Lab 2 2: Packet Headers - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Objective: In this lab, students will observe the headers added by various layers of the OSI Model.

open the packet capture tcipg.pcapng

image

we are mostly going to be looking at raw bytes of the packets

Click on the "Ethernet II" line in the middle Wireshark window

  • How many bytes are included in the header?

14 bytes

  • Which bytes represent the destination MAC? Which bytes represent the source MAC?

Destination: Bytes 1-6

image

Source: bytes 7-12

image

Click on the Internet Protocol Version 4 header in the middle window

  • How many bytes are included in this header?

20 bytes

  • Why is the packets Ethernet header the first bytes we see in the packet?

They are the first bytes we see in the packet because they are the source and destination address for the packet. If those bytes were not first, then the packet would not know where it was suppose to go.

**Open the packet capture switch.ping.pcapng

image

  • How many bytes are included in the Ethernet header of the ARP response packet (the second one in the capture)?

14 bytes

  • How many are included in the Ethernet footer of this packet?

18 bytes

  • Why is there a footer/padding included in the response packet?

There is padding so that the packet meets the minimum bytes for a response packet which is 64 bytes.

https://www.practicalnetworking.net/series/arp/traditional-arp/