Step 1: Review the Ethernet II header field descriptions and lengths. A Wireshark capture will be used to examine the contents in those fields. In Part 1, you will examine the header fields and content in an Ethernet II frame. 1 PC (Windows with internet access and with Wireshark installed) Instructions Part 1: Examine the Header Fields in an Ethernet II Frame.The screenshots in this lab were taken from Wireshark v2.4.3 for Windows 10 (64bit). It also assumes that Wireshark has been pre-installed on the PC. Instructor Note: This lab assumes that the student is using a PC with internet access. In Part 2, you will use Wireshark to capture and analyze Ethernet II frame header fields for local and remote traffic. In the first part of this lab, you will review the fields contained in an Ethernet II frame. When learning about Layer 2 concepts, it is helpful to analyze frame header information. For example, if the upper layer protocols are TCP and IP and the media access is Ethernet, then the Layer 2 frame encapsulation will be Ethernet II. The frame composition is dependent on the media access type. When upper layer protocols communicate with each other, data flows down the Open Systems Interconnection (OSI) layers and is encapsulated into a Layer 2 frame. Part 2: Use Wireshark to Capture and Analyze Ethernet Frames Background / Scenario.Part 1: Examine the Header Fields in an Ethernet II Frame.You'll get list, in ascending order of frequency, of each unique src, dst and proto combination present within your sample file.7.1.6 Lab – Use Wireshark to Examine Ethernet Frames Topology For example, if you append this to that command line: |sort -n |uniq -c |sort -n Under Linux (which is what I use), you can easily pipe the output of that into various other utility programs. If you'd prefer to eliminate the non-IPv4 packets, just add a filter: tshark -r -2 -Tfields -R ip -eip.src -eip.dst -eframe.protocols With that command line, you'll get exactly those fields, but be aware that some lines, such as those with ARP packets, won't have IP addresses (because they're not IP packets), and that IPv6 packets won't show IP addresses because those field names ( ip.src and ip.dst) are only for IPv4. So with that approach in mind, you could use this: tshark -r -2 -Tfields -eip.src -eip.dst -eframe.protocols When I've done that sort of thing before, I typically use tshark to extract the data and then other tools (Python, Perl, awk, etc.) to further refine the resulting data.
0 kommentar(er)
