Upload
ericherrera09
View
220
Download
0
Embed Size (px)
Citation preview
8/12/2019 CST 3607 ARP lab
1/7
3607
Arp Lab
STEP 1Ran IPconfigresults:
IP address: 192.168.5.100Subnet Mask: 255.255.255.0Default Gateway: 192.168.5.1
Typed arpaThis command gave me a list of all the devices with a NIC, their IP address, and
their MAC address. I also see a broadcast IP, and other IP address that begin with 239 and
another one beginning with 224.
1.1 What entries if any are in the ARP table?
C:\windows\system32>arp -a
Interface: 192.168.5.100 --- 0xe
Internet Address Physical Address Type
192.168.5.1 00-18-f8-43-85-66 dynamic192.168.5.105 e8-92-a4-ed-9e-2f dynamic
192.168.5.109 bc-3b-af-21-b4-18 dynamic
192.168.5.110 58-b0-35-03-32-52 dynamic192.168.5.111 4c-b1-99-60-2c-a4 dynamic
192.168.5.114 30-f7-c5-1a-37-b3 dynamic
192.168.5.116 28-37-37-a0-21-f3 dynamic
192.168.5.118 a8-e3-ee-0c-c0-c8 dynamic192.168.5.119 00-22-43-4e-f4-21 dynamic
192.168.5.255 ff-ff-ff-ff-ff-ff static
224.0.0.2 01-00-5e-00-00-02 static224.0.0.252 01-00-5e-00-00-fc static
224.0.0.253 01-00-5e-00-00-fd static
239.192.83.80 01-00-5e-40-53-50 static239.192.152.143 01-00-5e-40-98-8f static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
1.2 Why are there entries or no entries?
There are entries because the ARP, or Address Resolution Protocol, is used to convert IP
addresses into a physical address. It resolves network layer addresses into link layer addresses.What ARP -a does is it displays current ARP entries by interrogating the current protocol data. If
more than one network interface uses ARP, entries for each ARP table are displayed.
STEP 2:
8/12/2019 CST 3607 ARP lab
2/7
Running WiresharkCapture Interface Atheros
On my Arpa table, there is no 192.168.5.111 so I pinged it.
C:\windows\system32>ping 192.168.5.111
Pinging 192.168.5.111 with 32 bytes of data:Request timed out.Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.5.111:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
On my Wireshark capture, there was a ARP request for who has 19.168.5.111 and a reply came
back with a MAC address.
Upon giving the command ARPa again, at a glance right under 192.168.5.110 was
192.168.5.111 and with the same MAC address from the Wireshark capture.
2.1 Why might the first ping take longer than the rest?
The first ping might take longer than the rest because it has to find the path first by asking
around. Once a path has been found, the rest follow.
8/12/2019 CST 3607 ARP lab
3/7
Step 3:
1ARP Ethernet & ARP Request
2. ARP Ethernet & ARP Reply
3.1 For both the ARP request and ARP reply explain each field in the Ethernet frame and
in the ARP packet.
The Ethernet frame in the request displays a broadcast message that was sent to all the devices in
the network to see who has the IP address 192.168.5.111. It carries the source MAC address of
the sender. The destination field has Broadcast (ff:ff:ff:ff:ff:ff) and it is the MAC address to the255.255.255.255 IP address which is the broadcast for my network. The address: Broadcast
(ff:ff:ff:ff:ff:ff) is the source or destination hardware address. The source field has the
information of the sending device. It has the MAC address of the machine I used to make theARP request. And underneath that, it informs what type it is.
The Address Resolution Protocol packet header has a hardware type: field which describes thelayer 2 type used. In this case its Ethernet. The protocol type is the higher-layer protocol for
8/12/2019 CST 3607 ARP lab
4/7
which the ARP request is being used (IP). The Hardware size tells the length of the hardware
address in use. It is 6 bytes for Ethernet. The protocol size tells the length of the logical address
of the specified protocol type. It is 4 for Ethernet. But these two fields are one byte each. The
OpCode is the operation code which tells the function of the ARP packet which would be request(1) or reply (2). The sender MAC address and IP address belong to the senders machine and the
target MAC address is left blank because this value is unknown. The target IP address is knownsince it is the address I pinged.
In the ARP reply, the Ethernet header has fields Destination & Address, both values are the
MAC address of my machine (initially the sender, now the receiver). The source field tells theMAC address of the sender of the ARP reply.
The Address Resolution Protocol packet will have the same information from Hardware type to
Protocol Size. The Opcode is different this time as this is a reply to my request. This ARP reply
came from the 4c:b1:99:60:2c:a4 MAC address with the IP address that I asked about. The targetMAC and IP address are both the machine I am using.
3.2 Explain why the ARP process needed to take place.
The ARP processes need to take place because MAC addresses are used for
communication on a single network at layer 2.
3.3 Explain the reason why the ARP request is a broadcast and the ARP reply is a unicast.
The ARP requests are broadcast because the sender doesnt know the MAC address thatbelongs to the IP address pinged. Therefore, it sends a message to broadcast ff:ff:ff:ff:ff:ff asking
every device its IP address and MAC address. The reply comes from the machine whose IP
matches the one requested and sends a reply message to the source machine. This is considered a
unicast because it is sent to only one device.
STEP 4:
C:\windows\system32>arp -d
C:\windows\system32>arp -a
Interface: 192.168.5.100 --- 0xe
Internet Address Physical Address Type
192.168.5.1 00-18-f8-43-85-66 dynamic
After deleting my ARP table, I verified an empty table and then pinged www.google.com
8/12/2019 CST 3607 ARP lab
5/7
STEP 5:1. Img of wireshark capture after pinging www.google.com
5.1 Explain why the ARP request was for the default gateway and not the IP address of the
ping. How did the host decide this?
The ARP request was for the default gateway and not the IP address of the ping because
when an address that is not in my network is pinged, it automatically sends the request to the
default gateway which is my router because it will have another table that connects the outernetworks to my network.
6.1 What is the command to create a static ARP entry? Create a static ARP entry to
another device on the local network. Show the commands and the outputs. What is the
advantage of a static ARP entry?
The command to create a static ARP entry is: ARPs [IP address] [MAC address]
The advantage of a static ARP entry is that it will never change. This should be used for
commonly-used devices so that there is no need to create a map to the desired device over andover again.
6.2 How long does ARP entries stay in the ARP table? Is this dependent upon the
Operating System?
It is dependent on whether the device is statically or dynamically stored. Static ARP
entries remain in the cache permanently, whereas dynamic ARP entries are only kept for a periodof time.
8/12/2019 CST 3607 ARP lab
6/7
8/12/2019 CST 3607 ARP lab
7/7
Identify the first two packets that are ARP packets.
For packets that are ARP packets fill in the following information. Convert the IP
numbers to dotted decimal. Arp operation names are request and reply.
Packet ___ARP_______
Layer 2 Dest address e8:40:f2:e0:26:69___ Layer 2 Src Address __4c:b1:99:60:2c:a4__Layer 2 code for encapsulated data ___Frame________________
Hardware Type ___Ethernet__ Layer 3 Protocol Type _____IP______
Hardware Addr Length __6____ Layer 3 Addr Length ____4____________
Arp Operation Code and Name _Code:2__________ _______Reply________Sender Hardware address ______4c:b1:99:60:2c:a4____________
Sender IP address ___11000000(192)__. _10101000(168)_. _00000101(5)__._01101111(111)_
Target Hardware Address ____ e8:40:f2:e0:26:69_______________
Target IP Address 11000000(192)__. _10101000(168)._00000101(5)._ 01100100_(100)
Packet ___ARP_______Layer 2 Dest address _ff:ff:ff:ff:ff:ff__ Layer 2 Src Address e8:40:f2:e0:26:69__
Layer 2 code for encapsulated data FRAME__
Hardware Type __Ethernet (1)_ Layer 3 Protocol Type ____IP______
Hardware Addr Length __6________ Layer 3 Addr Length ___4_____________Arp Operation Code and Name _Code:1____________ ___Request_________
Sender Hardware address __ e8:40:f2:e0:26:69______________________________________
Sender IP address 11000000(192)__. _10101000(168)._00000101(5)._ 01100100_(100)
Target Hardware Address ____ ff:ff:ff:ff:ff:ff _
Target IP Address 11000000(192)__. _10101000(168)_. _00000101(5)__._00000001(1)