Assignment 3 1: ARP Observation Lab - Hsanokklis/2023-2024-Tech-journal GitHub Wiki
Objective: Observe Address Resolution Protocol operations and draw conclusions on how Layer 2 (MAC) and Layer 3 (IP) addresses interoperate
Goals:
- Understand how ARP is used between between hosts on a LAN
- Recognize the basic flow of ARP
- Identify the role of broadcasts with ARP
Capture and Analyze an ARP Request
Open the terminal and run ip route
-
The default gateway is at 192.168.3.250
-
The Ip address of the Kali VM is 192.168.3.29
Clear the ARP cache with this command
- sudo ip neigh flush all
Open Wireshark in Kali and ping 192.168.3.100
Analyze the ARP packet capture
Q1: Find the ARP broadcast that your computer used to find the Instructor's MAC address
Who has 192.168.3.100? Tell 192.168.3.29
here is the ARP response
What is the source MAC address?
- 00:0c:29:4f:f3:42
What is the destination MAC address?
- ff:ff:ff:ff:ff:ff (the broadcast address)
The broadcast address is used to find the MAC of the device. Its asking who has this MAC?
Q2: Find the ARP reply from the instructor's workstation back to your computer.
Who has 192.168.3.29? Tell 192.168.3.100
here is the ARP response
What is the source MAC address?
- 48:21:0b:33:74:f7
What is the destination MAC address?
- 00:0c:29:4f:f3:42 (my MAC address)
Q3: What is the message sent in the ARP Request?
- Who has 192.168.3.100? Tell 192.168.3.29
What is the message sent in the ARP Reply?
- 192.168.3.100 is at 48:21:0b:33:74:f7
Clear the ARP cache and ping Google's Public DNS server 8.8.8.8
What do you see in the ARP request and reply? Can you explain what happened? If there is no arp request/reply try again, but start Wireshark before flushing the cache.
- The ARP request is being sent to the default gateway since we are not able to see the MAC address of Googles DNS server since it is not on our network. The reply sends back the MAC address of the default gateway.