Lab 3.1 ARP Observation - lizzy9596/my-tech-journal GitHub Wiki

Goals:

Understand how ARP is used between hosts on a LAN Recognize the basic flow of ARP Identify the role of broadcasts with ARP

Capture and Analyze an ARP Request

1. Open you VM

2. Clear the arp cache command “arp -d” if arp -d does not work try: netsh interface ip delete arpcache

3. Make note of your default gateway (we did this in previous labs)

4. Open Wireshark and start a capture.

5. Clear the arp cache command “arp -d”

6. Open a terminal and ping the default gateway (we've done this before too!)

7. Stop Capture

Analyze Capture for ARP packets:

Deliverable 1: Find the ARP broadcast that your computer used to find the gateway's MAC address. Provide a screenshot that shows the source and destination MAC address of this broadcast.

shows the source and destination MAC address of this broadcast.

Deliverable 2: Find the ARP reply from the gateway back to your computer. Provide a screenshot that shows the ARP reply packet indicating the MAC address for your gateway.

Deliverable 3: What is the message sent in the ARP Request? What is the message sent in the ARP Reply?

Ping another student system on your LAN.

Deliverable 4. Figure out how to create a display filter for ARP traffic only and provide a screenshot showing any ARP traffic related to your neighbor's system.

Deliverable 5. Using a piece of paper and a pencil/pen or even a whiteboard. Draw out the sequence of ARP request and Response to and from your neighbor. Take a picture of this with a mobile device and include it as part of your deliverable.

Stop your current capture and start a new one, dump the arp cache

Deliverable 6. Repeat the capture and ping- but this time ping Google's Public DNS server - 8.8.8.8 This is important. What do you see in the ARP request and reply? Can you discern the MAC address for the google DNS server or not? Can you explain what happened?

The only issue I had in this lab was trying to run the arp command in the cmd prompt not as administrator.