explore the
details of the TCP packet used to carry this HTTP message, using the “details of the selected packet header
window” (refer to Figure 2 in the “Getting Started with Wireshark” Lab ifyou’re uncertain about the Wireshark
windows.
Answer
+ IP address: 192.168.1.102
+ Port number: 1162
2. What is the IP address of gaia.cs.umass.edu? On what port number is it sending and receiving TCP segments
for this connection?
Answer:
-IP address of gaia.cs.umass.edu: 128.119.245.12
-Port number: 80
3. What is the IP address and TCP port number used by you(source) to transfer the file to gaia.cs.umass.edu?
Answer
+ IP address: 192.168.1.177
+ Port number: 7809
3. TCP Basics
4. What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between
the client computer and gaia.cs.umass.edu? What is it in the segment that identifies the segment as a SYN
segment?
Answer:
- The sequence number of the TCP SYN: 0
- In the segment the SYN flag is set to 1
5. What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in
reply to the SYN? What is the value of the ACKnowledgement field in the SYNACK segment? How did
gaia.cs.umass.edu determine that value? What is it in the segment that identifies the segment as a SYNACK
segment?
Answer:
-The sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in
reply to the SYN: 0
- The value of the ACKnowledgement field in the SYNACK segment: 1
- gaia.cs.umass.edu determine that value by adding 1 to the initial sequence number of SYN segment
from the client compuer.
- In the segment the SYN flag and Acknowledgemen flag are set to 1. They indicate that this segment is
a SYNACK segment.
6. What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order
to find the POST command, you’ll need to dig into the packet content field at the bottom of the Wireshark
window, looking for a segment with a “POST” within its DATA field.
Answer:
- The sequence number of the TCP segment containing the HTTP POST command is 1 as the figure
below.
7. Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. What are
the sequence numbers of the first six segments in the TCP connection (including the segment containing the
HTTP POST)? At what time was each segment sent? When was the ACK for each segment received?
Given the difference between when each TCP segment was sent, and when its acknowledgement was received,
what is the RTT value for each of the six segments? What is the EstimatedRTT value (see page 249 in text) after
the receipt of each ACK? Assume that the value of the EstimatedRTT is equal to the measured RTT for the first
segment, and then is computed using the EstimatedRTT equation on page 249 for all subsequent segments.
Note: Wireshark has a nice feature that allows you to plot the RTT for each of the TCP segments sent.
Select a TCP segment in the “listing of captured packets” window that is being sent from the client to
the gaia.cs.umass.edu server. Then select: Statistics->TCP Stream Graph->Round Trip Time Graph.
Answer:
8. What is the length of each of the first six TCP segments?
Answer
- The sequence numbers of the first six segment:
Squence number
Sent time
ACK received Time
RTT
Segment 1
1
2.468759
2.783985
0.315226
Segment 2
2801
2.784033
2.804171
0.020138
Segment 3
5601
2.804215
3.102341
0.298126
Segment 4
8401
3.102388
3.12155
0.019162
Segment 5
11201
3.121579
3.144189
0.02261
Segment 6
14201
3.144217
3.164335
0.020118
9. What is the minimum amount of available buffer space advertised at the received for the entire trace? Does
the lack of receiver buffer space ever throttle the sender?
Answer
- The minimum amount of available buffer space advertised at the received for the entire trace: 5840
bytes.
-The sender is never throttle the sender since the lacking of the receiver buffer space
10. Are there any retransmitted segments in the trace file? What did you check for (in the trace) in order to
answer this question?
Answer
11. How much data does the receiver typically acknowledge in an ACK? Can you identify cases where the
receiver is ACKing every other received segment (see Table 3.2 on page 257 in the text).
Answer
12. What is the throughput (bytes transferred per unit time) for the TCP connection? Explain how you
calculated this value.
Answer
4. TCP congestion control in action
13. Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number versus time plot of
segments being sent from the client to the gaia.cs.umass.edu server. Can you identify where TCP’s slowstart
phase begins and ends, and where congestion avoidance takes over? Comment on ways in
which the measured data differs from the idealized behavior of TCP that we’ve studied in the text.
Answer
14. Answer each of two questions above for the trace that you have gathered when you transferred a file from
your computer to gaia.cs.umass.edu
Answer
Wireshark IP
1. Capturing packets from an execution of traceroute
2. A look at the captured trace
1. Select the first ICMP Echo Request message sent by your computer, athe Internet Protocol part of the
packet in the packet details window. What is the IP address of your computer?
Answer:
- The IP address of my computer is: 192.168.1.45
2. Within the IP packet header, what is the value in the upper layer protocol field?
Answer:
- The value in the upper layer protocol field is: ICMP (1)
3. How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how
you determined the number of payload bytes.
Answer:
- IP header: 20 bytes
- Payload bytes: 36.
-Payload = Total Length – Header length = 56 – 20 = 36 bytes.
4. Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been
fragmented.
Answer:
- IP datagram has NOT been fragmented because the value of the more fragments is “Not set”.
5. Which fields in the IP datagram always change from one datagram to the next within this series of ICMP
messages sent by your computer?
Answer:
- Identification, Time to live and Header checksum always change.
6. Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why?
Answer:
Fields stay constant
Field
Reason
Version
All packets are using IPv4
Header length
These are ICMP packets
Source IP
Sending from the same source
Destination IP
Sending to the same destination
Differentiated services All packets are ICMP that use the same type of service class
Upper layer protocol
These are ICMP packets.
-Fields must stay constant are the same as Fields stay constant.
Fields must change
Idenfication
Time to live
Header checksum
IP packets must have different ids
Traceroute increments each subsequent packet
Header changes, so must checksum
7. Describe the pattern you see in the values in the Identification field of the IP datagram
Answer:
- The pattern is that the IP header Identification fields increment with each ICMP Echo (ping) request.
8. What is the value in the Identification field and the TTL field?
Answer:
- Identification: 0x166e (5742)
- Time to live: 1
9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the
nearest (first hop) router? Why?
Answer:
The TTL field remains unchanged because the TTL for the first hop router is
always the same.
Fragmentation
10. Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet
Size in pingplotter to be 2000. Has that message been fragmented across more than one IP datagram? [Note: if
you find your packet has not been fragmented, you should download the zip file
http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract the ip-ethereal-trace-1packet trace. If
your computer has an Ethernet interface, a packet size of 2000 should cause fragmentation.]
Answer:
-Yes. The message been fragmented across more than one IP datagram.
11. Print out the first fragment of the fragmented IP datagram. What information in the IP header indicates
that the datagram been fragmented? What information in the IP header indicates whether this is the first
fragment versus a latter fragment?
How long is this IP datagram?
Answer:
- ..1. .... = More fragments: Set : is information in the IP header indicates that the datagram been
fragmented.
- Fragment offset: 0 is the information in the IP header indicates whether this is the first fragment
versus a latter fragment.
- The length of the IP datagram: Total Length: 1500
12. Print out the second fragment of the fragmented IP datagram. What information in the IP header indicates
that this is not the first datagram fragment? Are the more fragments? How can you tell?
Answer:
-We can tell that this is not the first fragment, since the fragment offset is 1480.
-It is the last fragment, since the more fragments flag is “..0. .... = More fragments: Not set”.
13. What fields change in the IP header between the first and second fragment?
Answer:
- Fields change in the IP header between the first and second fragment: length, flags, fragment offset,
checksum.
14. How many fragments were created from the original datagram?
Answer:
- There are 3 fragments were created from the original datagram.
15. What fields change in the IP header among the fragments?
Answer:
Wireshark ICMP
1. ICMP and Ping
1. What is the IP address of your host? What is the IP address of the destination host?
Answer:
-IP address of host: 192.168.1.177
-IP address of destination host: 143.89.14.34
2. Why is it that an ICMP packet does not have source and destination port numbers?
Answer:
The ICMP packet does not have source and destination port numbers becauseit was designed to
communicate network-layer information between hosts and routers, not between application layer processes.
Each ICMP packet has a "Type" and a "Code". The Type/Code combination identifies the specific message being
received. Since the network software itself interprets all ICMP messages, no port numbers are needed to direct
the ICMP message to anapplication layer process
3. Examine one of the ping request packets sent by your host. What are the ICMP type and code numbers?
What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and
identifier fields?
Answer:
-ICMP type: 8
-ICMP code: 0
-Other fields: Checksum, identifier, sequence number, data.
-Checksum, sequence number, identifier fields are two bytes each.
4. Examine the corresponding ping reply packet. What are the ICMP type and code numbers? What other fields
does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?
Answer:
-ICMP type: 0
-ICMP Code: 0 -Other fields: Checksum, identifier, sequence number, data.
-Checksum, sequence number, identifier fields are two bytes each.
2. ICMP and Traceroute
5. What is the IP address of your host? What is the IP address of the target destination host?
Answer:
-IP address of my host: 192.168.1.177
-IP address of target destination host: 193.51.193.149
6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for the probe
packets? If not, what would it be?
Answer:
No. It would be 0x11
7. Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping query packets in the
first half of this lab? If yes, how so?
Answer:
No. There is no difference.
8. Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo packet. What is
included in those fields?
Answer:
The ICMP error packet is not the same as the ping query packets. It contains both the IP header and the
first 8 bytes of the original ICMP packet that the error is for.
9. Examine the last three ICMP packets received by the source host. How are these packets different from the
ICMP error packets? Why are they different?
Answer:
The last three ICMP packets are message type 0 (echo reply) rather than 11 (Time-to-live exceeded).
They are different because the datagrams have made it all the way to the destination host before the TTL
exceeded in transit.
10. Within the tracert measurements, is there a link whose delay is significantly longer than others? Refer to
the screenshot in Figure 4, is there a link whose delay is significantly longer than others? On the basis of the
router names, can you guess the location of the two routers on the end of this link?
Answer:
Wireshark DHCP
DHCP Experiment
1. Are DHCP messages sent over UDP or TCP?
Answer:
DHCP messages sent over UDP
2. Draw a timing datagram illustrating the sequence of the first four-packet Discover/Offer/Request/ACK DHCP
exchange between the client and server. For each packet, indicated the source and destination port numbers.
Are the port numbers the same as in the example given in this lab assignment?
Answer:
3. What is the link-layer (e.g., Ethernet) address of your host?
Answer:
-The Link-layer address of my host: 00:26:c7:2d:4e:e8
4. What values in the DHCP discover message differentiate this message from the DHCP request message?
Answer:
-In DHCP discover, the DHCP Message type = DHCP Discover while in DHCP Request, the DHCP Message
type = DHCP Request
5. What is the value of the Transaction-ID in each of the first four (Discover/Offer/Request/ACK) DHCP
messages? What are the values of the Transaction-ID in the second set (Request/ACK) set of DHCP messages?
What is the purpose of the Transaction-ID field?
Answer:
- The value of the Transaction-ID in each of the first four (Discover/Offer/Request/ACK) DHCP messages
is 0x588ac949.
-The values of the Transaction-ID in the second set (Request/ACK) set of DHCP messages is
0x980599d7.
-The purpose of the Transaction-ID field is for the DHCP server can differentiate among client requests
during the request process
6. A host uses DHCP to obtain an IP address, among other things. But a host’s IP address is not confirmed until
the end of the four-message exchange! If the IP address is not set until the end of the four-message exchange,
then what values are used in the IP datagrams in the four-message exchange? For each of the four DHCP
messages (Discover/Offer/Request/ACK DHCP), indicate the source and destination IP addresses that are
carried in the encapsulating IP datagram.
Answer:
Source IP address of client
Destination IP address of client
Source IP address of server
Destination IP address of Server
0.0.0.0
255.255.255.255
192.168.1.1 – IP address of DHCP server
192.168.1.23 – IP provided to client host before
execute the first “ipconfig /release” command
7. What is the IP address of your DHCP server?
Answer:
-The IP address of my DHCP server is: 192.168.1.1
8. What IP address is the DHCP server offering to your host in the DHCP Offer message? Indicate which DHCP
message contains the offered DHCP address.
Answer:
- IP address that the DHCP server offering to my host in DHCP offer message is : 192.168.1.23.
- DHCP message contains the offered DHCP address is “Option: (t=53,l=1) DHCP Message Type = DHCP
Offer”
9. In the example screenshot in this assignment, there is no relay agent between the host and the DHCP server.
What values in the trace indicate the absence of a relay agent? Is there a relay agent in your experiment? If so
what is the IP address of the agent?
Answer:
- The value in the trace indicate the absence of a relay agent is : 0.0.0.0
-No. There is NO relay agent in my experiment.
10. Explain the purpose of the router and subnet mask lines in the DHCP offer message.
Answer:
-The router line indicates to the client what its default gateway should be.
-The subnet mask line tells the client which subnet mask it should use.
11. In the example screenshots in this assignment, the host requests the offered IP address in the DHCP
Request message. What happens in your own experiment?
Answer:
-In my own experiment, the host also request the offered IP address in the DHCP Request message.
12. Explain the purpose of the lease time. How long is the lease time in your experiment?
Answer:
-The lease time is the amount of time the DHCP server assigns an IP address to a client. During the
lease time, the DHCP server will not assign the IP given to the client to another client, unless it is released by
the client. Once the lease time has expired, the IP address can be reused by the DHCP server to give to another
client. In my experiment, the lease time is 3 days.
13. What is the purpose of the DHCP release message? Does the DHCP server issue an acknowledgment of
receipt of the client’s DHCP request? What would happen if the client’s DHCP release message is lost?
Answer:
-The client sends a DHCP Release message to cancel its lease on the IP address given to it by the DHCP
server. The DHCP server does not send a message back to the client acknowledging the DHCP Release message.
-If theDHCP Release message from the client is lost, the DHCP server would have to wait until the lease
period is over for that IP address until it could reuse it for another client.
14. Clear the bootp filter from your Wireshark window. Were any ARP packets sent or received during the
DHCP packet-exchange period? If so, explain the purpose of those ARP packets.
Answer:
-Yes. There are ARP requests made by the DHCP server. Before offering an IP address to a client, the
DHCP server issues an ARP request for the offered IP to make sure the IP address is not already in use by
another workstation.
Wireshark EthernetARP
1. Capturing and analyzing Ethernet frames
1. What is the 48-bit Ethernet address of your computer?
Answer:
2. What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of
gaia.cs.umass.edu? (Hint: the answer is no). What device has this as its Ethernet address? [Note: this is an
important question, and one that students sometimes get wrong. Re-read pages 468-469 in the text and make
sure you understand the answer here.]
Answer:
3. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s) whose value is 1 mean
within the flag field?
Answer:
4. How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear in the
Ethernet frame?
Answer:
5. What is the hexadecimal value of the CRC field in this Ethernet frame?
Answer:
6. What is the value of the Ethernet source address? Is this the address of your computer, or of
gaia.cs.umass.edu (Hint: the answer is no). What device has this as its Ethernet address?
Answer:
7. What is the destination address in the Ethernet frame? Is this the Ethernet address of your computer?
Answer:
8. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s) whose value is 1 mean
within the flag field?
Answer:
9. How many bytes from the very start of the Ethernet frame does the ASCII “O” in “OK” (i.e., the HTTP
response code) appear in the Ethernet frame?
Answer:
10. What is the hexadecimal value of the CRC field in this Ethernet frame?
Answer:
2. The Address Resolution Protocol
11. Write down the contents of your computer’s ARP cache. What is the meaning of
each column value?
Answer:
Observing ARP in action
12. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing
the ARP request message?
Answer:
13. Give the hexadecimal value for the two-byte Ethernet Frame type field. What do the bit(s) whose value is 1
mean within the flag field?
Answer:
14. Download the ARP specification from ftp://ftp.rfc-editor.org/in-notes/std/std37.txt. A readable, detailed
discussion of ARP is also at http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html.
a) How many bytes from the very beginning of the Ethernet frame does the
ARP opcode field begin?
b) What is the value of the opcode field within the ARP-payload part of the
Ethernet frame in which an ARP request is made?
c) Does the ARP message contain the IP address of the sender?
d) Where in the ARP request does the “question” appear – the Ethernet address of the machine whose
corresponding IP address is being queried?
Answer:
15. Now find the ARP reply that was sent in response to the ARP request.
a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin?
b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an
ARP response is made?
c) Where in the ARP message does the “answer” to the earlier ARP request
appear – the IP address of the machine having the Ethernet address whose corresponding IP address is
being queried?
Answer:
16. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing
the ARP reply message?
Answer:
17. Open the ethernet-ethereal-trace-1 trace file in http://gaia.cs.umass.edu/wireshark-labs/wiresharktraces.zip. The first and second ARP packets in this trace correspond to an ARP request sent by the computer
running Wireshark, and the ARP reply sent to the computer running Wireshark by the computer with the ARPrequested Ethernet address. But there is yet another computer on this network, as indiated by packet 6 –
another ARP request. Why is there no ARP reply (sent in response to the ARP request in packet 6) in the packet
trace?
Answer: