Hello, i would like to ask you guys / girls to help me a little. I got a Ethereal/WireShark log and i need to analyze it, but i can`t to do all...(today i see first time a log like this, dunno where i can start, or what mean very much thing in the log, the courses is more theoretical so don`t have much partice and the prof just added this homework, we don`t got any notice) Pls if somebody can help, or know a good site where i can learn what mean that things in the log file, or how to earn the data from that logfile pls tell me.... Thx again
here is some question....
* What DLL/MAC layer addresses can be seen in the trace?
* What IP addresses can be seen in the trace?
* How do the DLL/MAC and IP addresses map to each other?
* What is the Ethernet packet type and what does it mean?
* Can you tell from the trace file which Ethernet card is used to capture the traffic data, a normal 10/100M Ethernet card or an 802.11b wireless card?
* Can you deduce anything about the network topology on which this trace was taken, i.e. on which machine is the trace being taken? How many hosts are on the local network? What is the default gateway? What is the network mask? Which hosts are on the local network? Which ones are remote?
* How "far" away are the remote hosts?
* What different IP packet types can be seen what does each mean?
* Does IP fragmentation occur?
* Why would some packets have the "Don't fragment" bit set?
* Why the difference in the TTL values? If there was suddenly a change in the reported TTL, what would that be an indicator of?
* Are there any protocols that appear to be operating differently than as described in class?
* This packet trace is full of surprises, especially for someone who has never looked at a packet trace in detail before. List a few observations that were surprising to you including details of the observation and why it was particularly noteworthy.
There is the log file
http://www.filecrunch.com/fileDownload.php?sub=16a307ad13cff747d2e28e37abd0628d&fileId=145967
here is some question....
* What DLL/MAC layer addresses can be seen in the trace?
* What IP addresses can be seen in the trace?
* How do the DLL/MAC and IP addresses map to each other?
* What is the Ethernet packet type and what does it mean?
* Can you tell from the trace file which Ethernet card is used to capture the traffic data, a normal 10/100M Ethernet card or an 802.11b wireless card?
* Can you deduce anything about the network topology on which this trace was taken, i.e. on which machine is the trace being taken? How many hosts are on the local network? What is the default gateway? What is the network mask? Which hosts are on the local network? Which ones are remote?
* How "far" away are the remote hosts?
* What different IP packet types can be seen what does each mean?
* Does IP fragmentation occur?
* Why would some packets have the "Don't fragment" bit set?
* Why the difference in the TTL values? If there was suddenly a change in the reported TTL, what would that be an indicator of?
* Are there any protocols that appear to be operating differently than as described in class?
* This packet trace is full of surprises, especially for someone who has never looked at a packet trace in detail before. List a few observations that were surprising to you including details of the observation and why it was particularly noteworthy.
There is the log file
http://www.filecrunch.com/fileDownload.php?sub=16a307ad13cff747d2e28e37abd0628d&fileId=145967