ARP Lab Exercises

The following exercises are to familiarize you with the ARP protocol and its functionality as discussed in class. The following commands will be necessary in completing the following steps: arp, hostname, ifconfig, ping, ethereal (and perhaps tcpdump). Should any of these commands be unfamiliar, refer to the man page for that command.

Note: the ethereal sniffer sits on top of tcpdump and provides a nice window based UI for you to examine network packets. Since it sits on top of tcpdump, several of the command inputs are the same, such as the packet filters. This will require you to be familiar with tcpdump (or at least have access to the tcpdump man pages. You have been warned!)

Log on to the correct Linux partition of your machine (lone-day, ltwo-evening) and start an X window session.
Start at least 1 terminal window (you may find use for more).

Determine and make note of the host name of your machine.

Determine and make note of the hardware as well as the network addresses of your machine.

Examine you arp cache and view all of the entries in the cache.

Exchange this info with your neighbor (or someone else in the class). Start the sniffer program, and enter the following filter (NO, you do not type your_network_address) :
```
	arp host your_network_address
```
but don't click Start yet. Next, in an active termimal window, use the ping command to ping your neighbors machine, as follows:
```
	sleep 6 ; ping -c1 your_neighbors_network_address
```
This will give you 6 seconds to maximize the sniffer and click Start. You should now capture only ARP packets (to/from your machine) once the ping command executes. How many packets should you see? Carefully view the results, making sure you understand ALL of the relevant parts. Make sure the promiscuous mode of the network interface card is set.

Repeat step(s) 5. Note what is different this time.

Delete your neighbors entry from the arp cache and repeat step(s) 5 and 6 again.

NOTE: If you choose to print, ALWAYS USE PRINT PACKET, NOT PRINT!