Problem Help with wireshark for a newbie?

Discussion in 'Networks' started by GeekyKitty, Jan 29, 2011.

  1. GeekyKitty

    GeekyKitty New Member

    3
    0
    20
    Hi everyone! I just started my network+ course and I'm really confused by packet sniffers. Could anyone help me with these questions?

    I have this:


    Frame 1 (42 bytes on wire, 42 bytes captured)
    Ethernet II, Src: AsustekC_b3:af:31 (00:18:f3:b3:af:31), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
    Address: Broadcast (ff:ff:ff:ff:ff:ff)
    .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    .... ...0 .... .... .... .... = LG bit: Locally administered address
    (this is NOT the factory default)
    Source: AsustekC_b3:af:31 (00:18:f3:b3:af:31)
    Address: AsustekC_b3:af:31 (00:18:f3:b3:af:31)
    .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: ARP
    Address Resolution Protocol (request)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    Sender MAC address: AsustekC_b3:af:31 (00:18:f3:b3:af:31)
    Sender IP address: 172.26.1.25 (172.26.1.25)
    Target MAC address: 00:00:00_00:00 (00:00:00:00:00:00)
    Target IP address: 172.26.1.33 (172.26.1.33)


    I need to know: My guesses are in italic

    1. What is the highest level protocol that is carried in this frame? (ARP?)
    2. That is the type of packet that this protocol message is encapsulated in?
    3. What is the EtherType value (in Hex) that identifies this protocol? (0800?)
    4. Is the frame that carries this packet a broadcast or unicast frame? (Broadcast?)
     
    WIP: A+, Network+
  2. Beerbaron

    Beerbaron Megabyte Poster

    545
    9
    76
    Isnt this a little OTT for what is needed for the N+...unless they have changed the syllabus since i last did it.

    I used this briefly during my forensic course but preferred network miner when viewing the packet capture files.
     
    Certifications: BSc (Hons), MSc, ITIL v3F, MCP, MCDST, MCITP: edst7, MCTS, MCSA: Server 2003, MCSA: Windows 7, N+, NVQ IT lvl 3, MCSA Windows 7, VCP5, CCENT, CEH
    WIP: CISSP
  3. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    There's a lot of ipv6 n stuff now in the N+ but yes its still a little OTT for the N+.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  4. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    Kitty it should be broadcast not unicast, cant remember the Hex value right now but as Beerbaron has said this is above network+ material trust me.

    I had to do the Network+ last year and my boss wanted me to update to the new network+ which I did just before christmas and I can tell you that this is beyond that.

    what you should mainly be concerend about for N+ is

    What does MAC address look like?
    what does an IPv4 address look like?
    what does an IPv6 address loo like?

    different types of broadcast types like unicast etc
    difference between frames and packets
    How to view network connections and how to view IP addresses.

    All the objectives are on the compTIA website.

    You wont be asked questions like what you have put above.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  5. cisco lab rat

    cisco lab rat Megabyte Poster

    679
    88
    116
    1. What is the highest level protocol that is carried in this frame? (ARP?) YES, ARP is the highest layer protocol

    2. That is the type of packet that this protocol message is encapsulated in? ETHERNET II

    3. What is the EtherType value (in Hex) that identifies this protocol? (0800?) YES, the link layer needs to know what upper layer protocol i.e layer 3 needs to receive the data that is being carried in the frame

    4. Is the frame that carries this packet a broadcast or unicast frame? (Broadcast?) YES, you can tell from the layer 2 destination address being ff:ff:ff:ff:ff:ff and from the field below:
    .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)


    The lest significant bit in the first octet of the Layer 2 address shows if the address is a unicast or Multicast/broadcast, if the 8th bit in the octet (Least significant Bit) is 1 then we are looking at a broadcast/multicast frame.

    If the 8th bit in the first octet is set to "0" then we are looking at a unicast frame


    I would most deffo recommend that anyone getting into networking learns to use tools like wireshark, it makes all the abstract OSI, TCP/IP theory become more real when you can see the traffic flowing.
     
    Last edited: Jan 29, 2011
    Certifications: Yes I pretty much am!!
    WIP: Fizzicks Degree
  6. GeekyKitty

    GeekyKitty New Member

    3
    0
    20
    It's a combined class. ITEC 170 (college course, Networking Fundamentals) just happens to have Network+ stuffed into it and we get our certs at the end.... And if we pass the N+ exam we get 100% on our final and don't have to take them. (But i hear the chance of passing on your first go is like 2% :blink )
     
    WIP: A+, Network+
  7. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    If you've only got a 2% chance of passing by using what your college requires you to study, then I would wholeheartedly recommend using a different study tool to help you pass, because the overall pass rate for the Network+ is much, much higher than that.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  8. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    There is also a ethereal/wireshark tutorial by zebulebu pinned to the top of this forum. :biggrin
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.