wire shark assignment .
           


                          Team1: swarna,Anusha,Neelesh,Yuga

Examine the Ethernet Frames using the Wireshark

Machine Used:

IP address: 10.9.106.28
MAC address: 00-0C-29-05-C5-A8

First we examines what are the fields present in an ethernet frame

Preamble	Destination Address	Source Address	Frame Type	Data	FCS
8 Bytes(64bits)	6 Bytes	6 Bytes	2 Bytes	46 – 1500 Bytes	4 Bytes

Examining the Ethernet Frames:

1.First my IP configuration is retrieved

Physical Address:00-0C-29-05-C5-A8
IP Address: 10.9.106.28
Default Gateway: 10.9.106.250

2.A ping is issued from my host PC to the default gateway
ping 10.9.106.250

3.arp or icmp data is filtered

Field	Value	Description
Preamble	Not shown in capture	This field contains synchronizing bits, processed by the NIC hardware.
Destination Address	Broadcast (ff:ff:ff:ff:ff:ff)	Layer 2 addresses for the frame. Each address is 48 bits long, or 6 octets, expressed as 12 hexadecimal digits, 0-9,A-F. A common format is 12:34:56:78:9A:BC. The first six hex numbers indicate the manufacturer of the network interface card (NIC), the last six hex numbers are the serial number of the NIC. The destination address may be a broadcast, which contains all ones, or a unicast. The source address is always unicast.
Source Address	vmware_05:c5:a8
Frame Type	0x0806	For Ethernet II frames, this field contains a hexadecimal value that is used to indicate the type of upper-layer protocol in the data field. There are numerous upper-layer protocols supported by Ethernet II. Two common frame types are: Value        Description 0x0800    IPv4 Protocol 0x0806  Address resolution protocol (ARP)
Data	ARP	Contains the encapsulated upper-level protocol. The data field is between 46 – 1,500 bytes.
FCS	Not shown in capture	Frame Check Sequence, used by the NIC to identify errors during transmission. The value is computed by the sending machine, encompassing frame addresses, type, and data field. It is verified by the receiver.

1)What is the significance of the Destination Address field?
A:
The significance of the Destinations field(ff:ff:ff:ff:ff:ff) is that it is a broadcast address that it is send to all the devices in the network.

2)Why does the PC send out a broadcast ARP prior to sending the first ping request?

A:
PC sends out a  broadcast ARP prior to the first ping request in order to know the MAC address of all the hosts so that it can have the other  MAC address in its ARP cache.

Suppose when it has to ping , host2 then the PC checks its ARP cache whether it has the MAC address of the host2 in ARP cache.If MAC address of the host is not present then it will send ARP request broadcast frame to all the host with the reference IP of host2.Other host in the network will discard the frame but host2 as the IP matches wills end out its MAC address.

3)What is the MAC address of the source in the first frame? 

00-0C-29-05-C5-A8

What is the Vendor ID (OUI) of the Source’s NIC?

The first six bytes of the source address will be the manufacturer of the NIC or the vendor ID 

What portion of the MAC address is the OUI?

A:The first six bytes of the MAC address is the OUI

What is the Source’s NIC serial number? 

A:    05:c5:a8 last six hexa numbers of source address is the source NIC serial number