1. Ethereal Freezing: I installed the
downloaded exe file on
Windows 98, but every time I try to open example.cap, the program freezes and I
get the Not Responding thing.
Answers: According to the FAQ the win32 binary is
supposed to look for the WinPCap stuff (download it
from http://netgroup-serv.polito.it/winpcap/) and disable capturing if it doesn't find
it. Make sure you
have installed that
library (GTK+ and Perl as well) and giving it another shot. Also, some
students report that in win98 and win2k, it takes a really long time to load a file. So you
might just want to wait a while and see what happens.
2. Ethereal Filters
I tried to use a filter so I could look
only at the GET packets.
And when I tried to add the new filter, my computer
crashed rather violently. Anyone got any ideas?
Answers: Go to www.ethereal.com and read the documentation; they have a
pretty good manual up there. I had the
program segfault on me once or twice when I was playing with the filters,
too. Mostly, though, they seem to work
well.
3. Is there an easy way to answer the how many bytes are
transferred from xxxx to yyyyy question?
In Ethereal if you right click on a packet in a given TCP stream
and then choose “Follow TCP Stream”. At the bottow left of the window, it
allows you to see both sides of the stream together or just one side at a time.
It also displays the number of bytes in each direction.
You should also be able to simply subtract the sequence number of
the first packet in the stream from the sequence number of the last sequence
number of the stream in each direction (I would expect that is how Ethereal is
doing it anyway).
Does
anyone know how we're supposed to turn the homeworks
in? What format should the homeworks be
in- text file? HTML?
Answers: We prefer
electronic submission - in the case of homework1, I think by email to cs519 wouild be fine. For right now, we would
suggest saving the html file, inserting your answers and waiting for
further instructions.
About Detailed Questions:
1. About Q2
(1) In Question 2, it said
”Does this imply anything
about how long it has been since traffic was exchanged with that machine?"
what is "that
machine"? is it the oreilly server?
Answers:
The question
makes perfect sense if you take "that machine" to be www.oreilly.com, so I assume so.
(2)And
for packet 2.. anyone understand why the destination
is 255.255.255.255 rather than 192.168.1.100? shouldn't a
DHCPACK be a unicast?
A1: I was wondering this...I have a bad feeling
that DHCP is permitted to *assign* hardware addresses,
although I found RFC 2131 too dense to answer that immediately.
A2: No, DHCP
does not assign MAC addresses.
There is a bit in DHCP requests that can
be set to indicate whether a client would like the server's response
unicast or broadcast. The reasoning
for this is described in section 2 of RFC 2131:
To work around some clients that cannot accept IP unicast datagrams before
the TCP/IP software is configured as discussed in the previous paragraph,
DHCP uses the 'flags' field [21]. The
leftmost bit is defined as the BROADCAST (B) flag.
Section 3.2 discusses how the server
interprets this flag:
If the 'giaddr' field in a DHCP message from a client is
non-zero the server sends any return messages to
the 'DHCP server' port on the BOOTP relay agent whose address appears in
'giaddr'. If the 'giaddr' field is zero and the 'ciaddr' field is
nonzero, then the server unicasts DHCPOFFER and DHCPACK messages to
the address in 'ciaddr'.
If 'giaddr' is zero and 'ciaddr' is zero, and the broadcast bit
is set, then the server broadcasts DHCPOFFER
and DHCPACK messages to 0xffffffff. If the broadcast bit is not set and
'giaddr' is zero and 'ciaddr' is zero, then the server unicasts DHCPOFFER and
DHCPACK messages to the client's hardware address and 'yiaddr' address. In all cases, when 'giaddr' is zero, the
server broadcasts any DHCPNAK messages to 0xffffffff.
In other
words, if there is no DHCP relay ("giaddr") and the client doesn't
yet have its IP address configured ("ciaddr"), it can request either
unicast or broadcast (0xffffffff) replies.