22.214.171.124 rap – utilizing Wireshark to check out Network web traffic Answers
Lab – making use of Wireshark to watch Network web traffic (Answers variation – Optional Lab)
Answers Note: Red font color or gray highlights indicate text that shows up in the answers copy only. Optional tasks are draft to improve understanding and/or to provide added practice.
You are watching: How is the mac address of the pinged pc obtained by your pc
126.96.36.199 rap – making use of Wireshark to view Network traffic Answers 001
Part 1: Capture and Analyze regional ICMP Data in Wireshark
Part 2: Capture and Analyze remote ICMP Data in Wireshark
Background / Scenario
Wireshark is a software protocol analyzer, or “packet sniffer” application, offered for network troubleshooting, analysis, software and protocol development, and education. As data streams travel earlier and forth over the network, the sniffer “captures” every protocol data unit (PDU) and also can decode and also analyze its content according to the ideal RFC or various other specifications.
Wireshark is a advantageous tool for anyone working with networks and can be provided with many labs in the CCNA courses for data evaluation and troubleshooting. In this lab, friend will usage Wireshark to capture ICMP data packet IP addresses and Ethernet structure MAC addresses.
Required Resources1 computer (Windows 7, 8, or 10 with internet access)Additional computers on a local-area network (LAN) will certainly be supplied to answer to ping requests.
Answers Note: This laboratory assumes the the student is utilizing a pc with internet access and can ping other PCs ~ above the regional area network.
Using a packet sniffer such as Wireshark may be taken into consideration a breach that the security policy of the school. That is recommended that permission be obtained prior to running Wireshark because that this lab. If utilizing a packet sniffer such together Wireshark is an issue, the Answers may wish to entrust the lab as homework or carry out a walk-through demonstration.
Part 1: Capture and Analyze local ICMP Data in Wireshark
In part 1 the this lab, you will ping one more PC ~ above the LAN and capture ICMP requests and also replies in Wireshark. You will also look inside the frames recorded for certain information. This evaluation should help to clarify how packet headers are supplied to transport data to their destination.Step 1: Retrieve your PC interface addresses.
For this lab, friend will should retrieve your computer IP deal with and the network user interface card (NIC) physical address, likewise called the MAC address.Open a command window, kind ipconfig /all, and then push Enter.Note the IP attend to of your computer interface, that description, and also its MAC (physical) address.
Ask a team member or team members because that their pc IP deal with and carry out your computer IP deal with to them. Perform not provide them v your MAC address at this time.Step 2: start Wireshark and also begin recording data.On her PC, click the windows Start button to watch Wireshark detailed as among the program on the pop-up menu. Double-click Wireshark.After Wireshark starts, click the catch interface to be used. Since we are using the wired Ethernet link on the PC, make sure the Ethernet alternative is top top the top of the list.
188.8.131.52 laboratory – making use of Wireshark to check out Network traffic Answers 003
You can control the capture interface by click Capture and Options:
Note: We have the right to further regulate the interfaces top top the computer by click Manage Interfaces. Verify that the description matches what you listed in step 1b. Close the Manage Interfaces home window after verifying the exactly interface.
Note: you can also start the data catch by clicking the Wireshark symbol in the main interface.
This information have the right to scroll by really quickly depending on what communication is taking place between your PC and the LAN. We can use a filter to do it simpler to view and work with the data that is being captured by Wireshark. Because that this lab, we are just interested in displaying ICMP (ping) PDUs. Kind icmp in the Filter crate at the peak of Wireshark and also press Enter or click on the Apply button (arrow sign) to view just ICMP (ping) PDUs.
This filter reasons all data in the top window to disappear, however you room still recording the traffic on the interface. Lug up the command prompt home window that you opened up earlier and ping the IP resolve that you obtained from your team member.
Note: If the pc of her team member does no reply to her pings, this may be because the computer firewall the the team member is blocking this requests. Please see Appendix A: permitting ICMP Traffic through a Firewall for information on how to enable ICMP traffic with the firewall utilizing Windows 7.Stop capturing data by clicking the Stop Capture icon.
Click the first ICMP inquiry PDU frames in the peak section that Wireshark. An alert that the Source column has actually your computer IP address, and also the Destination column contains the IP resolve of the teammate computer that girlfriend pinged.
Does the source MAC resolve match her PC interface (shown in step 1.b)? ______ Yes
Does the location MAC attend to in Wireshark match your team member MAC address?
How is the MAC attend to of the pinged PC derived by your PC?
The MAC attend to is obtained through an ARP request.
Note: In the preceding example of a recorded ICMP request, ICMP data is encapsulated inside an IPv4 packet PDU (IPv4 header) i m sorry is then encapsulated in an Ethernet II framework PDU (Ethernet II header) for infection on the LAN.
Part 2: Capture and Analyze remote ICMP Data in Wireshark
In part 2, you will ping remote hosts (hosts not on the LAN) and also examine the created data from those pings. You will then identify what is different around this data native the data check in component 1.Step 1: Start capturing data ~ above the interface.Start the data catch again.
Why go Wireshark display the actual MAC resolve of the neighborhood hosts, however not the really MAC attend to for the remote hosts?
MAC addresses for remote hosts room not known on the regional network, therefore the MAC deal with of the default-gateway is used. After the packet get the default-gateway router, the great 2 information is stripped native the packet and a brand-new Layer 2 header is attached v the location MAC deal with of the following hop router.
Appendix A: allowing ICMP Traffic through a Firewall
If the members of your team room unable to ping your PC, the firewall may be impede those requests. This appendix defines how to create a ascendancy in the firewall to enable ping requests. It also describes how to disable the brand-new ICMP preeminence after you have completed the lab.Step 1: develop a new inbound rule enabling ICMP traffic v the firewall.From the Control Panel, click the System and Security option.
After the lab is complete, you may want come disable or even delete the brand-new rule you developed in action 1. Making use of the Disable Rule option permits you to permit the dominion again at a later on date. Deleting the ascendancy permanently deletes that from the perform of inbound rules.On the Advanced Security window, click Inbound Rules in the left pane and then locate the preeminence you produced in action 1.
See more: The Populist Party Was Chiefly Composed Of A) Individual Farmers