ARP Observation - tmansfield42/Tech-Journal GitHub Wiki

ARP Observation

Summary

In this lab we used Wireshark to look at the ARP requests and replies by pinging other devices in our building's LAN. We looked at the source/destination MAC addresses

https://docs.google.com/document/d/1AnMG5-O3duGihsuEW0ZM0cP-4LrWAW_3FAtkpl_xW1k/edit

Procedure

  1. clear the ARP cache. arp -d
  2. note your default gateway
  3. ping the default gateway
  4. capture this ping in wireshark
  5. Find the ARP broadcast that your computer used to find the gateway's MAC address. Provide a screenshot that shows the source and destination MAC address of this broadcast.
  6. Find the ARP reply from the gateway back to your computer. Provide a screenshot that shows the ARP reply packet indicating the MAC address for your gateway.
  7. What is the message sent in the ARP Request? What is the message sent in the ARP Reply?
  8. ping another student's system on your LAN.
  9. Figure out how to create a display filter for ARP traffic only and provide a screenshot showing any ARP traffic related to your neighbor's system.
  10. Using a piece of paper and a pencil/pen or even a whiteboard. Draw out the sequence of ARP request and Response to and from your neighbor. Take a picture of this with a mobile device and include it as part of your deliverable.
  11. ping google (8.8.8.8)
  12. This is important. What do you see in the ARP request and reply? Can you discern the MAC address for the google DNS server or not? Can you explain what happened?