From jacobson@cns.uni.edu Thu Mar 10 23:34:24 2011 Date: Thu, 10 Mar 2011 17:32:55 -0600 (CST) From: Mark Jacobson To: 810-023-01-spring@uni.edu Subject: [810-023-01-SPRING] Flash (race winner celebration) and Wireshark (TCP/IP packets) Hello 023 Microcomputer Systems students, http://www.cs.uni.edu/~jacobson/023/eth/wireshark.html is the link shown in class today. Here is what these binary numbers look like in decimal: ibase = 2 11111111 = 255 11111110 = 254 11111100 = 252 11111000 = 248 11110000 = 240 11100000 = 224 11000000 = 192 10000000 = 128 00000000 = 0 The plan for class today: 1. Group Exercise to lay the groundwork for understanding the concept of subnet masking and TCP/IP network routing between networks and within an individual network (such as 134.161.0.0, which is more commonly known as uni.edu). We used the subnet mask 255.255.224.0 and broke up a class B network into 8 different subnets. 11100000 = 224 so we has 8 subnets: subnet's what to what other way might octet call it subnet be referred to -------- -------- ------------------------- 000xxxxx 0 0 = 00000000 001xxxxx 1 32 = 00100000 010xxxxx 2 64 = 01000000 011xxxxx 3 96 = 01100000 100xxxxx 4 128 = 10000000 101xxxxx 5 160 = 10100000 110xxxxx 6 192 = 11000000 111xxxxx 7 224 = 11100000 -------- -------- ------------------------- subnet's what to what other way might the octet call it subnet be referred to 2. Introduce packet sniffing and network layering using Wireshark. Seeing the TCP/IP four layers in actual network traffic. Seeing 48 bit, 6 byte ethernet physical addresses. What layer? Data Link layer of OSI model. Term: Physical address, NIC or NAC or MAC address. NIC = Network Interface Card, NAC = Network Adaptor Card, MAC = Media Access Control or Media Access Card. Seeing the 32 bit IP number, 4 octets, w.x.y.z octets. What layer? Network layer of P D N T S P A Connecting up IP numbers to NIC addresses via arp, ARP(IP) results in a NIC (NAC or MAC) physical address. ARP requests. ARP = Address Resolution Protocol. PORTS and the TRANSPORT layer. UDP and TCP. PORT 80 = http = web server port. PORT for https, port for telnet, port for ssh secure shell, PORT for ftp, PORT for sftp (secure, encrypted ftp). Seeing PORT numbers in actual captured packets using WIREShark software. Show packets and show how to use wireshark software. Show the layers. 3. Continue with Flash Actionscript and show how to create and animate a racing rectangle that can celebrate its victory with sound and impressive "dancing" when it wins the rectangle race. 4. Handback the first page of the quiz. ********************************************************************** Estimated time: 15 minutes 1. Group exercise 30 minutes 2. Wireshark and looking at packets and layers 25 minutes 3. Flash and racing rectangles 5 minutes 4. Hand back quiz page 1 again ********************************************************************** As you know, it took close to 60 minutes to do the group exercise. We barely got started on #2, the Wireshark and networking packet analysis package. I had to show ETHEREAL packet analysis software instead of WIRESHARK, because it was taking 8 to 10 minutes to download WIRESHARK. We'll do 4, then 2, then 3 after spring break. 5 minutes 4. Hand back quiz page 1 again Solution to TIC posted on web page 45 minutes 2. Wireshark and looking at packets and layers Installing Wireshark... TCP/IP and ethernet... How to use Wireshark... 25 minutes 3. Flash and racing rectangles http://www.cs.uni.edu/~jacobson/023/eth/wireshark.html Have a great spring break! Mark