1. Start up the ethereal program, and open up the day14.ethereal capture file. It is located in the cs023-common folder. 2. How many packets were captured in the day14.ethereal capture session? 3. Filter on arp as the Filter: value. How many ARP protocol requests were there? How many of them were "Who has ..." requests? How many were "is at" replies to those requests? 4. Do the Reset button to get back all of the packets again and turn off the filtering on arp. Tools menu, Summary command should now be used. What was the elapsed time between the first packet captured and the last packet captured? 5. What was the averaged packets per second value? 6. How many bytes of traffic occurred? Go out to the Shell prompt, and use the ls -l command to find out the exact size of day14.ethereal file in bytes. What is the size of the file? If the size of the file is different from the bytes of traffic, speculate and brainstorm on why it is different. Why? 7. Tools menu, Protocol Hierarchy Statistics. a. what percentage of the packets were ethernet? b. what were the percentage breakdown for UDP versus TCP protocols? c. what percentage used the IP protocol? 8. Filter on http to look at just the http protocol packets. a. what is the first packet (write down the Info column)? b. what is the 2nd file that is requested from the server? c. what is the name of the server? d. what is the name of the client computer? e. what is the name of the 3rd file that is requested from that server? f. what is the port number that that 3rd file will be delivered to on the client computer? g. what is the ip number of the server? h. what is the ip number of the client computer? i. what is the port number used on the server? j. what is the ip number of the client computer? 9. Ask the instructor for the URL to get to the server and the web page that was delivered by the server during June of 2003 when this capture was going on. Go look at that web page, and then view the SOURCE, i.e. the HTML for the file. 10. Open up the day15.ethereal packet capture file. 11. Answer question #2 above. 12. Answer question #3 above. 13. Answer question #8.a. above. 14. Filter on TCP. What are the three packets of communication between the client and server computer that happened before the GET request occurred. These are called the three way handshake.