WIRESHARK PACKET ANALYSIS :Focus Questions/Activities:
ARP
Capture and ARP packet (use the arp_resolution.pcap file if you cannot do it directly). Inspect the packet and see if you can fill in all the fields in the table in Figure 6-2 on page 88
Work through the ARP Request and Response sections on pages 88/89.
IP
Capture an IP packet (use a precaptured one from lotsofweb.pcap if you need to)
Fill in the information in Figure 6-9.
Use ip_frag_source.pcap to work through the fragmentation section on page 95. Reflect of the differences between fragmentation at the IP level and at the Ethernet level. (300 words)
TCP
Capture a TCP packet
Inspect the the ports associated with the packet, indicating what application is associated with that port
UDP
Capture a UDP packet (you might have to get one from udp_dnsrequest.pcap)
Fill in the information in table 6-27. (Reflect on why this information is so much less than for TCP)
Inspect the the ports associated with the packet, indicating what application is associated with that port
Have a look at ICPM packets and reflect on their usefulness. In particular consider the PING utility.
