Trần Quốc Anh

106210115
21DTCLC2
LAB 4: IP, ETHERNET AND ARP
1. Select the first UDP segment sent by your computer via
the traceroute command to [Link]. (Hint: this
is 44th packet in the trace file in the ip-wireshark-trace1-
[Link] file in footnote 2). Expand the Internet Protocol
part of the packet in the packet details window. What is
the IP address of your computer?
The IP address: [Link]

2. What is the value in the time-to-live (TTL) field in this IPv4

datagram’s header?
Time to live : 1
3. What is the value in the upper layer protocol field in this
IPv4 datagram’s header? [Note: the answers for
Linux/MacOS differ from Windows here].
Protocol: UDP (17)

4. How many bytes are in the IP header?

There are 20 bytes in the IP header
 5. How many bytes are in the payload of the IP datagram?
Explain how you determined the number of payload bytes.
Payload = Total length – Header Length = 56 – 20 = 36
bytes

6. Has this IP datagram been fragmented? Explain how you

determined whether or not the datagram has been fragmented.
The more fragments bit = 0, so the data is not
fragmented.
[Link] fields in the IP datagram always change from one
datagram to the next within this series of UDP segments
sent by your computer destined to [Link], via
traceroute? Why?
 Fields that stay constant:Version(IPv4), Length of
header, Source IP(sending from same place),
Destination IP(contacting same site), Upper layer
protocol(always using ICMP), Fields that must stay
constant: Same as above
 The fields that must change are: The header
checksum (header changes), Identification(to verify
packets)
[Link] fields in this sequence of IP datagrams (containing
UDP segments) stay constant? Why?
The fields that stay constant across the IP datagrams are:
Version (since we are using IPv4 for all packets)
Header length (since these are ICMP packets)
Source IP (since we are sending from the same source)
Destination IP (since we are sending to the same dest)
Differentiated Services (since all packets are ICMP they
use the same Type of Service class)
Upper Layer Protocol (since these are ICMP packets)
 [Link] the pattern you see in the values in the
Identification field of the IP datagrams being sent by your
computer.
The pattern is that the IP header Identification fields
increment with each ICMP Echo (ping) request.

[Link] is the upper layer protocol specified in the IP

datagrams returned from the routers? [Note: the answers
for Linux/MacOS differ from Windows here].
ICMP ( Internet Control Mesage Protocol)

[Link] the values in the Identification fields (across the

sequence of all of ICMP packets from all of the routers) similar
in behavior to your answer to question 9 above?
Yes, there are.
12. Are the values of the TTL fields similar, across all of ICMP
packets from all of the routers?
The TTL field remains unchanged because the TTL for the
first hop router is always the same.
[Link] the first IP datagram containing the first part of the
segment sent to [Link] sent by your computer via the
traceroute command to [Link], after you specified
that the traceroute packet length should be 3000. (Hint: This is
packet 179 in the [Link] trace file in
footnote 2. Packets 179, 180, and 181 are three IP datagrams
created by fragmenting the first single 3000-byte UDP segment
sent to [Link]). Has that segment been fragmented
across more than one IP datagram? (Hint: the answer is yes !)
Yes, this packet has been fragmented across more than
one IP datagram
[Link] information in the IP header indicates that this
datagram been fragmented?
In the IP header of the first fragment the more fragment
flag was set. It indicates that it has another fragment

[Link] information in the IP header for this packet

indicates whether this is the first fragment versus a latter
fragment?
Since the fragment offset is 0, we know that this is the
first fragment.
16. How many bytes are there in is this IP datagram
(header plus payload)?
1480es

[Link] inspect the datagram containing the second

fragment of the fragmented UDP segment. What
information in the IP header indicates that this is not the
first datagram fragment?
The flag is 0x0. That means it has not any fragment.
 18. What fields change in the IP header between the first and
second fragment?
Total length.
Flag
More fragement.
Fragement offset

[Link] find the IP datagram containing the third fragment of

the original UDP segment. What information in the IP header
indicates that this is the last fragment of that segment?
 More fragement and fragement offset.
20,What is the IPv6 address of the computer making the DNS
AAAA request? This is the source address of the 20 th packet in
the trace. Give the IPv6 source address for this datagram in the
exact same form as displayed in the Wireshark window 1.
[Link].

[Link] is the IPv6 destination address for this datagram?

Give this IPv6 address in the exact same form as displayed
in the Wireshark window.
[Link]

1
22. What is the value of the flow label for this datagram?
Flow label: 0x63ed0

23. How much payload data is carried in this datagram?

Payload data is carried in this datagram with 37 length.
24. What is the upper layer protocol to which this datagram’s
payload will be delivered at the destination?
Destination address: [Link]

25. How many IPv6 addresses are returned in the response

to this AAAA request?
It has 2 IPv6 address are returned in the response to this
AAAA request.
[Link] is the first of the IPv6 addresses returned by the
DNS for [Link] (in the [Link]
trace file, this is also the address that is
The first of the IPv6 addresses returned by the DNS for
[Link] is AAAA [Link]
 II. ETHERNET ARP

1. What is the 48-bit Ethernet address of your computer?

2. What is the 48-bit destination address in the Ethernet

frame? Is this the Ethernet address of [Link]?
(Hint: the answer is no). What device has this as its Ethernet
address? [Note: this is an important question, and one that
students sometimes get wrong. Re-read pages 468-469 in
the text and make sure you understand the answer here.
the 48bit destination address in the Ethernet frame is
[Link].
This is not the Ethernet address of [Link].
the 48bit destination address in the Ethernet frame is
[Link].
This is not the Ethernet address of [Link].
the 48bit destination address in the Ethernet frame is
[Link].
This is not the Ethernet address of [Link].
the 48bit destination address in the Ethernet frame is
[Link].
This is not the Ethernet address of [Link].
 the 48bit destination address in the Ethernet frame is
[Link].
This is not the Ethernet address of [Link].
the 48bit destination address in the Ethernet frame is
[Link].
This is not the Ethernet address of [Link].

Answer: The 48bit destination address in the Ethernet frame

is [Link].This is not the Ethernet address of
[Link].

3. Give the hexadecimal value for the two-byte Frame type field. What upper layer protocol
does this correspond to?
4. How many bytes from the very start of the Ethernet frame
does the ASCII “G” in “GET” appear in the Ethernet frame?
Answer: The ASCII “G” appears 52 bytes from the start of the
Ethernet frame.
5. What is the value of the Ethernet source address? Is this
the address of your computer, or of [Link] (Hint:
the answer is no). What device has this as its Ethernet
address?

Answer : Ethernet source address [Link]. this the

address not of mycomputer, also not of [Link].
6. What is the destination address in the Ethernet frame? Is
this the Ethernet address of your computer?
Answer : The destination address [Link]. is the
address ofmy computer.
7. Give the hexadecimal value for the two-byte Frame type
field. What upper layer protocol does this correspond to?