Lab 2 1: OSI Capture Observation Capture - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Objective: In this lab, students will observe traffic in a simple LAN

Goals:

  • Understand the role of MAC addresses in LAN communication
  • Observe ARP communication
  • Introduce basic features of Wireshark and traffic analysis

Observe a simple capture (in wireshark) - Ping the default gateway

Capture a ping to the default gateway

  • Default gateway is 192.168.3.250 on my workstation

image

  • successful ping to the default gateway

image

  • ICMP filtering in Wireshark

image

**Source(my workstation):

image

  • IP address ---> 192.168.3.117

  • MAC address ---> 48:21:0b:33:5e:44

  • Destination(default gateway):

image

  • IP address ---> 192.168.3.250
  • MAC address ---> d0:81:c5:23:bd:80

Answer Questions

What is the MAC address of your workstation's NIC?

  • 48:21:0b:33:5e:44

What is the MAC address of the Default gateway router interface (NIC)

  • d0:81:c5:23:bd:80

Observe a simple capture - Ping outside LAN IP address

  • Ping the IP address 34.174.229.22

image

Source MAC address

  • 48:21;0b:33:5e:44

Destination address

  • d0:81:c5:23:bd:80

Ping your neighbors IP Address (192.168.3.116)

image

  • Source MAC address: 48:21:0b:33:5e:44

  • Destination MAC address: 48:21:0b:33:57:99

Answer Question: What is the MAC address of your neighbors PC?

  • 48:21:0b:33:57:99

Review the packet headers and relate to the OSI reference model

Inspect an ICMP Echo (Ping request packet) in Wireshark

The middle pane should show 4 headings

image

  • Frame n: This provides general info on the packet

image

  • Ethernet: This contains the decode of the bits in the ethernet Header (layer 2)

image

  • Internet Protocol Version 4: Contains the decode of the IP v4 Header (layer 3)

image

  • Internet Control Message Protocol: Contains the decode of the ICMP Header

image

Answer these questions:

Identify the field in the Ethernet header that indicates the next layer's header

  • Type: IPv4

image

Identify the field in the IPv4 header that indicates the next layer's header

  • Protocol: ICMP

image

Look at the very first 6 bytes in the packet - what is the purpose/role of those bytes?

The first 6 bytes contain the source and destination address for the packet.

image