1. I used a tool called, wireshark to dump network packet in libpcap(*.pcap) format and fed it into
stak to give me output as Prof. Harris showed.
2. I captured several packet. The simple of them was a ping command. The stack it uses in request and
reply is like: ether-ip-icmp-none. ICMP is Internet Control Message Protocol.
3. The request and response for ping command is like this:
----------------------------------------------------------------------------------
[27.00718.00973](0.00006.00987) CAPTURE-00020 74/74
PROVIDER:ether USER:ip <14+60>
Available bytes:74
src:00-16-9c-38-78-40 dst:00-1a-73-26-9b-b4 length: 2048
PROVIDER:ip USER:icmp <20+40>
Available bytes:60
4 src:134.48.6.129 dst:10.160.3.71 hlen:20 len:40 tos:0 id:10668 ttl:248 protocol:1 CheckSum:be7c
PROVIDER:icmp USER:none <8+32>
icmpType:Echo Reply icmpCode:0 id:1 seq:6
length:32
00000000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop
00000010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
[28.00713.00912](0.00994.00939) CAPTURE-00021 74/74
PROVIDER:ether USER:ip <14+60>
Available bytes:74
src:00-1a-73-26-9b-b4 dst:00-16-9c-38-78-40 length: 2048
PROVIDER:ip USER:icmp <20+40>
Available bytes:60
4 src:10.160.3.71 dst:134.48.6.129 hlen:20 len:40 tos:0 id:27336 ttl:128 protocol:1 CheckSum:3561
PROVIDER:icmp USER:none <8+32>
icmpType:Echo icmpCode:0 id:1 seq:7
length:32
00000000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop
00000010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi