Cisco 1 - Network Specialist Program

IT: Network: Cisco 1
Name:
Lab 3
Lab Time:
Cisco 1 – Lab 3
Data-Link Layer and Ethernet
In this lab, you will have the opportunity to work with both the Wireshark and the Packet Tracer
products to examine packets in an Ethernet network as they move across a local network. Wireshark
will be used to capture “live” packets, and Packet Tracer will be used to simulate two simple LAN
environments to compare the operation of Ethernet HUBs and Switches. This lab is worth 10 points.
Packet Tracer Overview
Packet Tracer is a network simulation software package made available by Cisco to students in the Cisco
Academy. Using the software, you can construct a virtual network and/or internetwork consisting of
end-nodes (servers & workstations), hubs, switches, and routers as well as appropriate LAN and WAN
interconnections. The virtual network can then be “run” to see how the different devices behave under
different types of traffic. While this is not free software, it is available to you as a student at NWTC.
Task 1: Simulate a Virtual Network with an Ethernet Hub
1. Download the Lab03-Hub Packet Tracer data file from the blackboard web site
a. Open a web browser and navigate to https://blackboard.nwtc.edu/ and login as your
user. Click on the link for your Cisco1 class.
b. Under Course Materials, click the link for Lectures & Labs, then the link for this week’s
lab (Week 3). Under the item for REQUIRED FILES, right click on C1Lab03-Hub.pkt and
save it to disk. Save it to the desktop.
2. Double click on the C1Lab03-Hub.pkt file on the desktop. This should start Cisco Packet Tracer
and open the file. If necessary, maximize this window. You will see a screen similar to the
following:
Figure 1: Hub Topology
Page 1 of 11
as of 2/9/2015
IT: Network: Cisco 1
Lab 3
This scenario consists of a LAN with a server and two workstations connected by an Ethernet
Hub.
3. We will now create a simple test message inside of Packet Tracer. Click on the icon that looks
like a closed envelope (the “open envelope” creates a complex message which is more than we
want right now)
4. Now click first on PC0 (in the main packet tracer pane) then click on Server1. This action
specified the source and destination of our test packet. If you watched really close, you might
have seen the green dots (representing activity lights) on the connections between the devices
flash as the packet moved from place to place. Just like the real world; but not overly useful in
learning.
5. Delete the simulated packet from the queue by clicking on the delete button under the Scenario
pane:
6. In the Packet Tracer window, change from Real-time mode to Simulation mode.
a. In the lower-right corner you will see the following:
This shows that the current mode is “Real-time” – traffic flows without any pause or
slowing.
b. Click the “stop watch” icon behind the Real-time icon:
You are now in Simulation mode – traffic will flow but each packet will be sent
individually and in slow motion. This will allow us to watch the traffic on the LAN.
Page 2 of 11
as of 2/9/2015
IT: Network: Cisco 1
Lab 3
7. In simulation mode, we can control the “types” of traffic we see in Packet Tracer. For this lab,
we only want to see ping packets (test messages to check connectivity).
a. In the Edit Filter dialog box, click Show All/None. All the protocols should disappear.
b. Click Edit Filters. Under the IPv4 tab, enable the ICMP protocol by putting a check mark
in its box.
c. Click anywhere outside of the Edit Filter dialog to make this dialog disappear. Your
Event List Filter should look like that shown in Error! Reference source not found.:
Figure 2: ICMP filter set
8. We will again create a simple test message inside of Packet Tracer. Click on the icon that looks
like a closed envelope (the “open envelope” creates a complex message which is more than we
want right now).
9. Now click first on PC0 (in the main packet tracer pane) then click on Server1. This action
specified the source and destination of our test packet. An icon of an envelope will appear next
to PC0; it is “ready” to send.
10. In the main Packet Tracer window, click the button for “Capture / Forward”. You should need to
click this one time only, but if you don’t see the packet move, click it once more.
Which devices did the current packet move from and to?
From:
To:
11. Click the “Capture / Forward” button a second time. Where did the packet move from and to?
From:
To:
You should have seen the packet move first from PC0 to the Hub and then from the Hub to both
Server1 and PC1.
12. Click on the packet that has arrived at PC1 as shown in Figure 3. Details about that packet will
be shown.
Page 3 of 11
as of 2/9/2015
IT: Network: Cisco 1
Lab 3
Figure 3: View packet received at PC1
In the packet details, click “Layer 2” under the “In-Layers” to see what happens at the Data-link
layer (layer-2) on PC1. If we realize that the MAC address is the Layer-2 address, what does PC1
do with this packet when it is received and why?
Page 4 of 11
as of 2/9/2015
IT: Network: Cisco 1
Lab 3
13. Repeat step 12 for the packet received by Server1. Look at what happens as the packet comes
into Layer 2, moves up to layer 3, and then is sent out of layer 3 and through layer 2.
Figure 4: Details of Packet at Server 1
Follow the actions taken by Server1 at the various in-coming and out-going layers for this
packet. What does it do and why (try to use your own words to describe what happens)?
Layer 2 under In Layers:
Layer 3 under In Layers:
Layer 3 under Out Layers:
Layer 2 under Out Layers:
14. Play the rest of the simulation by clicking on the “Auto Capture/Play” button. Notice what the
Hub does every time it receives a packet.
Page 5 of 11
as of 2/9/2015
IT: Network: Cisco 1
Lab 3
15. In this part of the simulation, the LAN is utilizing a Hub. Suppose we had 96 stations attached to
the Hub. What potential problems might you see happening in such a network?
16. Close Packet Tracer but don’t save your changes.
Task 2: Simulate a Virtual Network with an Ethernet Switch
1. Download the Lab03-Hub Packet Tracer data file from the blackboard web site
a. Open a web browser and navigate to https://blackboard.nwtc.edu/ and login as your
user. Click on the link for your Cisco1 class.
b. Under Course Materials, click the link for Lectures & Labs, then the link for this week’s
lab (Week 3). Under the item for REQUIRED FILES, right click on C1Lab03-Switch.pkt
and save it to disk. Save it to the desktop.
2. Double click on the C1Lab03-Switch.pkt file on the desktop. This should start Cisco Packet
Tracer and open the file. If necessary, maximize the program window. You will see a screen
similar to the following:
Figure 5: Switch Topology
Here we have a LAN with a server and two workstations connected by an Ethernet Switch.
3. Use the techniques you learned in the previous task send one test message from PC2 to PC3 in
Real-time mode. This allows us to see if things work and to sort of “wake the devices up”. When
it is complete, go ahead and delete the packet from the simulation.
4. Now use what you learned in the previous task to put Packet Tracer into simulation mode.
Page 6 of 11
as of 2/9/2015
IT: Network: Cisco 1
Lab 3
5. To minimize what types of packets show up in our simulation, we will again create a filter. Use
what you learned previously in this lab to configure Packet Tracer to show only ICMP packets
(refer back if you need to).
6. Use what you learned in the previous task to create a simple test message inside of Packet
Tracer from PC2 to Server2. (Refer back to earlier in the lab if you can’t remember how to do
this.)
7. Repeatedly use the “Capture / Forward” button and watch the packets as they move. You
should watch the packets as they move both from and back to PC2.
8. Briefly describe the path taken by a ping (ICMP) packet between PC2 and Server2 and back –
that is, what devices does the packet go through. Be sure to include how much PC3 is involved
in this communication. What did this happen this way?
9. What effect would using a switch instead of a hub have in an environment with a large number
of workstations?
Task 3: Cleanup Packet Tracer Files
1. Close Packet Tracer
a. When asked if you want to save your work, click No.
2. Delete the C1Lab03-Hub.pkt and the C1Lab03-Switch.pkt files from the desktop. This will give a
clean configuration for the next student using the machine.
Page 7 of 11
as of 2/9/2015
IT: Network: Cisco 1
Lab 3
Wireshark Overview
Wireshark is a protocol analyzer. This type of program has the ability to take packets off the network
wire and “decode” the packets showing individual fields in the headers as well as the data being sent.
There are many other analysis features of Wireshark, but the decoding of the packets is what we are
most interested in working with.
Figure 6: Wireshark Window
At the top of the Wireshark window, you see the Packet List Pane – this shows the list of packets that
have been captured. This also displays a very brief description of the source and destination addresses,
the protocol contained in the packet, and some amount of information about the contents of that packet.
With a packet selected in the Packet List Pane, the contents of the packet will be displayed in the Packet
Details Pane. This will show you the individual headers inside the packet including a Frame description,
the Ethernet II (Data-Link) header, and any other headers (IP, TCP, etc) contained inside the Ethernet II
packet. By default, each header is “closed” so that only the name of the header is shown. Click the ‘+’
next to the header to expand it and show the fields of the header.
Task 4: Use Wireshark to Capture and Analyze Ethernet II Frames.
In the following task, Wireshark will be used to capture and analyze packets captured on the station host
computer.
Step 1: Configure Wireshark for packet captures.
If necessary, start Wireshark by clicking the Wireshark shortcut on the Start men.
Prepare Wireshark for captures. Click Capture > Interfaces and find the Ethernet interface. Put a check
mark in the box next to that interface (it will also be the interface with Packets). Click the Start button.
This will begin the packet capture; leave the capture running while you generate some traffic to analyze.
Step 2: Start a ping to Google and capture the traffic.
a) Open a Windows terminal window. Click Start > Run, type cmd, and click OK.
Page 8 of 11
as of 2/9/2015
IT: Network: Cisco 1
Lab 3
b) Ping www.google.com, by typing ping www.google.com as shown below.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.
All rights reserved.
C:\>ping www.google.com
Pinging www.l.google.com [209.85.225.106] with 32 bytes of data:
Reply from 209.85.225.106: bytes=32 time=75ms TTL=55
Reply from 209.85.225.106: bytes=32 time=76ms TTL=55
Reply from 209.85.225.106: bytes=32 time=73ms TTL=55
Reply from 209.85.225.106: bytes=32 time=75ms TTL=55
Ping statistics for 209.85.225.106:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 73ms, Maximum = 76ms, Average = 74ms
c) When the command has finished execution, stop your Wireshark capture (Click Capture > Stop)
and close the terminal window.
Step 3: Analyze the Wireshark capture.
The first thing you may notice is that a lot of extra packets were captured by Wireshark; you will likely
have many more packets in the Packet List Pane than those generated by your pings. You will need to
scroll up and down through the List Pane to find the packets generated by your request.
To simplify things, we can filter the packets displayed so that only those matching a specific condition are
shown. Ping packets are part of a protocol called Internet Control Message Protocol or ICMP. We will
create a display filter that shows only ICMP packets.

At the top of the Wireshark screen you should see a blank Filter field. Click in the blank and type
icmp in the space (it is case sensitive; don’t type ICMP). Now click Apply.
Figure 7: Wireshark with icmp filter
Your packets will likely be different than that shown above. However, notice that there may still
be some ICMP packets not related to your ping request displayed. However, the total number of
packets is greatly reduced.

Select one of the packets marked as “Echo (ping) request” in the Info column of the Packet List
pane.
Page 9 of 11
as of 2/9/2015
IT: Network: Cisco 1
Lab 3
Figure 8: Ethernet header expanded in Packet Details Pane
In Figure 8 you can see the fields inside the Ethernet II header including the Destination, the
Source, and the Type. You can also see the information that is included in each of those fields.
The format for an Ethernet II frame is shown in Figure 9.
Figure 9: Ethernet Frame Structure

The ping requests came from your machine and eventually went to Google’s server. Use one of
your captured Echo (Ping) Request packets to answer the following questions about the Layer-2
(Ethernet II) header:
What is your computer’s Ethernet address (not the IP address – watch which header you are
looking at)?

What is the Ethernet address that that packet is being sent to?
Page 10 of 11
as of 2/9/2015
IT: Network: Cisco 1

Lab 3
Do you think the destination Ethernet address corresponds to one of Google’s servers or our
local router (used to move packets from our local network to external networks)? Justify your
answer. (Hint: Remember that the Data-link layer (Ethernet) only performs local delivery.)
Summary
In this lab, the Ethernet protocol was examined as an example of a Data-Link or Layer-2 protocol. A
preamble field contains seven bytes of alternating 0101 sequences, and one byte that signals the
beginning of the frame, 01010110. Destination and source Ethernet addresses each contain 48 bits
represented as 12 hex digits. The first six hex digits represent the manufacturer of the NIC, and the last
six hex digits contain the NIC serial number. A 4-byte frame type field contains a value that indicates the
protocol in the data field. For IPv4, the value is 0x0800. The data field is variable and contains the
encapsulated upper layer protocol. At the end of a frame, a 4-byte FCS value is used to verify that there
were no errors during transmission.
A machine transmitting an Ethernet packet will send that packet to some central device – most likely a
switch might some older networks might still use a hub. Hubs repeat received packets to ALL other
connected machines; switches examine the destination Ethernet address and repeat the packet out of
only the port that destination machine is connected to.
Packet Tracer is a Cisco product that allows us to simulate a network environment, slowing down the
packets so we can study the movement and processing of individual packets on the network.
Wireshark is protocol analyzer that will let us capture, decode, and observe live packets on the network
received by our workstation.
Page 11 of 11
as of 2/9/2015