source and destination MAC addressess?

Discussion in 'Homework Help' started by notoriusjt2, Dec 12, 2011.

  1. notoriusjt2

    Thread Starter Member

    Feb 4, 2010
    209
    0
    I think I may be over-analyzing this question...

    Determine the source and destination Ethernet MAC addresses from the following Ethernet frame header HEX dump....

    00 13 49 63 5c 68 c0 cb 38 87 8a a7 08 00


    according to this site

    http://www.erg.abdn.ac.uk/~gorry/eg3561/lan-pages/mac.html

    the destination is the first group of 6 bytes and the source is the second group of 6 bytes. Is it really that easy?

    Source = c0:cb:38:87:8a:a7
    Destination = 00:13:49:63:5c:68
     
  2. thatoneguy

    AAC Fanatic!

    Feb 19, 2009
    6,357
    718
    Yes, it's pretty straightforward and easy to "sniff" and deconstruct streams on a network.

    The layout also allows basic switches to limit communication between two computers without the rest of the network seeing the traffic. If the addressing was more complicated, switches couldn't do that amount of isolation at Gigabit speeds.
     
  3. notoriusjt2

    Thread Starter Member

    Feb 4, 2010
    209
    0
    Thanks!! Then it goes on to ask a follow up question that is basically the reverse process of the first...

    Encode (write the hex values) the Ethernet frame header using the following source and destination Mac addresses with ARP payload.
    Source MAC: 0:d0:b8:15:f5:15
    Destination MAC: 1:0:5e:7f:ff:fa

    I get that the destination will go first and the source will go second like so... 1:0:5e:7f:ff:fa:0:d0:b8:15:f5:15 but does that ARP payload change anything?
     
  4. thatoneguy

    AAC Fanatic!

    Feb 19, 2009
    6,357
    718
    arp matches IP address to MAC address, it is normally cached on all devices.
     
  5. notoriusjt2

    Thread Starter Member

    Feb 4, 2010
    209
    0
    So what are they asking for dotted notation?
     
  6. thatoneguy

    AAC Fanatic!

    Feb 19, 2009
    6,357
    718
    arp is what translates MAC addresses into IP addresses, which is the dotted octets 255.255.255.255 being the max.

    You can broadcast to find the MAC of the machine configured with that IP address, though it isn't on the same physical layer (The IP Address is part of TCP/IP, not ethernet, but they are related via the network stack to make a network run)
     
  7. notoriusjt2

    Thread Starter Member

    Feb 4, 2010
    209
    0
    i gotcha, but when it says "with ARP payload", does that mean I have to encode the answer into dotted octets? or is it just there to make me over-think again!!
     
  8. thatoneguy

    AAC Fanatic!

    Feb 19, 2009
    6,357
    718
    It's just a tag to indicate packet type, such as collision detect/resent, etc. The actual parts of the TCP/IP stack that deal with arp are higher up in the OSI model, while we are looking at the physical layer here. The IP address is a payload.

    Some "features" of have necessarily been added to the physical layer to make the OSI model process faster, and work over any medium, such as token ring on fiber or Ethernet on cat 5. As long as all physical layers provide the higher layers with the expected information (and vice-versa), the network runs.

    --ETA: Download an ethernet sniffer for your OS, run it, and ping your router, you'll understand a whole lot more by viewing the data "on the wire", so to speak. Far more than I could explain in words, just watching the streams lets you see the story. It's like the old saying "A Sniffer log is worth a thousand words"
     
  9. notoriusjt2

    Thread Starter Member

    Feb 4, 2010
    209
    0
    I guess I'm asking this question. The answer to that question in my second post, is that the correct format?
     
Loading...