Information on this page may be paraphrased or copied from Champlain College materials. Avoid coping as you may be committing plagiarism. This is for note-taking and academic purposes only.

---

Lab 3-1: ARP Observation Lab

• Open the Kali Linux VM and type ip route

• Run sudo ip neigh flush all to clear the ARP history

• Use Wireshark to run a capture of a ping going to the instructor's workstation
• Packet 68 shows the ARP request for the 192.168.3.100 instructor's workstation from my 192.168.3.134.
• Request Source MAC Address: 00:0c:29:aa:19:9e
• Request Destination MAC Address: ff:ff:ff:ff:ff:ff (general broadcast MAC)
• Request Message: “Who has 192.168.3.100? Tell 192.168.3.134”

• This is the reply back to the ARP request of the instructor's IP address.
• Reply Source MAC Address: 48:21:0b:33:74:f7 (instructor’s workstation)
• Reply Destination MAC Address: 00:0c:29:aa:19:9e (my workstation)
• Reply Message: “192.168.3.100 is at 48:21:0b:33:74:f7”

• Next I recorded Wireshark, after clearing ARP again, when I pinged the google 8.8.8.8
• Request Source MAC: 00:0c:29:aa:19:9e
• Request Destination MAC: ff:ff:ff:ff:ff:ff
• Reply Source MAC: d0:81:c5:23:bd:80
• Reply Destination MAC: 00:0c:29:aa:19:9e
• ARP protocol only works with the LAN since it is communicating about data-link layer information, aka hardware information (the MAC is assigned by the hardware NIC). So, when a ping is sent outside of the LAN, the ARP protocol can only let us know the gateway’s MAC address in response since it is the closest to the edge of the LAN.