source and destination MAC addressess?

Thread Starter

notoriusjt2

Joined Feb 4, 2010
209
I think I may be over-analyzing this question...

Determine the source and destination Ethernet MAC addresses from the following Ethernet frame header HEX dump....

00 13 49 63 5c 68 c0 cb 38 87 8a a7 08 00


according to this site

http://www.erg.abdn.ac.uk/~gorry/eg3561/lan-pages/mac.html

the destination is the first group of 6 bytes and the source is the second group of 6 bytes. Is it really that easy?

Source = c0:cb:38:87:8a:a7
Destination = 00:13:49:63:5c:68
 

thatoneguy

Joined Feb 19, 2009
6,359
Yes, it's pretty straightforward and easy to "sniff" and deconstruct streams on a network.

The layout also allows basic switches to limit communication between two computers without the rest of the network seeing the traffic. If the addressing was more complicated, switches couldn't do that amount of isolation at Gigabit speeds.
 

Thread Starter

notoriusjt2

Joined Feb 4, 2010
209
Thanks!! Then it goes on to ask a follow up question that is basically the reverse process of the first...

Encode (write the hex values) the Ethernet frame header using the following source and destination Mac addresses with ARP payload.
Source MAC: 0:d0:b8:15:f5:15
Destination MAC: 1:0:5e:7f:ff:fa

I get that the destination will go first and the source will go second like so... 1:0:5e:7f:ff:fa:0:d0:b8:15:f5:15 but does that ARP payload change anything?
 

thatoneguy

Joined Feb 19, 2009
6,359
arp is what translates MAC addresses into IP addresses, which is the dotted octets 255.255.255.255 being the max.

You can broadcast to find the MAC of the machine configured with that IP address, though it isn't on the same physical layer (The IP Address is part of TCP/IP, not ethernet, but they are related via the network stack to make a network run)
 

Thread Starter

notoriusjt2

Joined Feb 4, 2010
209
i gotcha, but when it says "with ARP payload", does that mean I have to encode the answer into dotted octets? or is it just there to make me over-think again!!
 

thatoneguy

Joined Feb 19, 2009
6,359
It's just a tag to indicate packet type, such as collision detect/resent, etc. The actual parts of the TCP/IP stack that deal with arp are higher up in the OSI model, while we are looking at the physical layer here. The IP address is a payload.

Some "features" of have necessarily been added to the physical layer to make the OSI model process faster, and work over any medium, such as token ring on fiber or Ethernet on cat 5. As long as all physical layers provide the higher layers with the expected information (and vice-versa), the network runs.

--ETA: Download an ethernet sniffer for your OS, run it, and ping your router, you'll understand a whole lot more by viewing the data "on the wire", so to speak. Far more than I could explain in words, just watching the streams lets you see the story. It's like the old saying "A Sniffer log is worth a thousand words"
 
Top