Lab 3.1 ARP Observation - FlameSpyro/Tech-Journal GitHub Wiki

Today we used Wireshark software to filter out the ARP values and look closely at what data is being transferred. Something important to know is that Wireshark's filter system can work for IP addresses its just that it doesn't work at first. You need to start typing IP to start filtering a specific IP address. You can also change the colors of certain data types such as ARP in the view menu under a color menu selection.

Also in this lab:

• To access the admin command prompt, you need to search cmd but also right click the application and choose to run it as an admin to gain more access.

• To dump your ARP cache simply enter the command arp -d (sometimes about 3 times)

• The ipconfig command will give you basic info such as your ipv4 address or your default gateway

• As said above Wireshark has a filter system making searching for a specific set of activity super simple and easy to find.

• I ran into an issue where my ping ARPs weren't being recorded by Wireshark, I had a friend give me his previous Wireshark file and work with that.