![]() |
Networks -- CS 125CS 125 Lab - ArpDue date: Check the course for the due date. |
In this lab, you will use Wireshark to observe the ARP protocol in action.
This lab is based on a earlier Mike Erlinger's lab on observing ARP with Wireshark, which is in turn based on a lab from Kurose and Ross's Computer Networking.
You are to work in pairs. You will see that each step is divided into DO and ANSWER. Where DO is a step that may or may not require uploading a screen shot, i.e., proof that you did and understood this step. Where ANSWER requires a written answer from you. This is the part that determines your Lab grade. In entering material in your Lab Report, be sure to distinguish between DO and ANSWER.
Running the arp command may be problematic on some of the cs dept machines (protection issues). Let me or Tim know when you have access problems.
You may need to ask the system where arp is located...
DO: Read the man page on arp
: man 8 arp
.
If you think the discription is different than the lecture, let me know.
DO: Invoke arp -a or -n
to learn the contents of the workstation's ARP cache. Copy this into
your lab notebook.
ANSWER: Why are there so many entries?
DO: Invoke arp -s
. What happens? Are you surprised?
DO:
Invoke man 7 arp
to read about the Linux ARP kernel module.
ANSWER: What is the default amount
of time that an ARP entry remains in the cache before being removed?
ANSWER: What is the default amount of time that an entry remains in your ARP cache before being removed?
As you now know, The command
arp -s IPAddr EtherAddr
allows you to manually add an entry to the ARP cache.
ANSWER:
What happens if you get the IP address correct, but
mess up the Ethernet Address?
DO:
Read the man page for the arping
program. Try it
DO:
(probably hard to do)
Identify another host
on the network that is not your workstation
and not already in your ARP cache,
such as
wilkes.cs.hmc.edu
.
(You can use arp
, with no command-line arguments, to see the names of hosts in your ARP cache.)
What host did you choose?
Use nslookup
to find its IP address.
DO: Clear you ARP cache. ANSWER: How did you do it?
Start Wireshark and begin a trace.
Use arping
to send exactly one ARP request to your chosen host.
Stop the Wireshark trace.
Use the arp
program to verify that your chosen host is now in the ARP cache. (Note
that it will time out fairly quickly---If you don't see it, try arping
again without tracing in Wireshark.)
Tell Wireshark to show only protocols below IP.
Find the ARP request message from your workstation to the chosen host.
What are the hex values for the source and destination addresses in the Ethernet frame containing the ARP request message?
What do the 1 bits mean within the Flag Field?
Give the hex value for the two-byte Ethernet frame type field.
What is the ARP opcode? How many bytes into the Ethernet frame does it appear?
What are the four addresses in the ARP request? Why do you think that particular value was used for the target MAC address?
Find the ARP response message.
What is the value of the opcode field?
Where in the ARP response does the "answer" to the the ARP request appear?
Do you see other ARP messages in your trace? About how many? Are the addresses from these messages in your ARP cache? Why or why not?
Clear (if possible) your ARP cache again; do nothing for 2 minutes; and then print out your ARP cache. Why does your ARP cache have entries in it?
Quit Wireshark. Verify that the chosen host has timed out of the ARP cache.
I have no particular advice. If you think of anything, let me know!
In your lab notebook, include the requested output and your answers to questions from parts A and B, as well as answers to the discussion questions.
Based on the
contents of the ARP cache, what seems to be the range of addresses that
your workstation considers to be on its local area network? What would
the netmask be? Try using ifconfig
to test your hypothesis.
After you've done so,
go on-line and see if you can find any information on the CINE assignment
of addresses or HMC's assignment policy.
What do you think of the style of RFC 826 versus any later RFCs you've looked at?
About how long did this lab take to complete?
arp
or
Wireshark
.
Provide me the problem write-up and and your answers.
Highlight this material (somehow) on your lab notebook.
Last Modified Tuesday, 01-Oct-2019 13:13:36 PDT