ARP

Dumping ARP cache

ON windows use the arp -d command or netsh interface ip delete arpcache. On linux use ip -s -s neigh flush all to clear all ARP entries or arp -d "ip" to clear one entry. These need root or administrator permissions.

Capturing ARP Packets

Using wireshark first open the CMD and clear the arp cache a few times then start a wireshark capture. Next clear the data one more time and then ping athe ip on the network. Stop the capture and filter by arp. This will show the arp request in wireshark. If an ip outside of the network is pinged the arp will only reply with the default gateway MAC.