7.1.

6 Lab - Use Wireshark to Examine Ethernet

Frames

Part 1: Examine the Header Fields in an Ethernet II Frame

What is significant about the contents of the destination address field?

Mọi host trên Lan sẽ cùng được nhận broadcast frame. Host với địa chỉ ip là 192.168.1.1 sẽ gửi lời nhắn
ở chế độ unicast đến PC host ( source). Lời nhắn sẽ chứa địa chỉ MAC của card mạng default gateway

Why does the PC send out a broadcast ARP prior to sending the first ping request?

PC không thể gửi ping request tới host khi mà chưa được xác nhận địa chỉ MAC. Nên PC phải tạo frame
header cho việc ping. ARP broadcast thường được dùng để yêu cầu địa chỉ MAC của host với địa chỉ IP
được chứa trong ARP.

What is the MAC address of the source in the first frame?

f0:1f:af:50:fd:c8

What is the Vendor ID (OUI) of the Source NIC in the ARP reply?

Netgear

What portion of the MAC address is the OUI?

3 octets đầu tiên của địa chỉ MAC biểu diễn OUI

What is the NIC serial number of the source?

99:c5:72
Part 2:   Use Wireshark to Capture and Analyze Ethernet Frames

 Determine the IP address of the default gateway on your PC.

Default Gateway: 192.168.1.1

filter icmp only and ping to default gateway then stop capture

What is the MAC address of the PC NIC? 00:2b:67:ea:71:6d

What is the default gateway’s MAC address? c0:b5:d7:5f:b5:40
What type of frame is displayed? Ipv4 (0x0800)
What is the source IP address? 192.168.1.11
What is the destination IP address? 192.168.1.1
a. You can click any line in the middle section to highlight that part of the frame (hex and ASCII) in
the Packet Bytes pane (bottom section). Click the Internet Control Message Protocol line in
the middle section and examine what is highlighted in the Packet Bytes pane.

What do the last two highlighted octets spell? Hi

Click the next frame in the top section and examine an Echo reply frame. Notice that the source and
destination MAC addresses have reversed, because this frame was sent from the default gateway
router as a reply to the first ping.

What device and MAC address is displayed as the destination address?

The host PC, 00:2b:67:ea:71:6d
Capture packets for a remote host.

In the first echo (ping) request frame, what are the source and destination MAC addresses?
Source:c0:b5:d7:5f:b5:40
Type your answers here.
Destination: 00:2b:67:ea:71:6d
Type your answers here.
What are the source and destination IP addresses contained in the data field of the frame?
Source: 192.168.1.11
Type your answers here.
Destination: 23.7.211.81
Type your answers here.
Compare these addresses to the addresses you received in Step 6. The only address that
changed is the destination IP address. Why has the destination IP address changed, while the
destination MAC address remained the same?
Frames từ Layer 2 chỉ nằm trong mạng LAN. Khi ping được gửi đến remote host thì source sẽ
dùng địa chỉ MAC của default gateway cho frame destination. Khi default gateway nhận packet
thì sẽ tách thông tin Layer 2 frame từ packet và tạo một frame header mới với địa chỉ MAC tiếp
theo. Quá trình nãy sẽ chuyển tiếp từ router này đến router kia cho đến khi packet đến được địa
chỉ IP destination.

Reflection
Wireshark does not display the preamble field of a frame header. What does the preamble
contain?
Trường mở đầu chứa 7 octets của chuỗi 1010 tuần tự và một octets sẽ kí hiệu điểm bắt đầu của
frame,10101011
7.2.7 Lab - View Network Device MAC Addresses
Part1: Configure Devices and Verify Connectivity

From the command prompt on PC-A, ping the switch address.

Open a Windows command prompt

Were the pings successful? Explain.

Không, giữa switch và PC chưa được thiết lập SVI.
Configure basic settings for the switch. Verify network connectivity.

Were the pings successful?Yes, the pings are successful

Analyze the MAC address for the PC-A NIC.
C:\> ipconfig /all
<output omitted>
Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) 82577LM Gigabit Network Connection
Physical Address. . . . . . . . . : 5C-26-0A-24-2A-60
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b875:731b:3c7b:c0b1%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.147(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, September 6, 2019 11:08:36 AM
Lease Expires . . . . . . . . . . : Saturday, September 7, 2019 11:08:36 AM
Default Gateway . . . . . . . . . : 192.168.1.1

What is the OUI portion of the MAC address for this device? 5C-26-0A
Type your answers here.
What is the serial number portion of the MAC address for this device? 24-2A-60
Type your answers here.
Using the example above, find the name of the vendor that manufactured this NIC
Dell Inc.
Dell Inc.
One Dell Way, MS RR5-45
Round Rock 78682
US
From the command prompt on PC-A, issue the ipconfig /all command

identify the OUI portion of the MAC address for the NIC of PC-A
0005.5E
Identify the serial number portion of the MAC address for the NIC of PC-A.
B4.A52D
Identify the name of the vendor that manufactured the NIC of PC-A.
Cisco Systems, Inc
Cisco Systems, Inc
80 West Tasman Drive
San Jose CA 94568
US
Analyze the MAC address for the S1 F0/6 interface.

What is the MAC address for VLAN 1 on S1?

00d0.ba
What is the MAC serial number for VLAN 1?
12.9ec1
What does bia stand for ?
Burned in address
Why does the output show the same MAC address twice?
Địa chỉ MAC có thể bị thay đổi bằng câu lệnh phần mềm. Địa chỉ thực sự (bia) sẽ luôn hiển thị
trong ngoặc đơn.

What Layer 2 addresses are displayed on S1?

S1 vlan1 and PC-A MAC address
What Layer 3 addresses are displayed on S1?
S1 and PC-A IP address

Did the switch display the MAC address of PC-A? If you answered yes, what port was it on?
Yes, It was on Port Fa0/4
 Reflection Questions

Can you have broadcasts at the Layer 2 level? If so, what would the MAC address
be?
Broadcasts có ở layer . ARP dùng broadcast để tìm thông tin về địa chỉ MAC

Địa chỉ broadcast là FF.FF.FF.FF.FF.FF

Why would you need to know the MAC address of a device?
Trong những lưới mạng rộng lớn, địa chỉ MAC được dùng để xác định vị trí và xác thực thiết bị
thay vì dùng địa chỉ IP. MAC OUI sẽ liệt kê nhà sản xuất.Cần có kiến thức về địa chỉ MAC vì
các biện pháp bảo mật có thể được thực hiện ở layer 2.
7.3.7 Lab - View the Switch MAC Address Table
Build and Configure the Network

Examine the Switch MAC Address Table

What are the Ethernet adapter physical addresses?
PC-A MAC Address: 0005.5EB4.A52D PC-B MAC Address: 000A.41E0.AA99

What are the Ethernet adapter physical addresses?

PC-A MAC Address: 0001.c76e.9601
PC-B MAC Address: 00e0.a30a.9101
Display the switch MAC address table.

What MAC addresses are recorded in the table? To which switch ports are they mapped and to
which devices do they belong? Ignore MAC addresses that are mapped to the CPU.
S1 MAC address được ghi lại và thuộc port Fa0/1,thiết bị PC-A
If you had not previously recorded MAC addresses of network devices in Step 1, how could you
tell which devices the MAC addresses belong to, using only the output from the show mac
address-table command? Does it work in all scenarios?
Show mac address-table chỉ ra những port mà địa chỉ MAC kết nối, giúp xác thực lưới mạng mà
thiết bị với địa chỉ MAC thuộc,trừ trường hợp nhiều địa chỉ MAC cùng kết nối 1 port.

Clear the S2 MAC address table and display the MAC address table again.

Does the MAC address table have any addresses in it for VLAN 1? Are there other MAC
addresses listed?
Không xuất hiện kết quả nào
Wait 10 seconds, type the show mac address-table command, and press Enter. Are there new
addresses in the MAC address table?
Xuất hiện lại kết quả mới.
 From PC-B, ping the devices on the network and observe the switch MAC address
table.
b. From PC-B, open a command prompt and type arp -a.

Open a command prompt

Not including multicast or broadcast addresses, how many device IP-to-MAC address pairs have
been learned by ARP? Không xuất hiện device IP-to MAC address
c. From the PC-B command prompt, ping PC-A, S1, and S2.

d.
Did all devices have successful replies? If not, check your cabling and IP configurations ?
Ping tới các thiết bị đều thành công
 From a console connection to S2, enter the show mac address-table command

e. .
Open a configuration window

Has the switch added additional MAC addresses to the MAC address table? If so, which
addresses and devices?
Xuất hiện thêm nhiều địa chỉ MAC mới, là địa chỉ MAC của S1,S2 và PC-A.

From PC-B, open a command prompt and retype arp -a.

Does the PC-B ARP cache have additional entries for all network devices that were sent pings?
Có, các địa chỉ được ping đã xuất hiện.

Reflection Question
On Ethernet networks, data is delivered to devices by their MAC addresses. For this to happen,
switches and PCs dynamically build ARP caches and MAC address tables. With only a few
computers on the network this process seems fairly easy. What might be some of the challenges on
larger networks?
ARP broadcast cos thể gây loạn broadcast. Vì ARP và switch MAC table không xác thực hay kiểm tra
các địa chỉ IP đến địac chỉ MAC. Điều này có thể xuất hiện hiện tượng giả mạo các thiết bị trên mạng
Type your answers here.