Scribd
Upload
23 views9 pages

331 - Analyzing Address Resolution

The document outlines a step-by-step process for analyzing ARP packets using a Packet Details pane. It includes instructions for recording specific details from two ARP packets, such as frame, Ethernet, and Address Resolution Protocol information. Additionally, it emphasizes comparing valid packets with suspicious ones to identify anomalies.

Uploaded by

wesleysanitnara0216
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views9 pages

331 - Analyzing Address Resolution

The document outlines a step-by-step process for analyzing ARP packets using a Packet Details pane. It includes instructions for recording specific details from two ARP packets, such as frame, Ethernet, and Address Resolution Protocol information. Additionally, it emphasizes comparing valid packets with suspicious ones to identify anomalies.

Uploaded by

wesleysanitnara0216
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Step 4:

● Expand the Frame entry in the Packet Details pane. Record some of the packet
details. You will compare data in this packet with data in the other packet.

arp_resolution: Packet 1: Frame details

Arrival Time

Frame Length

Protocols in Frame

Step 5:
● Expand the Ethernet II entry in the Packet Details pane. Record the values for
the following items:
arp_resolution: Packet 1: Ethernet details
Source Address

Destination Address

Step 6:
● Expand the Address Resolution Protocol entry in the Packet Details pane.
Record the values for the following items:
arp_resolution: Packet 1: Address Resolution Protocol details

Protocol Type

Opcode

Sender (source) MAC Address


Sender (source) IP Address

Target (destination) MAC Address

Target (destination) IP Address

Step 12:
● Again, the Packet Details pane tells us more about the packet. If necessary,
expand the Frame element in the Packet Details pane.
arp_resolution: Packet 2: Frame details

Arrival Time

Frame Length

Protocols in Frame
Step 14:
● If necessary, expand the Ethernet entry. Record the details:
arp_resolution: Packet 2: Ethernet details

Source Address

Destination Address

Step 15:
● If necessary, expand the Address Resolution Protocol element in the Packet
Details pane. Record the details.
arp_resolution: Packet 2: Address Resolution Protocol details

Protocol Type

Opcode

Sender (source) MAC Address

Sender (source) IP Address


Target (destination) MAC Address

Target (destination) IP Address

Step 29:
● Find the first ARP packet. (You can use an arp filter to simplify this.) In the
Info column, “Who has 172.16.0.107? Tell 172.16.0.1” appears to be a
broadcast message from your router. Record the following information using
your new custom columns.
arp_poison

Source

Src MAC

Destination
Dest MAC

Step 30:
● In the Packet Details pane, expand the Address Resolution Protocol element
and record the following information. You only need to record the ASCII
version of the MAC address (if it is provided.)
arp_poison: Details values

Opcode

Sender MAC Address

Sender IP Address

Target MAC Address


Target IP Address

Step 33:
● Find the ARP reply to this request. Record the following information in Packet
Details.
arp_poison: Reply values

Opcode

Sender MAC Address

Sender IP Address

Target MAC Address

Target IP Address
Step 37:
● In the last packet before the glitch (the ARP messages) and in the first packet
after the glitch, use Packet Details to record the information below and
compare a valid (good) packet with your suspicious (bad) packet.
arp_poison: good packet

Source

Src MAC

Destination

Dest MAC
arp_poison: bad packet

Source

Src MAC

Destination

Dest MAC

You might also like