Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Network sniffing and analysis has become a critical and necessary element of wor

ID: 3647137 • Letter: N

Question

Network sniffing and analysis has become a critical and necessary element of work for systems administrators, network admin, network engineers, security analysts, and many other niches within the realm of information technology. Wireshark is a free tool that allows you to quickly investigate connectivity and application problems. Download, install, and capture some local traffic from your home network. What data link communications do you see taking place? Does anyone see a term called ARP? What might this mean? Share your findings with the class.

Please take a look in the Webliography for the link titled Wireshark.

Explanation / Answer

The Address Resolution Protocol(ARP) is used to dynamically discover the mapping between a layer 3 (protocol) and a layer 2 (hardware) address. A typical use is the mapping of an IP address (e.g. 192.168.0.10) to the underlying Ethernet address (e.g. 01:02:03:04:05:06). ARP is used to dynamically build and maintain a mapping database between link local layer 2 addresses and layer 3 addresses. In the common case this table is for mapping Ethernet to IP addresses. This database is called the ARP_Table. Dynamic entries in this table are often cached with a timeout of up to 15 minutes, which means that once a host has ARPed for an IP address it will remember this for the next 15 minutes before it gets time to ARP for that address again. It can be used for Ethernet and other LANs, ATM, and a lot of other underlying physical addresses. ARP is used to obtain the MAC address of the destination machine with which we wish to communicate. The ARP is stateless, which means we can send a ARP reply even if one has not been asked for and such a reply will be accepted. Ideally when one wants to sniff the traffic originating from machine "ABC", you can ARP Spoof the gateway of the network. The ARP cache of "ABC" will now have a wrong entry for the gateway and is said to be Poisoned. This way all the traffic destined for the gateway will pass through your machine.

Related Questions

Network architecture defines the building blocks of a network as physical or fun
Question #3922761
Network delay and throughput (Computer Networking) Consider an unreliable transm
Question #3885121
Network endpoints and network devices have different security considerations and
Question #3593722
Network engineer problems. Please explain all the solutions. 1)How many subnets
Question #3786963
Network flow issues come up in dealing with natural disasters and other crises,
Question #3858349
Network goods differ from other types of markets studied in economics because th
Question #1195080
Network logs track the origin of hits on a faculty web site. They show that hits
Question #3220997
Network ports are entry points to any host on the Internet. If a socket is liste
Question #3717165

Navigate

Previous
Network security attacks can be classified as passive attacks and active attacks
Next
Network threaded C program please solve and write Execution of below code: gcc w