In this lab we used Wireshark to observe and learn about MAC addresses. The first instruction I found useful was "ip route show" I only knew the windows ifconfig /all so it was nice to know the linux version too. I also knew how to sort the results on Wireshark from a previous class but it's always a nice reminder and it makes searching so much easier. One thing I noticed and I'm not sure if I did something wrong or ran into a problem but when it got to the second part of the lab and I pinged the timeslive link I got the same destination address as I did when I pinged my default gateway. I'm not sure if I was looking in the wrong place or not. I just wanted to note that. I ran it again to double check that I wasn't just accidentally looking at the old Wireshark capture but the same thing occurred.

Questions

What is a MAC address and what are its components?

A MAC address is a number (12 digits-hexadecimal usually) that uniquely identifies a device that's in a network. It's given when the device is being made by the manufacturer and it is usually found on the NIC. The MAC address is made up of 2 parts. The first 6 characters are the "Block ID" or the OUI, that part is associated with the manufacturer and each manufacturer has a unique one. The second part is made up of the last 6 characters and is the "Device ID" which represents the NIC.

How to get a MAC address?

On Linux you can put "ifconfig" into the command line.

What is Wireshark and how to use it?

Wireshark is a packet capture tool. It captures activity on a network and allows you to view it and analyze it. It allows you to sort types of information as well which helps narrow down on specific activity. I'm not sure I understand the "how to use it" part of the question but I'll do my best to answer. You choose the network you want to track. For example in this lab we clicked eth0. Then you click the little blue fin in the corner to start capturing traffic and click the red square to stop. Then you can filter by using the search bar in the top or clicking any of the columns, which will group them together. Then to more closely inspect the traffic you can click on it and it gives you information about the traffic along with hexadecimal writing at the bottom, which I assume is just the information translated into hex but I don't actually know for sure.

How to find a protocol in Wireshark.

To find a protocol in Wireshark you can type in the search bar. For example I wanted to find the ping traffic for this lab so I typed in ICMP and isolated that protocol.