FAST NUCES

Assignment-3 - Complex Engineering Problem

SUBJECT:
DCN
Submitted By:
Talha Bin Qasim
Roll#:
22L-6283
Date:
25-November-2024
Submitted to:
Dr. Saima Zafar
Q No.1
Part 1: ARP Request and ARP Table
Question:

What will the ARP request look like in terms of its structure?
ARP Request Content:
• Hardware Type
• Protocol Type
• Hardware Address Length
• Protocol Address Length
• Operation Code
• Sender MAC Address
• Sender IP Address: 192.168.1.10
• Target MAC Address
• Target IP Address: 192.168.1.20

What destination MAC address will the ARP request have, and why?
Destination MAC Address:
The ARP request will have a destination MAC address FF:FF:FF:FF:FF:FF to be sent to all
devices on the local network to find the device with the corresponding IP address.

How does the device B with IP address 192.168.1.20 respond, and what will
the ARP response contain?
Response:
Device B will receive the ARP request and its IP address matches, then Device B then sends
an ARP response directly to Device A, with its MAC address.

Response Content:
Hardware Type
Protocol Type
Hardware Address Length
Protocol Address Length
Operation Code
Sender MAC Address: 00:1A:2B:3C:4D:60
Sender IP Address: 192.168.1.20
Target MAC Address: 00:1A:2B:3C:4D:5E
Target IP Address: 192.168.1.10

Part 2: Handling of ARP Cache/Table

Question:

How does the ARP cache work, and what is the purpose of caching the IP-to-
MAC address
mapping?
How Does the ARP Cache Work?
When a device tries to communicate with another device on the same network, it first
checks its ARP cache to see if it already has the MAC address corresponding to the IP
address of other device.
If the ARP cache has the entry, the device can directly use this MAC address to send the
packet. Otherwise, the device sends an ARP request to all devices in the network, to get the
MAC address of the device with the given IP address.
The target device responds with an ARP response, containing its MAC address.
Then first device updates its ARP cache with this new entry, mapping the IP address of
second Device to its MAC address.

Purpose of Caching:
• By caching devices don’t have the need to send ARP requests for every packet they
want to send.
• Devices can immediately use the MAC address from the cache rather than waiting for
an ARP response.

If the ARP cache entry for 192.168.1.20 expires after 20 minutes, what will
happen when 192.168.1.10 needs to communicate with 192.168.1.20 again
after the cache expiration?
If the ARP cache entry for 192.168.1.20 has expired and 192.168.1.10 needs to communicate
with 192.168.1.20 again, 192.168.1.10 will perform the ARP process again.
192.168.1.10 will send a new ARP request to the network, asking for the MAC address
corresponding to 192.168.1.20.
192.168.1.20 will reply with its MAC address (00:1A:2B:3C:4D:60), and 192.168.1.10 will
update its ARP cache with this new information.

Part 3: ARP Broadcast and Security Concerns

Question:

What are the potential consequences of ARP spoofing in this network?

ARP spoofing can lead to several security issues in a network, such as:
Man-in-the-Middle Attacks
Denial of Service Attacks
Session Hijacking
Data Theft

How could the device with IP address 192.168.1.10 be affected by this attack?
When Device A (192.168.1.10) is affected by this attack:
1. Misrouted Traffic: Device A might send its traffic meant for Device B to the attacker
instead, leading to data theft.
2. Communication Disruption: Device A might experience disrupted communication
with Device B, impacting network reliability.
3. Security Breach: Device A’s sensitive data, such as login credentials or confidential
files, might be exposed to the attacker.

How can ARP spoofing be detected and mitigated in a network?

Detection:
1. Static ARP Entries: Manually set static ARP entries on devices to ensure correct IP-to-
MAC address mappings.
 2. MAC Address Validation: Regularly validate the MAC addresses of critical devices
against known mappings.
3. Network Traffic Analysis: Analyze network traffic for unexpected changes in MAC
addresses.
Mitigation:
1. Dynamic ARP Inspection: Implement Dynamic ARP Inspection on network switches to
check ARP packets against a trusted database.
2. Port Security: Enable port security on switches to limit the number of MAC addresses
per port.
3. Segmentation: Segment the network into smaller subnets and limit the broadcast
domain.
4. Regular Updates and Patches: Keep network devices updated with the latest
firmware and security patches to protect against known vulnerabilities.

Part 4: ARP Request in Different Scenarios

Question:
What happens when 192.168.1.10 sends an ARP request to resolve the MAC
address of 192.168.1.1?
1. ARP Request:
When device 192.168.1.10 wants to communicate with the device on a different subnet
(10.0.0.5), it needs to send the packet to the router (192.168.1.1).
Device 192.168.1.10 will first check its ARP cache for the MAC address of 192.168.1.1. If the
MAC address is not found, it will send an ARP request.
Structure of ARP Request:
• Hardware Type
• Protocol Type
• Hardware Address Length
• Protocol Address Length
• Operation Code
• Sender Hardware Address: 00:1A:2B:3C:4D:5E
• Sender Protocol Address: 192.168.1.10
• Target Hardware Address: unknown
 • Target Protocol Address: 192.168.1.1
Destination MAC Address:
• The ARP request will have a destination MAC address of FF:FF:FF:FF:FF:FF. As, the
ARP request needs to be sent to all devices on the local network to find the device
with the corresponding IP address.

What will the ARP reply from the router contain, and how does the device
192.168.1.10 use this information to forward the packet?

ARP Reply from the Router

The router (192.168.1.1) will receive the ARP request and find that it is the target.
The router will then send an ARP reply directly to device 192.168.1.10, containing its MAC
address.

Structure of ARP Reply:

• Hardware Type
• Protocol Type
• Hardware Address Length
• Protocol Address Length
• Operation Code
• Sender Hardware Address: 00:1A:2B:3C:4D:5F
• Sender Protocol Address: 192.168.1.1
• Target Hardware Address: 00:1A:2B:3C:4D:5E
• Target Protocol Address: 192.168.1.10

Using the Information:

• Device 192.168.1.10 will receive the ARP reply from the router.
• It will update its ARP cache to store the new mapping: IP address 192.168.1.1 to MAC
address 00:1A:2B:3C:4D:5F.
• Device A encapsulates the packet for 10.0.0.5 with the following:

Destination MAC Address: 00:1A:2B:3C:4D:5F (Router’s MAC)

 Source MAC Address: 00:1A:2B:3C:4D:5E

Payload: The IP packet with the destination IP address of 10.0.0.5.

• The router will use this information to forward the packet to the destination.

Q No.2

Part 1: Frame Structure (IEEE 802.3 Ethernet Frame)

Total Size of an Ethernet Frame

• Minimum Size: 64 bytes
• Maximum Size: 1518 bytes

Purpose of the following fields: Destination MAC address, Source MAC

address, Length/Type field, Data/Payload, and CRC:
1. Destination MAC Address (6 bytes):
o Specifies the MAC address of the intended recipient, ensuring the frame
reaches the correct device on the network.

2. Source MAC Address (6 bytes):

o Contains the MAC address of the device sending the frame.

3. Length/Type Field (2 bytes):

o Indicates the length of the payload or the type of the protocol encapsulated
in the frame. Also helps to distinguish between different frame types and
higher-layer protocols.

4. Data/Payload (46–1500 bytes):

o Contains the actual data being transmitted, carrying the information or
message to the destination.

5. Cyclic Redundancy Check (CRC) (4 bytes):

o A checksum calculated from the frame contents to ensure integrity by
allowing the receiver to detect transmission errors.
Part 2: Collision Domain and CSMA/CD Protocol

What constitutes a "collision domain" in this setup?

• A collision domain refers to the segment of the network where data packets can
collide if two devices transmit simultaneously.

How does the CSMA/CD protocol work in terms of detecting and recovering
from collisions in the context of a hub-based network?
1. Carrier Sense: Devices listen to the medium to check if it is idle before transmitting.
2. Multiple Access: Multiple devices share the same medium.
3. Collision Detection: Devices monitor the medium during transmission to detect
collisions.

Steps in CSMA/CD Protocol:

1. A device listens to ensure the medium is idle.
2. If idle, the device transmits its frame.
3. While transmitting, the device monitors the medium for collisions.
4. If a collision is detected:
o The device stops transmitting and sends a jam signal to notify all devices of
the collision.
o Each device involved waits for a random backoff time before attempting to
retransmit.

What happens when a collision occurs, and how do devices handle it?
• When a collision occurs:
1. Both transmitting devices detect a sudden increase in signal amplitude.
2. A jam signal is sent to all devices in the collision domain.
3. Devices stop transmitting and compute a random backoff time using the
Binary Exponential Backoff algorithm.
4. After the backoff time, devices reattempt transmission.

Part 3: Transition to Switches

How does the switch affect the collision domain?
• A switch divides the network into separate collision domains for each port, unlike a
hub where all devices share a single collision domain. Each connected device has its
own collision-free communication channel.

How does the switch impact the performance of the network, particularly in
terms of collision detection and data transmission efficiency?
1. Collision Detection:
o Switches eliminate shared collision domains, making collisions virtually non-
existent in switched networks. CSMA/CD is no longer required for full-duplex
communication.
2. Data Transmission Efficiency:
o Devices can operate in full-duplex mode, allowing simultaneous sending and
receiving of data.
o Switches use MAC address tables to forward frames only to the recipient,
reducing unnecessary broadcasts and improving bandwidth utilization.
3. Scalability and Speed:
o Switches enable more devices to communicate simultaneously without
interfering with one another.
o Increased overall throughput and reduced latency enhance network
performance significantly.