计算机网络实验报告年级：姓名：学号：实验日期：实验名称：实验八利用WireShark分析ARP协议一、实验目的1、学会使用nslookup工具查询并分析Internet 域名信息或诊断DNS 服务器。

学会使用ipconfig工具进行分析。

2、会用wireshark分析DNS协议。

对DNS协议有个全面的学习与了解。

二、实验器材1、接入Internet的计算机主机；2、抓包工具wireshark和截图工具snagit。

三、实验内容1. What is the 48-bit Ethernet address of your computer?2. What is the 48-bit destination address in the Ethernet frame? Is this theEthernet address of ? (Hint: the answer is no). What device has this as its Ethernet address? [Note: this is an important question, and one that students sometimes get wrong. Re-read pages 468-469 in the text and make sure you understand the answer here.答：实验结果如下3. Give the hexadecimal value for the two-byte Frame type field. What dothe bit(s) whose value is 1 mean within the flag field?如上图所示，Type 字段的值是0x0800，代表IP协议4. How many bytes from the very start of the Ethernet frame does the ASCII “G” in“GET” appear in the Ethernet frame?答：实验结果如下5. What is the hexadecimal value of the CRC field in this Ethernet frame?无6. What is the value of the Ethernet source address? Is this the address of your computer, or of (Hint: the answer is no). What device has this as its Ethernet address?答：这个以太网地址既不是主机以太网地址，也不是目的主机以太网地址，实验结果如下7. What is the destination address in the Ethernet frame? Is this the Ethernet address of your computer?8. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s) whose value is 1 mean within the flag field?答：9. How many bytes from the very start of the Ethernet frame does the ASCII “O” in“OK” (i.e., the HTTP response code) appear in the Ethernet frame?答：以下比特没有出现在Ethernet frame中10. What is the hexadecimal value of the CRC field in this Ethernet frame?无11. Write down the contents of your computer’s ARP cache. What is the meaning of each column value?答：实验结果如下12. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing the ARP request message?答：实验结果如下13. Give the hexadecimal value for the two-byte Ethernet Frame type field. What do the bit(s) whose value is 1 mean within the flag field?答：实验结果如下14. Download the ARP specification from ftp:///innotes/std/std37.txt. A readable, detailed discussion of ARP is also at/users/gorry/course/inet-pages/arp.html.a) How many bytes from the very beginning of the Ethernet frame does theARP opcode field begin?答：如下图，总共20个字节b) What is the value of the opcode field within the ARP-payload part of theEthernet frame in which an ARP request is made?答：实验结果如下c) Does the ARP message contain the IP address of the sender?答：实验结果如下15. Now find the ARP reply that was sent in response to the ARP request.a) How many bytes from the very beginning of the Ethernet frame does theARP opcode field begin?答：如下图，总共14个字节b) What is the value of the opcode field within the ARP-payload part of theEthernet frame in which an ARP response is made?答：如下图，the value is 0x0002c) Where in the ARP message does the “answer” to the earlier ARP requestappear – the IP address of the machine having the Ethernet address whose corresponding IP address is being queried?答：实验结果如下16. What are the hexadecimal values for the source and destinationaddresses in the Ethernet frame containing the ARP reply message?答：如下图，the value is 0x080617. Open the ethernet-ethereal-trace-1 trace file in/wireshark-labs/wireshark-traces.zip. The first and second ARP packets in this trace correspond to an ARP request sent by thecomputer running Wireshark, and the ARP reply sent to the computer running Wireshark by the computer with the ARP-requested Ethernet address. But there is yet another computer on this network, as indiated by packet 6 – another ARPrequest. Why is there no ARP reply (sent in response to the ARP request inpacket 6) in the packet trace?Extra CreditEX-1. The arp command: arp -s InetAddr EtherAddrallows you to manually add an entry to the ARP cache that resolves the IP address InetAddr to the physical address EtherAddr. What would happen if, when you manually added an entry, you entered the correct IP address, but the wrong Ethernet address for that remote interface?EX-2. What is the default amount of time that an entry remains in your ARP cache before being removed. You can determine this empirically (by monitoring thecache contents) or by looking this up in your operation system documentation.Indicate how/where you determined this value.四、实验总结1、通过实验对arp有了更深的了解2、通过实验增强了自己的动手能。