Lab 3‐1: ARP Observation - sthompson2752/Network-Fundamentals GitHub Wiki

This lab involved observing how the Address Resolution Protocol, or ARP, operates via Wireshark.

Useful Commands/Instructions- sudo ip -s -s neigh flush all: This clears the ARP cache memory in Linux arp -n: This shows what is in the ARP cache in Linux Broadcast: This means that the message is being sent to all the computers in the network ff:ff:ff:ff:ff:ff : This is the destination MAC address used when a broadcast is sent out. ARP: Address Resolution Protocol broadcasts asking who has an IP address and receives unicast of the MAC address. ARP translates between IP and MAC addresses.

I had a hard time dumping the ARP cache at first. Professor Amy and I first tried the neigh flush all command without sudo in the front. This did not work so we added the sudo and I had to input my password for Kali. My ARP cache was successfully emptied after this. Additionally, when I was trying to filter the protocols to only show ARPs, I was typing ARP in all capitals and it was not working. I realized that I needed to type it in lowercase instead for Wireshark to recognize the protocol name and successfully filer to only show ARPs.