• Address Resolution Protocol (ARP):
○ First, inorder to send TCP/IP , the computer first sends out an ARP request
○ It means, the computer wants to send to another IP address but it doesnt know the MAC address. The other computer will respond back by telling its MAC address
○ ARP is sent as an broadcast.
○ ARP format is as below:
○
§ Hardware Type: Ethernet is type 1
§ Protocol Type: This could be IPv4 which will be listed as 0X0800
§ Hardware Address Length: This could be like a number 6 for Ethernet
§ Protocol Address Length: This is number 4 for IPv4
§ Operation: Tells the operation that the sender is doing. 1 stands for ARP request and 2 stands for ARP reply
§ Then , we have senders hardware address and the protocol address
§ Lastly, we have target's hardware and protocol address
○ In Wireshark,
○
§ We will see that the MAC address listed under Target MAC is bunch of zeros since the sender doesnt know the MAC and is asking for it using ARP request (1)
○ ARP helps to resolve the MAC address so that we can then go onto next layer
○ It is a Layer 2 protocol. But, it has Layer 3 information(IP address)
○ Each device has an ARP table and both the source and destination will add each other to its ARP table entry
• Internet Protocol:
○ We can denote the IP and net mask using cidr notation also. (cidr= classless interdomain routing notation)
○ For eg., 192.168.0.1 with netmaskof 255.255.0.0 can be represented using cidr notation as 192.168.0.1 /16
○ In Wireshark,
§ Use the IPv4 Packet Format that we saw previously
§ IP version is 4
§ IP header length is 20 (here, no padding + option)
§ Total length is 40 (header +data)
§ ID is the ID number for the actual packet (here: 18242). So, we know exactly which packet we are using
§ Flag will be used if the packet is part of a larger sequence of packets
§ Here, Don't Fragment = 1 means no other fragments.
§ TTL (Time to Live ) here is 128. It is used to prevent the packet from looping around and around on the internet
§ Protocol for this packet is TCP
§ Then we have Source IP, Destination IP and any Options
○ The fragment size depends upon the MTU (Maximum transmission Unit of the layer-2 protocol). For eg., if we use ethernet, the maximum packet size is 1500 bytes. So, the IP fragmentation would occur if the IP packet was over 1500.
§ In above example, we see that More is set to 0 since there are no fragments along with it. Also, in a series, if this was the last packet even then this value will be zero as it is the last packet and no more packets are after this
§ The Fragment Offset gives details about where the fragment falls in the series
No comments:
Post a Comment