Exploring ARP with Wireshark
you have to watch this video and
Exploring ARP with Wireshark
For this lab you should execute the following steps and answer the associated questions using the same format as other labs in the course.
Go to the start menu and click on it. At the search tab type cmd this will open the command mode window.
At the command prompt type ARP -a to show the current contents of the arp cache (if it is empty ping something e.g. ping 192.168.40.1 and try again)
Copy the contents of the arp cache and enter them in your report.
At the command prompt type ipconfig to see the network settings for this machine. From this information identify the IP address of your machine and the ipaddress of the default gateway. Compare the ipaddress of the default gateway to the contents in your arp cache and match it to the gateways physical address (in the case where you cannot find it just try to ping the default gateway and then execute ARP -a again and you will see it). Explain why you need the default gateway in your system and why you need the physical address of that machine.
Start Wireshark and set it to filter on ARP and ICMP messages.
Go back to the command window and ping a machine on another bench in the room. (e.g. if I were sitting at the 192.168.40 bench I could ping the router on the bench next to me ping 192.168.50.1).
Collect the data and explain what the following: What arp messages do you see and what MAC addresses are being sought corresponding to which IP addresses? Is one of those IP addresses the designated gateway? Why would that be the case?
Take the arp request and arp reply messages that coincide (any pair) and explain every detail of the Frame Level (ethernet) and ARP fields that you see. Provide every detail you can think of.
Go back to the Wireshark and find the echo request. Copy this message to the report and show the destination address in the frame headerÂ…whose is it? Why would it be directed there?
Answer the following questions:
What do you think the finite state machine of ARP looks like?
What happens when you make an arp request and there is no reply (check the ARP RFC)?
What do you think is the optimum refresh interval for the arp cache? How might this correspond to the DHCP IPv4 lease parameter? (yes you have to look it upÂ…:-)