TCP/IP and the DoD Model
133
Total Length: 60
Identifier: 56325
Fragmentation Flags: %000
Fragment Offset: 0
Time To Live: 32
IP Type: 0x01 ICMP
Header Checksum: 0x2df0
Source IP Address: 100.100.100.2
Dest. IP Address: 100.100.100.1
No Internet Datagram Options
ICMP - Internet Control Messages Protocol
ICMP Type: 8 Echo Request
Code: 0
Checksum: 0x395c
Identifier: 0x0300
Sequence Number: 4352
ICMP Data Area:
abcdefghijklmnop 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d
qrstuvwabcdefghi 71 72 73 74 75 76 77 61 62 63 64 65 66
Frame Check Sequence: 0x00000000
The Ping program just uses the alphabet in the data portion of the packet as
a payload, up to 100 bytes by default.
If you remember reading about the Data Link layer and the different
frame types in Chapter 1, you should be able to look at the preceding trace
and tell what type of Ethernet frame this is. The only fields are destination
hardware address, source hardware address, and Ether-Type. The only
frame that uses an Ether-Type field exclusively is an Ethernet_II frame.
(SNAP uses an Ether-Type field also, but only within an 802.2 LLC field,
which isn't present in the frame.)
Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP) finds the hardware address of a host
from a known IP address. Here's how it works: When IP has a datagram to
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com