uccn1003 -may10_-_lab_07_-_intro_to_protocols_in_packet_tracer

1

UCCN1003 Data Communications and Networks

Lab 07: Introduction to Protocols in Packet Tracer Instructions:

1. Read the “Introduction” section for the background

2. Perform all the lab exercises, starting with exercise 1

3. Follow all the steps.

4. Record the results in all italic bold actions.

5. Paste your screen captures on a Word Document and save it.

6. Answer all the questions in italic and in blanks based on the observation of the results.

7. Write your answer in the same Word Document.

8. Please follow the sequence of the exercises, and don’t skip any step.

9. There is an appendix for protocol reference towards the end of this lab.

Introduction to Protocol

In the networking and communications area, a protocol is the formal specification that defines

the procedures that must be followed when transmitting or receiving data. Protocols define the

format, timing, sequence, and error checking used on the network.

In plain English, the above means that if you have 2 or more devices (e.g computers) which want

to communicate, then they need a common "Protocol" which is a set of rules that guide the

computers on how and when to talk to each other.

There are hundreds of protocols out there and it is impossible to put them all in the lab. Only

some of the more popular protocols have been included in this lab.

One thing which you should keep in mind is that as you move from the lower layers (Physical) to

the upper layers (Applications), more processing time is needed by the device that's dealing with

the protocol.

As there are a lot more network protocols around, you can read up on them and learn more about

them.

Exercise 1: Observation of ICMP and ARP

1. Set up the network according to the following figure. Make sure that Packet Tracer is in

“Simulation mode” (NOT “Realtime mode”) while you are constructing the network in.

Just put in the IP addresses but don’t configure any route yet. All masks are /24.

2

2. Click on “Edit Filters”. Select only “ARP” and “ICMP”. If some of the bubbles are still

red in the network, click on “Auto Capture / Play” to let some time passes, so these

bubbles can turn green to indicate hardware connectivity.

3. Click on the following “envelope” icon, and then click it on PC1 and PC3 to simulate a

ping. Click on “Auto Capture / Play” and observe the “movements” of packets in the

form of “envelopes”.

4. When the simulation has finished, a dialog box pops out. Click on “View Previous

Events”. Double click on little square box of the first row of the “Event List” under

“info” (next to ICMP). The dialog box shown on the following right should pop out. Try

3

to get the “Event List” as shown in the following figure (with ICMP and ARP). Save the

network file as “lab7-1.pkt”.

5. Click on the “Outbound PDU Details” tab, and answer the following questions by

referring to the information in the “Outbound PDU Details” and appendix of this lab:

a. What is the source IP address?

_________________________________________________

b. What is the destination IP address?

_________________________________________________

c. What is the value of the protocol field in IP header?

_________________________________________________

d. What does this value of the protocol in part(c) mean?

_________________________________________________

e. What is the total length of the IP packet?

_________________________________________________

4

f. What is value of the TYPE in the ICMP header?

_________________________________________________

g. What does the value of “TYPE” in the ICMP header mean?

_________________________________________________

6. In the second line of the “Event List”, an ARP has been issued. Again, double click on

the square box next to the ARP and click on the “Outbound PDU Details” tab. Answer

the following questions with the help of appendix:

a. Why an ARP has to be issued?

_________________________________________________

b. What is the destination MAC address?

_________________________________________________

c. What is special about destination MAC address in part (b)?

_________________________________________________

d. What is the value of TYPE in the Ethernet header?

_________________________________________________

e. What does the value of TYPE in part (d) mean?

_________________________________________________

f. What is the value of Hardware Type of the ARP header and what does this value

indicate?

_________________________________________________

g. What is the value of Protocol Type of the ARP header and what does this value

indicate?

_________________________________________________

h. What is the value of HLEN of the ARP header and what does this value indicate?

_________________________________________________

5

i. What is the value of PLEN of the ARP header and what does this value indicate?

_________________________________________________

j. From the ARP header, which device’s MAC address that PC1 is interested?

_________________________________________________

7. Double click on the square box (under column “Info) of the 4th

line of the “Event List” in

which the ARP data has been sent from Switch0 to Router0. The left dialog box of the

following table should pop out. Click on the “Next Layer >>” and “Previous Layer <<”

in order to read the description of Layer 2 of both “In Layers” and “Out Layers”. (Note:

“In Layers” and “Inbound PDU Details” show the layers and frame information before

the device process the frame. “Out Layers” and “Outbound PDU Details” show the layers

and frame information after the device (e.g. Router0) process the frame.)

8. Now, click on “Inbound PDU Details” tab (Router0) and answer the following questions

with the help of appendix:

a. What is the value of the Opcode of the ARP header and what does it mean?

_________________________________________________

6

b. What is the source MAC address?

_________________________________________________

9. Now, click on “Outbound PDU Details” (Router0) tab and answer the following

questions with the help of appendix:

a. What is the new value of the Opcode of the ARP header and what does it mean?

_________________________________________________

b. Which device does the destination MAC address belong to?

_________________________________________________

c. There are similar MAC addresses in both the headers, which set of MAC

addresses (Ethernet header or ARP header) will Switch0 process?

_________________________________________________

d. When this “Outbound” frame reaches PC1, what is PC1 going to do with the

information contained in this frame? (Note: Double click on the square box of line

7 of “Event List”, the ARP frame at PC1. Click on “Next Layer >>” until the

“Layer 2” is highlighted with yellow shade. Read the description, the answer can

be found in the description.)

_________________________________________________

10. Double click on the square box of Line 8 (ICMP of PC1), then click on “Outbound PDU

Details”. Compare what you observe with the “Outbound PDU Details” of Line 1 of the

“Event List” (the first ICMP). What have you observed?

_________________________________________________

11. Double click square box (should be red in color) on the last line of the “Event List”

which is an ICMP in PC1, then click on the “Inbound PDU Details” tab. Answer the

following questions with the help of appendix of this lab.

a. What are the values of TYPE and CODE of the first ICMP header?

_________________________________________________

b. What does the combination of the two values mean?

_________________________________________________

7

12. Configure default routes for both Router0 and Router1. (Note: Do not switch back to

Realtime mode).

Router0(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2

Router1(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.1

13. Now, save the network as “Lab7-2.pkt”.

14. Re-open the file “Lab7-2.pkt” again. After you see all the bubbles turn to green, switch to

“Simulation mode”. You should get what is shown in the following figure (Event List

with an ICMP and ARP).

15. Check the ARP table of Router0 and Router1 by typing the following command, and

record what you have observed.

Router0#show arp

Router1#show arp

16. Click on “Auto Capture / Play” button and observe the movements of the “envelope”.

When the simulation is finished, press “View Previous Events”. You should get an

“Event List” which is similar to the following figure.

8

17. Double click on the square box of second last of the “Event List” (Router0, Router1,

ARP). Click on the “Inbound PDU Detail” tab. Answer the following questions:

a. What is the destination MAC Address?

_________________________________________________

b. What is the Target MAC Address?

_________________________________________________

c. What is the Target IP Address?

_________________________________________________

18. Check the ARP table of Router0 and Router1 again by typing the following command,

and record what you have observed. Compare this ARP table with the previous ARP

table (Ex1.15) that you have recorded.

Router0#show arp

Router1#show arp

19. Temporarily switch to “Realtime mode” and switch back to “Simulation mode”.

20. Click on “Auto Capture / Play”, you should get an “Event List” similar to the following

figure.

9

21. Double click on the square box of first ARP of the “Event List” (--, Router1, ARP). Click

on the “Inbound PDU Detail” tab. Answer the following questions:

a. What is the Target IP Address?

_________________________________________________

b. What is the source IP Address in ARP header?

_________________________________________________

22. Temporarily switch to “Realtime mode” and switch back to “Simulation mode”.

23. Click on “Auto Capture / Play”, you should get an “Event List” similar to the following

figure. ICMP should travel from PC1 to PC3 and back without any ARP.

24. Double click on the square box of 7th

ICMP of the “Event List” (Switch1, PC3, ICMP).

Click on the “Inbound PDU Detail” tab. Answer the following questions:

10

a. What is the value of TYPE in Ethernet header and what does it mean?

_________________________________________________

b. Which is the TTL value of the IP header?

_________________________________________________

25. Double click on the square box of first ICMP of the “Event List” (--, PC1, ICMP). Click

on the “Inbound PDU Detail” tab. Answer the following questions:

a. Which device does the destination MAC address belong to?

_________________________________________________


_________________________________________________

26. Click on the “Outbound PDU Detail” tab. Answer the following questions:

a. Which device does the destination MAC address belong to?

_________________________________________________


_________________________________________________

c. Which are the values of the TYPE and CODE in the ICMP header?

_________________________________________________

d. What does the combination of the two values mean?

_________________________________________________

27. Double click on the square box of last ICMP of the “Event List” (Switch0, PC1, ICMP).

Click on the “Inbound PDU Detail” tab. Answer the following questions:

a. Which device does the source MAC address belong to?

_________________________________________________

11


_________________________________________________

Exercise 2: Observation of ICMP of Trace Route

Trace route is a special case of ICMP, in which the first set of ICMP packets is ICMP request

with TTL=1. The second set of ICMP packets is ICMP request with TTL=2. The TTL value of

the IP header is being incremented by 1 until the ICMP hits the true destination. As the first set

of ICMP packets with TTL=1 reach the first router, the router will decrease the TTL by 1 (TTL =

1-1 = 0). When TTL=0, the router will drop the packet, and sends an ICMP error message back

to the sender. The second router will do the same thing to the second set of ICMP packets with

TTL= 2. With this process, a “route” (with all the gateway IP) is formed as the output of the

command prompt.

1. Open “Lab7-2.pkt” again. While you are waiting for all the bubbles to turn green (in

Realtime mode). Click on the entry of the bottom right corner and then click on “Delete”,

as indicated in the following figure.

2. Use PC1 to ping PC3 in “Realtime mode” (command prompt). This is to make sure PC1

is successfully ping PC3 with the ARP tables properly built.

3. Click on “Simulation mode”. In command prompt of PC1, type “tracert 192.168.5.2”.

You should have a similar screen as the following figure. After that click on “Auto

12

Capture / Play”. The whole event will take a while. At the same time, observe the

movement of the envelopes together with the output at the command prompt. At the end

of the simulation, clink on “View Previous Events”. (If you count the entries of the

“Event List”, you should have around 75 entries)

4. Double click on the square box of first ICMP of the “Event List” (--, PC1, ICMP). Click

on the “Outbound PDU Detail” tab. Answer the following questions:

a. What is the value of the TTL in IP header?

_________________________________________________

b. What is the source and destination IP Address?

_________________________________________________

c. What are the values of TYPE and CODE of the ICMP header?

_________________________________________________

d. What does the combination of value in part (c) mean?

_________________________________________________


ICMP of the “Event List” (--, Router0, ICMP).

Click on the “Outbound PDU Detail” tab. Answer the following questions:

13


_________________________________________________

b. What is the total length of the IP packet?

_________________________________________________

c. What is the source and destination IP Address?

_________________________________________________

d. What are the values of TYPE and CODE of the ICMP header?

_________________________________________________

e. What does the combination of value in part (d) mean?

_________________________________________________


ICMP of the “Event List” (--, PC1, ICMP), the 1st

of the four square with same color after a group of three red square, as indicated in the

figure. Click on the “Outbound PDU Detail” tab. Answer the following question:

14


_________________________________________________


ICMP of the “Event List” (--, Router1, ICMP).

Click on the “Outbound PDU Detail” tab. Answer the following questions:

a. What is the source and destination IP address?

_________________________________________________

b. Which device does the destination MAC address belong to?

_________________________________________________

8. Double click on the square box of “11th

to the last” ICMP of the “Event List” (--, PC1,

ICMP). “11th

to the last” means counting 11 steps backward from the last line of ICMP.

Click on the “Outbound PDU Detail” tab. Answer the following question:


_________________________________________________

9. Double click on the square box to the last ICMP of the “Event List” (Switch0, PC1,

ICMP). Click on the “Inbound PDU Detail” tab. Answer the following question:


_________________________________________________

b. What are the values of TYPE and CODE of the ICMP header?

_________________________________________________

c. What does the combination of value in part (d) mean?

_________________________________________________

Exercise 3: Observation of DHCP

15

There are four phases in the DHCP process: DHCP Discover, DHCP Offer, DHCP Request, and

DHCP Acknowledge.

1. Add an additional server with the IP according to the following figure. Do this in

“Simulation mode”.

2. Set the DHCP service according to the following figure.

3. Edit the Event List Filters to view the events of DHCP only, as shown in the following

figure. Then, save the network as “Lab7-3.pkt”.

16

4. Open “Lab7-3.pkt” again. Wait for all the bubbles to turn green and then switch to

“Simulation mode”.

5. Double click on PC3. Click on “Desktop” tab, then click on “IP Configuration”. Click on

“DHCP” as shown in the following figure. In the “Event List”, “DHCP” should show up.

6. Click on “Auto Capture / Play”, and observe the movement of envelopes. As usual, wait

until the simulation ends and click on “View Previous Events”.

7. Click on the 1st DHCP of the “Event List” (--, PC3, DHCP). Click on the “Outbound

PDU Details” tab. Answer the following questions:

a. What is the value of the destination MAC address?

_________________________________________________

b. What is the source and destination IP addresses?

_________________________________________________

c. What is the value of protocol field in IP header and what does it mean?

_________________________________________________

d. What are the source and destination ports?

_________________________________________________

e. What is the server address in the DHCP header?

17

_________________________________________________

f. What is the value of the Opcode in the DHCP header and what does it mean?

_________________________________________________

8. Click on the 6th

DHCP of the “Event List” (Server0, Switch1, DHCP). Click on the

“Outbound PDU Details”. Answer the following questions:


_________________________________________________


_________________________________________________

c. What are the source and destination ports?

_________________________________________________

d. What is the server address in the DHCP header?

_________________________________________________

e. What is the value of the Opcode in the DHCP header and what does it mean?

_________________________________________________

9. Click on the 10th

DHCP of the “Event List” (PC3, Switch1, DHCP). Click on the

“Outbound PDU Details”. Answer the following questions:


_________________________________________________


_________________________________________________


_________________________________________________

18


_________________________________________________


_________________________________________________

f. What is the value of the YOUR client address in the DHCP header?

_________________________________________________

10. Click on the Last DHCP of the “Event List” (Switch1, PC3, DHCP). Click on the

“Inbound PDU Details”. Answer the following questions:


_________________________________________________


_________________________________________________


_________________________________________________


_________________________________________________


_________________________________________________

f. What is the value of the YOUR client address in the DHCP header?

_________________________________________________

19

Exercise 4: Observation of DNS

1. Configure the DNS service based on the following figure.

2. Switch to “Simulation mode”. Edit the Event List Filter to view only DNS.

3. Key in the DNS server IP in PC1 as indicated in the following figure.

4. Go to command prompt of PC1 and type in “nslookup abc.com”. The first DNS entry

should pop up in the “Event List”.

5. Click on “Auto Capture / Play”, and observe the movement of DNS envelope.

6. Refer only to the last line of DNS events. Answer the following questions:

a. What are the source and destination IP addresses (last DNS event)?

_________________________________________________

20

b. What are the source and destination ports?

_________________________________________________

c. What is the transport layer protocol of the DNS events?

_________________________________________________

d. What is the most important value of DNS query?

_________________________________________________

e. What is the most important value of DNS answer?

_________________________________________________

21

Appendix

ICMP (Internet Control Message Protocol) Header

ICMP messages generally contain information about routing difficulties with IP datagrams or

simple exchanges such as time-stamp or echo transactions.

The ICMP header structure is shown as follows (blue portion only):

Type and Code

Type Code Description

0 Echo reply.

3 Destination unreachable.

3 0 Network unreachable.

3 1 Host unreachable.

3 2 Protocol unreachable.

3 3 Port unreachable.

3 4 Fragmentation needed and DF set.

3 5 Source route failed.

4 Source quench.

5 Redirect.

5 0 Redirect datagrams for the network.

5 1 Redirect datagrams for the host.

5 2 Redirect datagrams for the type of service & network.

5 3 Redirect datagrams for the type of service & host.

8 Echo request

11 Time exceeded.

11 0 Time to live exceeded in transit.

11 1 Fragment reassemble time exceeded.

12 Parameter problem.

13 Timestamp.

14 Timestamp reply.

15 Information request.

16 Information reply.

Checksum

22

This field contains error checking data calculated from the ICMP header+data, with value 0 for

this field. When the checksum is computed, the checksum field should first be cleared to 0.

When the data packet is transmitted, the checksum is computed and inserted into this field. When

the data packet is received, the checksum is again computed and verified against the checksum

field. If the two checksums do not match then an error has occurred.

Identifier

An identifier to aid in matching requests/replies; may be zero. This field contains an ID value,

should be returned in case of ECHO REPLY.

Sequence number

Sequence number to aid in matching requests/replies. This field contains a sequence value,

should be returned in case of ECHO REPLY.

IP (Internet Protocol) Header

The Internet Protocol (IP), is the routing layer datagram service of the TCP/IP suite. All other

protocols within the TCP/IP suite, except ARP and RARP, use IP to route frames from host to

host. The IP frame header contains routing information and control information associated with

datagram delivery.

The IP header structure is as follows (blue portion only):

Version

Version field indicates the format of the Internet header.

Version Description

0 reserved

4 IPv4, Internet Protocol version 4

5 ST, ST Datagram Mode.

6 IPv6, Internet Protocol version 6

7 TP/IX, The Next Internet.

8 PIP, The P Internet Protocol.

23

IHL (Header Length)

Internet header length is the length of the Internet header in 32-bit words. Points to the beginning

of the data. The minimum value for a correct header is 5. Any value contained in the half-word

(4 bits) has to be multiplied by 4 in order to get the true value of header length (e.g. a value of 5

is 5*4=20 bytes).

Type of service

Indicates the quality of service desired. Networks may offer service precedence, meaning that

they accept traffic only above a certain precedence at times of high load. There is a three-way

trade-off between low delay, high reliability and high throughput.

Bits 0-2: Precedence

111 Network control.

110 Internetwork control.

101 CRITIC/ECP.

100 Flash override.

011 Flash.

010 Immediate.

001 Priority.

000 Routine.

Bit 3: Delay

0 Normal delay.

1 Low delay.

Bit 4: Throughput

0 Normal throughput.

1 High throughput.

Bit 5: Reliability

0 Normal reliability.

1 High reliability.

Bits 6-7: Reserved for future use.

Total length

Length of the datagram measured in bytes, including the Internet header and data. This field

allows the length of a datagram to be up to 65,535 bytes, although such long datagrams are

impractical for most hosts and networks.

Identification

Identifying value assigned by the sender to aid in assembling the fragments of a datagram.

Flags

3 bits. Control flags of fragmentation:

24

Bit 0 is reserved and must be zero

Bit 1: Don’t fragment bit:

0 May fragment.

1 Don’t fragment.

Bit 2: More fragments bit:

0 Last fragment.

1 More fragments.

Fragment offset

13 bits. Indicates where this fragment belongs in the datagram. The fragment offset is measured

in units of 8 bytes (64 bits). The first fragment has offset zero.

Time to live

Indicates the maximum time the datagram is allowed to remain in the Internet system. If this

field contains the value zero, the datagram must be destroyed. This field is modified in Internet

header processing. The time is measured in units of seconds. However, since every module that

processes a datagram must decrease the TTL by at least one (even if it processes the datagram in

less than 1 second), the TTL must be thought of only as an upper limit on the time a datagram

may exist. The intention is to cause undeliverable datagrams to be discarded and to bound the

maximum datagram lifetime.

Protocol

Indicates the next level protocol used in the data portion of the Internet datagram. The value

indicated in the following table is in decimal. The table only shows description of the first 48

values of this protocol field. For values between 49 to 255, please refer to:

http://www.networksorcery.com/enp/protocol/ip.htm#Protocol

Value Description/Protocol

0 HOPOPT, IPv6 Hop-by-Hop Option.

1 ICMP, Internet Control Message Protocol.

2 IGAP, IGMP for user Authentication Protocol.

IGMP, Internet Group Management Protocol.

RGMP, Router-port Group Management Protocol.

3 GGP, Gateway to Gateway Protocol.

4 IP in IP encapsulation.

5 ST, Internet Stream Protocol.

6 TCP, Transmission Control Protocol.

7 UCL, CBT.

8 EGP, Exterior Gateway Protocol.

9 IGRP, Interior Gateway Routing Protocol.

10 BBN RCC Monitoring.

11 NVP, Network Voice Protocol.

12 PUP.

25

13 ARGUS.

14 EMCON, Emission Control Protocol.

15 XNET, Cross Net Debugger.

16 Chaos.

17 UDP, User Datagram Protocol.

18 TMux, Transport Multiplexing Protocol.

19 DCN Measurement Subsystems.

20 HMP, Host Monitoring Protocol.

21 Packet Radio Measurement.

22 XEROX NS IDP.

23 Trunk-1.

24 Trunk-2.

25 Leaf-1.

26 Leaf-2.

27 RDP, Reliable Data Protocol.

28 IRTP, Internet Reliable Transaction Protocol.

29 ISO Transport Protocol Class 4.

30 NETBLT, Network Block Transfer.

31 MFE Network Services Protocol.

32 MERIT Internodal Protocol.

33 DCCP, Datagram Congestion Control Protocol.

34 Third Party Connect Protocol.

35 IDPR, Inter-Domain Policy Routing Protocol.

36 XTP, Xpress Transfer Protocol.

37 Datagram Delivery Protocol.

38 IDPR, Control Message Transport Protocol.

39 TP++ Transport Protocol.

40 IL Transport Protocol.

41 IPv6 over IPv4.

42 SDRP, Source Demand Routing Protocol.

43 IPv6 Routing header.

44 IPv6 Fragment header.

45 IDRP, Inter-Domain Routing Protocol.

46 RSVP, Reservation Protocol.

47 GRE, General Routing Encapsulation.

48 DSR, Dynamic Source Routing Protocol.

Header checksum

A checksum on the header only. Since some header fields change, e.g., Time To Live, this is

recomputed and verified at each point that the Internet header is processed.

Source address / destination address

32 bits each. The values contain source IP address and destination IP address.

26

Data

Not included as header.

ARP (Address Resolution Protocol) Header

TCP/IP uses the Address Resolution Protocol (ARP) and the Reverse Address Resolution

Protocol (RARP) to initialize the use of Internet addressing on an Ethernet or other network that

uses its own media access control (MAC). ARP allows a host to communicate with other hosts

when only the Internet address of its neighbors is known. Before using IP, the host sends a

broadcast ARP request containing the Internet address of the desired destination system.

The ARP/RARP header structure is shown in the illustration below.

OR

Hardware type

Specifies a hardware interface type for which the sender requires a response.


0 reserved.

1 Ethernet

2 Experimental Ethernet.

3 Amateur Radio AX.25.

27

4 Proteon ProNET Token Ring.

5 Chaos.

6 IEEE 802.

7 ARCNET.

8 Hyperchannel.

9 Lanstar.

10 Autonet Short Address.

11 LocalTalk.

12 LocalNet (IBM PCNet or SYTEK LocalNET).

13 Ultra link.

14 SMDS.

15 Frame Relay.

16 ATM, Asynchronous Transmission Mode.

17 HDLC.

18 Fibre Channel.

19 ATM, Asynchronous Transmission Mode

20 Serial Line.


22 MIL-STD-188-220.

23 Metricom.

24 IEEE 1394.1995.

25 MAPOS.

26 Twinaxial.

27 EUI-64.

28 HIPARP.

29 IP and ARP over ISO 7816-3.

30 ARPSec.

31 IPsec tunnel.

32 Infiniband.

33 CAI, TIA-102 Project 25 Common Air Interface.

34 Wiegand Interface.

35 Pure IP.

36 HW_EXP1

Protocol type

Specifies the type of high-level protocol address the sender has supplied.


0x800 IP

Hardware Address Length (HLen)

Hardware address length in bytes. (e.g. If this is Ethernet, the value should be 6)

Protocol Address Length (PLen)

Protocol address length in bytes. (e.g. If the protocol is IP, the value should be 4)

28

Operation or Opcode

The values and descriptions are as follows:

Value Description

1 ARP request.

2 ARP response.

3 RARP request.

4 RARP response.

5 Dynamic RARP request.

6 Dynamic RARP reply.

7 Dynamic RARP error.

8 InARP request.

9 InARP reply.

Sender hardware address

As the title indicates.

Sender protocol address


Target hardware address


Target protocol address


Ethernet Header

Ethernet is a widely used data communications network standard developed by DEC, Intel, and

Xerox. It uses a bus topology and CMSA/CD access method. The terms Ethernet and the IEEE

802.3 standard are often used interchangeably.

The Ethernet header structure is shown in the illustration below (blue portion only).

(without Preamble)

(with Preamble)

29

Preamble

The Preamble consists of bytes all of the form 10101010, and is used by the receiver to allow it

to establish bit synchronization. Preamble is only read and used by the NIC hardware. It has no

meaning for users, and Wireshark won’t show it.

Destination address:

The destination MAC address to be sent to.

Source address

The MAC address of the sender.

Length/Type

In this field of Ethernet protocol, if the value is between 0x0000 to 0x05dc, the value means the

length of the Ethernet frame. If the value is above 0x6000, the value indicates the next layer

protocol contained inside the frame.

Type Description/Protocol

0x0000 to

0x05dc

Length of the frame.

0x0600 XEROX NS IDP.

0x0660

0x0661

DLOG.

0x0800 IP, Internet Protocol.

0x0801 X.75 Internet.

0x0802 NBS Internet.

0x0803 ECMA Internet.

0x0804 Chaosnet.

0x0805 X.25 Level 3.

0x0806 ARP, Address Resolution Protocol.

0x0807 XNS compatability.

0x0808 Frame Relay ARP.

0x8035 DRARP, Dynamic RARP.

RARP, Reverse Address Resolution Protocol

0x80F3 AARP, AppleTalk Address Resolution Protocol.

0x8100 EAPS, Ethernet Automatic Protection Switching.

0x8137 IPX, Internet Packet Exchange.

0x814c SNMP, Simple Network Management Protocol.

0x86dd IPv6, Internet Protocol version 6.

0x8808 MPCP, Multi-Point Control Protocol.

0x880b PPP, Point-to-Point Protocol.

0x880c GSMP, General Switch Management Protocol.

0x8847 MPLS, Multi-Protocol Label Switching (unicast).

0x8848 MPLS, Multi-Protocol Label Switching (multicast).

30

0x8863 PPPoE, PPP Over Ethernet (Discovery Stage).

0x8864 PPPoE, PPP Over Ethernet (PPP Session Stage).

0x886f Network Load Balancing.

0x888e EAPOL, EAP over LAN.

0x88a2 AoE, ATA over Ethernet.

0x88ca TIPC, Transparent Inter Process Communication Protocol.

0x88bb LWAPP, Light Weight Access Point Protocol.

0x88cc LLDP, Link Layer Discovery Protocol.

0x88dc WSMP, WAVE Short Message Protocol.

Data unit + pad (not included as header)

The data itself.

Frame Check Sequence

This field contains the Frame Check Sequence (FCS) which is calculated using a Cyclic

Redundancy Check (CRC). The FCS allows Ethernet to detect errors in the Ethernet frame and

reject the frame if it appears damaged. Same as Preamble, the FCS is only read and used by NIC

hardware.

UDP (User Datagram Protocol) Header

The User Datagram Protocol (UDP), , provides a simple, but unreliable message service for

transaction-oriented services. Each UDP header carries both a source port identifier and

destination port identifier, allowing high-level protocols to target specific applications and

services among hosts.

The UDP header structure is shown as follows:

Source port

Source port is an optional field. When used, it indicates the port of the sending process and may

be assumed to be the port to which a reply should be addressed in the absence of any other

information. If not used, a value of zero is inserted.

Destination port

Destination port has a meaning within the context of a particular Internet destination address.

31

Length

The length in octets of this user datagram, including this header and the data. The minimum

value of the length is eight.

Checksum

The 16-bit one’s complement of the one’s complement sum of a pseudo header of information

from the IP header, the UDP header and the data, padded with zero octets at the end (if necessary)

to make a multiple of two octets.

Data

UDP data field (not included as header).

DNS (Domain Name Server) Header

DHCP (Dynamic Host Control Protocol) Header

The Dynamic Host Configuration Protocol (DHCP) provides Internet hosts with configuration

parameters. DHCP is an extension of BOOTP. DHCP consists of two components: a protocol for

delivering host-specific configuration parameters from a DHCP server to a host and a

mechanism for allocation of network addresses to hosts.

The format of the header is shown in the following illustration:

OR

32

Opcode

The message operation code. Messages can be either BOOTREQUEST or BOOTREPLY.

Value Description

1 DHCP Discover.

2 DHCP Offer

3 DHCP Request

5 DHCP Acknowledge

Hardware Type

The hardware type of DHCP is similar to hardware type of ARP.


0 reserved.

1 Ethernet

2 Experimental Ethernet.

3 Amateur Radio AX.25.

4 Proteon ProNET Token Ring.

5 Chaos.

6 IEEE 802.

7 ARCNET.

8 Hyperchannel.

9 Lanstar.

10 Autonet Short Address.

11 LocalTalk.

12 LocalNet (IBM PCNet or SYTEK LocalNET).

13 Ultra link.

14 SMDS.

33

15 Frame Relay.


17 HDLC.

18 Fibre Channel.

19 ATM, Asynchronous Transmission Mode

20 Serial Line.


22 MIL-STD-188-220.

23 Metricom.

24 IEEE 1394.1995.

25 MAPOS.

26 Twinaxial.

27 EUI-64.

28 HIPARP.

29 IP and ARP over ISO 7816-3.

30 ARPSec.

31 IPsec tunnel.

32 Infiniband.

33 CAI, TIA-102 Project 25 Common Air Interface.

34 Wiegand Interface.

35 Pure IP.

Hardware address length

The hardware address length (8 bits).

Hop count.

This field is used by relay agents.

Transaction ID.

A random number chosen by the client, used by the client and server to associate messages and

responses between a client and a server.

Number of seconds.

The elapsed time in seconds since the client began an address acquisition or renewal process.

Flags.

Only the first bit of this 16 bits field is used. Indicate broadcast.

Client IP address

32 bits.

Your IP address

32 bits.

Server IP address

32 bits.

34

Gateway IP address

32 bits.

Client hardware address

16 bytes.

Server host name

64 bytes.

Boot filename

128 bytes.

uccn1003 -may10_-_lab_07_-_intro_to_protocols_in_packet_tracer

Documents

arp header

value of type

value of protocol type

arp data

ip header

value of hardware type

value of hlen

value of plen