rap – utilizing Wireshark to check out Network web traffic Answers

Lab – making use of Wireshark to watch Network web traffic (Answers variation – Optional Lab)

Answers Note: Red font color or gray highlights indicate text that shows up in the answers copy only. Optional tasks are draft to improve understanding and/or to provide added practice.

You are watching: How is the mac address of the pinged pc obtained by your pc


* rap – making use of Wireshark to view Network traffic Answers 001


Part 1: Capture and Analyze regional ICMP Data in Wireshark

Part 2: Capture and Analyze remote ICMP Data in Wireshark

Background / Scenario

Wireshark is a software protocol analyzer, or “packet sniffer” application, offered for network troubleshooting, analysis, software and protocol development, and education. As data streams travel earlier and forth over the network, the sniffer “captures” every protocol data unit (PDU) and also can decode and also analyze its content according to the ideal RFC or various other specifications.

Wireshark is a advantageous tool for anyone working with networks and can be provided with many labs in the CCNA courses for data evaluation and troubleshooting. In this lab, friend will usage Wireshark to capture ICMP data packet IP addresses and Ethernet structure MAC addresses.

Required Resources

1 computer (Windows 7, 8, or 10 with internet access)Additional computers on a local-area network (LAN) will certainly be supplied to answer to ping requests.

Answers Note: This laboratory assumes the the student is utilizing a pc with internet access and can ping other PCs ~ above the regional area network.

Using a packet sniffer such as Wireshark may be taken into consideration a breach that the security policy of the school. That is recommended that permission be obtained prior to running Wireshark because that this lab. If utilizing a packet sniffer such together Wireshark is an issue, the Answers may wish to entrust the lab as homework or carry out a walk-through demonstration.

Part 1: Capture and Analyze local ICMP Data in Wireshark

In part 1 the this lab, you will ping one more PC ~ above the LAN and capture ICMP requests and also replies in Wireshark. You will also look inside the frames recorded for certain information. This evaluation should help to clarify how packet headers are supplied to transport data to their destination.

Step 1: Retrieve your PC interface addresses.

For this lab, friend will should retrieve your computer IP deal with and the network user interface card (NIC) physical address, likewise called the MAC address.

Open a command window, kind ipconfig /all, and then push Enter.Note the IP attend to of your computer interface, that description, and also its MAC (physical) address.

* lab – making use of Wireshark to watch Network traffic Answers 002

Ask a team member or team members because that their pc IP deal with and carry out your computer IP deal with to them. Perform not provide them v your MAC address at this time.Step 2: start Wireshark and also begin recording data.On her PC, click the windows Start button to watch Wireshark detailed as among the program on the pop-up menu. Double-click Wireshark.After Wireshark starts, click the catch interface to be used. Since we are using the wired Ethernet link on the PC, make sure the Ethernet alternative is top top the top of the list.
* laboratory – making use of Wireshark to check out Network traffic Answers 003

You can control the capture interface by click Capture and Options:

A perform of interfaces will display. Make certain the record interface is checked under Promiscuous.
* lab – using Wireshark to watch Network web traffic Answers 004

Note: We have the right to further regulate the interfaces top top the computer by click Manage Interfaces. Verify that the description matches what you listed in step 1b. Close the Manage Interfaces home window after verifying the exactly interface.

* rap – making use of Wireshark to view Network website traffic Answers 005

Note: you can also start the data catch by clicking the Wireshark symbol in the main interface.

Information will begin scrolling under the peak section in Wireshark. The data lines will appear in different colors based on protocol.

This information have the right to scroll by really quickly depending on what communication is taking place between your PC and the LAN. We can use a filter to do it simpler to view and work with the data that is being captured by Wireshark. Because that this lab, we are just interested in displaying ICMP (ping) PDUs. Kind icmp in the Filter crate at the peak of Wireshark and also press Enter or click on the Apply button (arrow sign) to view just ICMP (ping) PDUs.

This filter reasons all data in the top window to disappear, however you room still recording the traffic on the interface. Lug up the command prompt home window that you opened up earlier and ping the IP resolve that you obtained from your team member.

Note: If the pc of her team member does no reply to her pings, this may be because the computer firewall the the team member is blocking this requests. Please see Appendix A: permitting ICMP Traffic through a Firewall for information on how to enable ICMP traffic with the firewall utilizing Windows 7.Stop capturing data by clicking the Stop Capture icon.

Step 3: research the recorded data.In action 3, study the data the was generated by the ping request of her team member PC. Wireshark data is presented in three sections: 1) The top section displays the perform of PDU frames caught with a an overview of the IP packet info listed; 2) the center section lists PDU information for the frame selected in the top component of the screen and separates a caught PDU structure by its protocol layers; and also 3) the bottom section displays the raw data of each layer. The life data is presented in both hexadecimal and decimal form.

Click the first ICMP inquiry PDU frames in the peak section that Wireshark. An alert that the Source column has actually your computer IP address, and also the Destination column contains the IP resolve of the teammate computer that girlfriend pinged.
With this PDU frame still selected in the height section, navigate come the middle section. Click the plus sign to the left the the Ethernet II heat to watch the destination and source MAC addresses.

Does the source MAC resolve match her PC interface (shown in step 1.b)? ______ Yes

Does the location MAC attend to in Wireshark match your team member MAC address?

_____ Yes

How is the MAC attend to of the pinged PC derived by your PC?


The MAC attend to is obtained through an ARP request.

Note: In the preceding example of a recorded ICMP request, ICMP data is encapsulated inside an IPv4 packet PDU (IPv4 header) i m sorry is then encapsulated in an Ethernet II framework PDU (Ethernet II header) for infection on the LAN.

Part 2: Capture and Analyze remote ICMP Data in Wireshark

In part 2, you will ping remote hosts (hosts not on the LAN) and also examine the created data from those pings. You will then identify what is different around this data native the data check in component 1.

Step 1: Start capturing data ~ above the interface.Start the data catch again.
A window prompts friend to conserve the previously recorded data before starting another capture. That is not crucial to save this data. Click Continue there is no Saving.
With the record active, ping the complying with three website URLs:www.yahoo.comwww.cisco.comYou have the right to stop capturing data by clicking the Stop Capture icon.
Step 2: analyzing and assessing the data native the far hosts.Review the captured data in Wireshark and also examine the IP and MAC addresses that the three areas that girlfriend pinged. List the location IP and MAC addresses for every three places in the space provided.1st Location: IP: _____._____._____._____ MAC: ____:____:____:____:____:____2nd Location: IP: _____._____._____._____ MAC: ____:____:____:____:____:____3rd Location: IP: _____._____._____._____ MAC: ____:____:____:____:____:____IP addresses:,, (these IP addresses might vary)MAC address: This will be the same for all three locations. The is the physical address of the default-gateway LAN user interface of the router.What is far-reaching about this information?____________________________________________________________________________________The MAC addresses for every three places are the same.How go this information differ indigenous the regional ping info you got in component 1?________________________________________________________________________________________________________________________________________________________________________A ping to a local organize returns the MAC attend to of the computer NIC. A ping come a remote host returns the MAC address of the default gateway LAN interface.


Why go Wireshark display the actual MAC resolve of the neighborhood hosts, however not the really MAC attend to for the remote hosts?


MAC addresses for remote hosts room not known on the regional network, therefore the MAC deal with of the default-gateway is used. After the packet get the default-gateway router, the great 2 information is stripped native the packet and a brand-new Layer 2 header is attached v the location MAC deal with of the following hop router.

Appendix A: allowing ICMP Traffic through a Firewall

If the members of your team room unable to ping your PC, the firewall may be impede those requests. This appendix defines how to create a ascendancy in the firewall to enable ping requests. It also describes how to disable the brand-new ICMP preeminence after you have completed the lab.

Step 1: develop a new inbound rule enabling ICMP traffic v the firewall.From the Control Panel, click the System and Security option.
From the System and also Security window, click Windows Firewall.
In the left pane of the Windows Firewall window, click Advanced settings.
On the Advanced Security window, select the Inbound Rules option on the left sidebar and also then click New Rule… top top the appropriate sidebar.
This launches the New Inbound Rule wizard. ~ above the Rule Type screen, click the Custom radio button and click Next
In the left pane, click the Protocol and Ports option and also using the Protocol Type drop-down menu, choose ICMPv4, and also then click Next.
In the left pane, click the Name option and in the Name field, kind Allow ICMP Requests. Click Finish.
This new rule should enable your team members to receive ping replies from her PC.Step 2: Disabling or deleting the new ICMP rule.

After the lab is complete, you may want come disable or even delete the brand-new rule you developed in action 1. Making use of the Disable Rule option permits you to permit the dominion again at a later on date. Deleting the ascendancy permanently deletes that from the perform of inbound rules.

On the Advanced Security window, click Inbound Rules in the left pane and then locate the preeminence you produced in action 1.
To disable the rule, click the Disable Rule option. Once you pick this option, you will check out this option readjust to Enable Rule. You can toggle back and forth between Disable Rule and Enable Rule; the condition of the rule additionally shows in the Enabled shaft of the Inbound Rules list.

See more: The Populist Party Was Chiefly Composed Of A) Individual Farmers

To permanently delete the ICMP rule, click Delete. If you pick this option, you should re-create the dominance again to permit ICMP replies.