Look at some ethernet frames

 

I downloaded a file. While doing so, I captured the datastream (i.e., all packets that came and went) using Wireshark then saved it. The result was two files. First of course, the downloaded copy of my target file. Second, the "capture file" containing the history of packet exchanges that accomplished that download job. Please download this zip file containing the capture file. Unzip it to obtain the capture file. It is named frame-exercise1.pcap. Open it in Wireshark. You will see the frames that were in my datastream.

The 3 main components of the interface are the packet list pane (top), the packet details pane (middle), and the packet bytes pane (bottom). In the packet list pane add a column that will show the size of each packet-- Edit/Preferences/Appearance/Columns/add (plus sign). Set Title to the word "Size" and Format to "Packet length (bytes)" from the dropdown list. Select the new column within the column list, and move it up so it's the second column. You can sort packets in the packet list pane by clicking on any column title. So now you can sort them by size.

The assignment to perform:

Submit your answers to the questions following these preparation and submittal instructions (you will use ftp to deposit your answer file in your "assignments" subdirectory on sputnik). Please name your file "frames.txt". I will grade these using an automated script, so the format of the answer is critical to intelligibility.


1. The number of frames in this datastream was
 a. 14
 b. 20
 c. 1012
 d. 1350
 e. 1500
 f. 1514

2. Their average length/size (in bytes) was  ____________________
 a. 14
 b. 20
 c. 1012
 d. 1350
 e. 1500
 f. 1514

3. The most common frame size was ____________________
 a. 14
 b. 20
 c. 1012
 d. 1350
 e. 1500
 f. 1514

4. The maximum frame size was ____________________
 a. 14
 b. 20
 c. 1012
 d. 1350
 e. 1500
 f. 1514

5. For any of the max-sized frames, the size of  its ethernet payload portion was
 a. 14
 b. 20
 c. 1012
 d. 1350
 e. 1500
 f. 1514

6. For that frame, the size of the balance (non-ethernet-payload) of the packet was
 a. 14
 b. 20
 c. 1012
 d. 1350
 e. 1500
 f. 1514

7. For that frame (and all the others like it) Wireshark names its highest-level payload (see the packet details pane). It's
 a. ethernet (ethernet protocol)
 b. ip (internet protocol)
 c. udp (user datagram protocol)
 d. tcp (transmission control protocol)
 e. ftp-data (file transfer protocol)
 f. http (hypertext transfer protocol)

8. The oberved value of the maximum frame size is interesting. It could not be any larger because:
 a. ethernet doesn't allow it
 b. ip doesn't allow it
 c. udp doesn't allow it
 d. tcp doesn't allow it
 e. ftp doesn't allow it
 f. http doesn't allow it

 

   ________________________________________________________________________________________________________