Assignment 3: Common Mistakes

Hi, These are the common mistake for assignment 3:

Q1-a) Do not explaining about the MAC address. For example, some student wrote “To obtain the IP address”.

Q1-c) Some students just wrote that they could not find the response to packet 9 but did not explain why.

Q2-b) Some students wrote that since the DHCP servers and capturing host have IP addresses with different prefix, they should be in two different subnets. However, we need to have the subnet mask to be able to jugde. The good news is that we did not deduct the mark for those without mentioning msubnet mask.

Q3-b) There were a confussion for this part with iterative and recursive queries in DNS. However, the question was about the reason that a client contacts three different DNS servers instead of one.

Q3-c) There were students which wrote the TTL of IP layer.

Q4-b) The man in the middle attack was mentioned by some student as the vulnerability of self-signed certificate. However, since the self-signed certificate is from a root CA, it is trustable.

Assignment 3: Solutions


a. To obtain the mac address of

b. The host with IP address of and MAC address of d4:be:d9:9d:97:e8. Each of them is fine.

c. No. Because directly responds within a standard frame to the not in the broadcast manner.

d. To query for the mac address of the IP

e. 127. The Mac address of IP which is 00:00:0c:07:ac:02.

f. The packet is a Gratuitous ARP message which is useful for the purposes below:

  • detect IP conflicts. When a machine receives an ARP request containing a source IP that matches its own, then it knows there is an IP conflict.
  • assist in the updating of other machines’ ARP tables.  Clustering solutions utilize this when they move an IP from one NIC to another, or from one machine to another. Other machines maintain an ARP table that contains the MAC associated with an IP. When the cluster needs to move the IP to a different NIC, be it on the same machine or a different one, it reconfigures the NICs appropriately then broadcasts a gratuitous ARP reply to inform the neighboring machines about the change in MAC for the IP. Machines receiving the ARP packet then update their ARP tables with the new MAC.
  • inform switches of the MAC address of the machine on a given switch port, so that the switch knows that it should transmit packets sent to that MAC address on that switch port.
  • Every time an IP interface or link goes up, the driver for that interface will typically send a gratuitous ARP to preload the ARP tables of all other local hosts. Thus, a gratuitous ARP will tell us that that host just has had a link up event, such as a link bounce, a machine just being rebooted or the user/sysadmin on that host just configuring the interface up. If we see multiple gratuitous ARPs from the same host frequently, it can be an indication of bad Ethernet hardware/cabling resulting in frequent link bounces.

Mentioning the Gratuitous ARP message and one of the above purpose is fine.

g. d4:be:d9:9d:b4:ba. This can be acheived from sender MAC address of any packet which has the source IP address of capturing host (


a. and

b. No. By finding the DHCP ack packets, we can find and as the source IP address. By finding the subnet mask for which is, we can find that they are not in the same subnet.

c. Two. We can obtain this by list all the DHCP Discover messages and then count the number of different mac address.

d. Because the capturing host wants to keep its previous IP address if it is possible.


a., and

b. The client may contacts several DNS server in parallel to save the time in the case of failure of one or when an address may not be cached in one DNS
server but may be cached in another.

c. 9 min and 31 second comes form DNS server.


a. The first certificate certifies the public key of, signed by “Go Daddy Secure Certificate Authority”. The second certificate certifies the
public key of “Go Daddy Secure Certificate Authority”, signed by “Go Daddy Root Certificate Authority”. The third certificate certifies the public key of “Go Daddy Root Certificate Authority”, signed by “Go Daddy Class 2 Certification Aut”.

b. Yes. A root CA can sign itself.

c. Packet 211 contains the master key encrypted with the public key of

Assignment 3: Clarification 1

Dear Students,

There were three typos in the pdf file of Assignment 3. We updated the pdf file and uploaded on the blog. Please either re-download the pdf file here or consider the three below points:

1. Question 3 – part (c) – second and third line: the correct URI is instead of

2.Question 4 – second line: the correct sentence is “Right click on Packet 145 and choose ..” instaed of “Right click on Packet 36 and choose ..”

3. Question 4 – forth line: the correct IP addres is “″ instead of “”