Lab 5.2.

2 - ARP with Wireshark

Name: Date: Class:

In this lab you will learn how to use the Wireshark application for packet capture and network traffic
analysis. First watch this video to get an overview of Wireshark and a brief demonstration of how to use
the features. (https://vimeo.com/579540878) Here are some key points about Wireshark:

• Data goes across a network in “packets” (more details about that in the next unit).

• Wireshark is a network packet analyzer - aka packet sniffer

• Wireshark can capture a copy of the data as it goes across a LAN between devices.

• That means a user can examine all parts of the data packets telling us who it went to, what time, the
actual message inside and lots more.

• Use for good – troubleshoot a network to see why there is too much traffic or packets are being list.
• Use for bad – steal plaintext passwords or files that are being transmitted.

Instruction:

• Go to CYBER.ORG Range (https://apps.cyber.org)

• Click on the Range tab, then click on Launch Kali and Launch Windows7.

• Once the status changes to booted for Windows 7, click Open.

• In the bottom left, click the Start button and search for Network and Sharing Center

• In the pop-up window, select the Public Network and change it to Home

• Open a command prompt on your Windows computer

To open the command prompt in Windows: Click the Start button in the lower left, then
type “cmd” and click Enter
• Type ipconfig

• In the results, look for “Ethernet adapter Local Area Connection 2”

GALANTECH with

1
GARDEN STATE CYBER
Copyright © 2024 Cyber Innovation Center
All Rights Reserved. Not for Distribution.
 What is the IPv4 address of this computer?

• Switch to the Kali machine by selecting Machines in the top right corner of your webpage

• Open a command prompt on your Kali.

• Type ifconfig

• In the results, scroll down to find “ether xx:xx:xx:xx:xx:xx”

What is the MAC address of this computer? (The xx:xx:xx:xx:xx:xx)

What is the IPv4 address of this computer?

• Type sudo wireshark

• On the main screen, click the blue fin to start. Wireshark will now start capturing any packets that
travel to or from the Kali Linux machine

GALANTECH with

2
GARDEN STATE CYBER
Copyright © 2024 Cyber Innovation Center
All Rights Reserved. Not for Distribution.
 • Leave Wireshark open and open another Command prompt window. You will now try to contact the
Windows device using the ping command. PING is a command prompt command that sends small
packets to another device and asks for a reply. It is most often used to test connectivity between
two devices.

Type ping –c 4 10.15.x.x (Make sure to replace the x’s with the two numerals for YOUR
Windows 7 machine)

• Stop the Wireshark capture by clicking on the red box in the upper left.

• Click the Protocol tab to sort by protocol. Scroll up to the top and you will see ARP packets.
Remember, ARP (Address Resolution Protocol) is a tool used by devices on the same network to
find the MAC address associated with an IP address.

Look in your capture results for the ARP packets. The Kali machine asks who has 10.15.x.x. Below enter
the MAC address of the replying device:

• We can also find the MAC addresses of the devices we communicate with by examining the arp
table. Return to the Command prompt window:
Type arp -a

GALANTECH with

3
GARDEN STATE CYBER
Copyright © 2024 Cyber Innovation Center
All Rights Reserved. Not for Distribution.
 • Look at your results:
What is listed as the Physical Address for the Windows machine?

Does this match the information gathered from the Wireshark capture?

• Now clear the arp table

Type sudo ip -s -s neigh flush all

• Check to see that it is cleared (the 10.15.0.1 address will still be there).
Type arp - a
• Partner with another classmate and repeat the previous steps pinging your classmate’s machines!

GALANTECH with

4
GARDEN STATE CYBER
Copyright © 2024 Cyber Innovation Center
All Rights Reserved. Not for Distribution.