1 johnson 02 05 23

Lab 3.1 ARP Observation

Objective: Observe Address Resolution Protocol operations and draw conclusions on how Layer 2 (MAC) and Layer 3 (IP) addresses interoperate.

Goals:

  • Understand how ARP is used between hosts on a LAN

  • Recognize the basic flow of ARP

  • Identify the role of broadcasts with ARP

Remember, for each lab your tech journal should include:

  • A brief (one sentence) summary describing what you did in the lab.

  • Any commands or instructions that you found useful and will need to use again in the future.

  • Any problems you ran into during the lab, and what troubleshooting steps you took to fix them.

  • Individual labs will also contain specific items to include or questions to answer within your tech journal. You'll find them at the very end of this document.

  1. Capture and Analyze an ARP Request

  2. Open you VM

  3. Clear the arp cache command “arp -d” if arp -d does not work try: netsh interface ip delete arpcache

  4. Make note of your default gateway (we did this in previous labs)

    • 192.168.3.250

  5. Open Wireshark and start a capture.

  6. Clear the arp cache command “arp -d”

  7. Open a terminal and ping the default gateway (we've done this before too!)

  8. Stop Capture

  9. Analyze Capture for ARP packets:

    • Deliverable 1: Find the ARP broadcast that your computer used to find the gateway's MAC address. Provide a screenshot that shows the source and destination MAC address of this broadcast.

Sender MAC: ec:13:db:c8:8e:81

Destination MAC: 00:00:00_00:00:00

    • Deliverable 2: Find the ARP reply from the gateway back to your computer. Provide a screenshot that shows the ARP reply packet indicating the MAC address for your gateway.

Gateway MAC: ec:13:db:c8:8e:81

VM ware MAC: 00:0c:29:84:a4:ca

    • Deliverable 3: What is the message sent in the ARP Request? What is the message sent in the ARP Reply?

Who has 192.168.3.250 Tell 192.168.3.108

192.168.3.250 is at ec:13:db:c8:8e:81

  1. Ping another student system on your LAN (We've done this).

    • Deliverable 4. Figure out how to create a display filter for ARP traffic only and provide a screenshot showing any ARP traffic related to your neighbor's system.

    • Deliverable 5. Using a piece of paper and a pencil/pen or even a whiteboard. Draw out the sequence of ARP request and Response

When pinging my partners virtual machine, 192.168.3.171 the first arp packet is requesting the mac address of my VM 192.168.3.188 and to tell that to my partners machine which I pinged. The socket packet is the answer telling 192.168.3.171 my mac address.

  1. Stop your current capture and start a new one, dump the arp cache

  2. Repeat the capture and ping- but this time ping Google's Public DNS server - 8.8.8.8

    • Deliverable 6. This is important.

    • What do you see in the ARP request and reply?

This image is asking who has my IP address and to tell my mac address to 192.168.3.171. This implies that my friend Michael has been pinging my machine.

This image shows that it is asking for the mac address of 192.168.3.250 and telling that machine to give my machine that address. This is the address of the default gateway.

    • Can you discern the MAC address for the google DNS server or not?

      1. No I could not, this is because of the mac address because each node in a network can only request the next machine's mac address and it does not know the mac address of the machines before it.

Tech Journal

Deliverable 7: Add link to typed up tech journal notes.

  • Make sure to document among other things, how to dump your arp cache in linux (see videos from module 2) in linux. Make sure to reflect on this exercise as well.

  • Optional, If you have administrator access to a Windows 10 system, can you figure out how to install wireshark, dump your arp cache, and capture the associated arp traffic to and from your default gateway? You will likely need to do this in follow on networking classes or in the likely event that you get a Windows VM in near future.

PreviousLab 3.2 notesNextWeek 5

Last updated