Lab 3.1: ARP Observation - Hsanokklis/2022-2023-Tech-journal GitHub Wiki

Summary:

Doc Link

Part 1: Capture and Analyze an ARP request

  1. Clear the arp cache with the command "arp -d"

In order for this to work you have to put the host name after the command and go into root with the command "sudo su"

image

There is no entry because they have already been cleared

default gateway: 192.168.3.250

  1. Open WireShark and start a capture

  2. Open a terminal and ping the default gateway

  3. Stop Capture

  4. Analyze Capture for ARP packets

6. Find the ARP broadcast that your computer used to find the gateway's MAC address

image

image

broadcast messages will be sent with a destination MAC address of all f's

This is the ARP request:

image

I know this is sent from my computer because the address is 192.168.3.135(which is the address of the computer )

7. Find the ARP reply from the gateway back to your computer. What is the MAC address of the gateway?

image

The MAC address being sent from the gateway back to my computer

image

This is the ARP reply with the gatewat's MAC address.

  1. What is the message sent in the ARP Request? What is the message sent in the ARP Reply?

The message sent in the ARP request, is "Who has 192.168.3.250?" meaning at what MAC address does that IP address belong to. In the ARP reply the device at that IP address says "192.168.3.250 is at ec:13:db:c8:8e:81", and sends that back to the IP address that first asked for the MAC in the ARP request.

image

  1. Ping another student system on your LAN

10. Figure out how to create a display filter for ARP traffic only and provide a screenshot showing any ARP traffic related to your neighbor's system.

image

Pinging Lily's VM

image

11. Draw out the sequence of ARP request and Response to and from your neighbor.

  1. Stop your current capture and start a new one, dump the arp cache

image

image This is on my ARP table right now(command arp -a)

  1. Repeat the capture and ping- but this time ping Google's Public DNS server - 8.8.8.8

image

image

The MAC of the default Gateway

14. What do you see in the ARP request and reply? Can you discern the MAC address for the google DNS server or not? Can you explain what happened?

No you are not able to discern the MAC of the DNS server because ARP only works within a LAN so it will not work to get Googles DNS server address.