Faculty of Electrical and Electronics Engineering

BEC41201 Computer
Networks Laboratory
Assigning IP Address to the Network:
Address Resolution Protocol
 BEC41201 Computer Networks Laboratory 2
Module 03 (M03): Assigning IP Address to the Network: Address Resolution Protocol

Table of Contents

OUTCOMES ......................................................................................................................................... 3
INSTRUCTIONS................................................................................................................................... 3
Pre Lab .................................................................................................................................................. 4
Case Study : ARP ................................................................................................................................ 4
Step 1: Capture a Trace ........................................................................................................................ 5
Step 2: Inspect the Trace .................................................................................................................... 10
Question .............................................................................................................................................. 13
Problem Crafting................................................................................................................................. 13
 BEC41201 Computer Networks Laboratory 3
Module 03 (M03): Assigning IP Address to the Network: Address Resolution Protocol

OUTCOMES: After completing this module, students should be able to:

Description Course Taxonomy
Learning Level
Outcome #
• apply the knowledge in term of software and 01 Cognitive
hardware of Computer Network and Advance Level 03
Microcontroller in lab work;
• organize good teamwork as an individual and in a 02 Psychomotor
group in performing the task given and presenting Level 04
report; and
• demonstrate leadership qualities and professional 03 Affective
ethics in solving engineering problems. Level 04

INSTRUCTIONS:
1. Case Study: This is group project (max 2 persons). Your group need to study, how
Assigning IP Address to the Networks by understand applying the Wireshark
software on ARP.

2. Problem Crafting: Practice your skills to solve the problems (assigned by your
instructor). Your solution requires you to see how ARP works.

3. Report Submission: Your group are required to submit the lab report within ONE
WEEK after your Problem Crafting session. Please submit the PDF version of your
report online before 10 a.m.

4. Report Organisation: Print and organise your report in the following order.
a. Cover of Report
b. Answers for Questions
c. Solution for Problem Crafting
d. Discussion
e. Conclusion
f. Reference

The report should include the answers to the questions as well as the graphs you
generated from the simulation scenarios. Discuss the results you obtained and
compare these results with your expectations. Mention any anomalies or
unexplained behaviours.
(Note: Starts new topic on new page. Please provide page numbering for each
page except the Cover of Report and Table of Contents.)

5. Penalty: Late submission will be penalised with a 5% score reduction per calendar
day.
 BEC41201 Computer Networks Laboratory 4
Module 03 (M03): Assigning IP Address to the Network: Address Resolution Protocol

Pre Lab
Read the topic on telecommunication protocol, ARP (Address Resolution Protocol). Briefly
explain the packet structure of ARP.

Case Study : ARP

Objective

To study IP Address of Networks and see how ARP works.

Overview
Address Resolution Protocol is an essential glue protocol that is used to join Ethernet and IP.
Wireshark: This lab uses the Wireshark software tool to capture and examine a packet trace. A
packet trace is a record of traffic at a location on the network, as if a snapshot was taken of all the bits
that passed across a particular wire. The packet trace records a timestamp for each packet, along
with the bits that make up the packet, from the lower-layer headers to the higher-layer contents.
Wireshark runs on most operating systems, including Windows, Mac and Linux. It provides a
graphical UI that shows the sequence of packets and the meaning of the bits when interpreted as
protocol headers and data. It color-codes packets by their type, and has various ways to filter and
analyze packets to let you investigate the behavior of network protocols. Wireshark is widely used to
troubleshoot networks. You can download it from www.wireshark.org if it is not already installed on
your computer. We highly recommend that you watch the short, 5 minutes video “Introduction to
Wireshark” that is on the site.

arp: This lab uses the “arp” command-line utility to inspect and clear the cache used by the ARP
protocol on your computer. arp is installed as part of the operating system on Windows, Linux, and
Mac computers, but uses different arguments. It requires administrator privileges to clear the cache.

ifconfig / ipconfig: This lab uses the “ipconfig” (Windows) or “ifconfig” (Mac/Linux) command-line
utility to inspect the state of your computer’s network interface. ifconfig/ipconfig is installed as part of
the operating system on Windows, Linux, and Mac computers.

route / netstat: This lab uses the “route” or “netstat” command-line utility to inspect the routes used by
your computer. A key route is the default route (or route to prefix 0.0.0.0) that uses the default
gateway to reach remote parts of the Internet. Both “route” and “netstat” are installed as part of the
operating system across Windows and Mac/Linux, but there are many variations on the command-
line parameters that must be used.

Browser: This lab uses a web browser to find or fetch pages as a workload. Any web browser will do.
 BEC41201 Computer Networks Laboratory 5
Module 03 (M03): Assigning IP Address to the Network: Address Resolution Protocol

Procedure
Procedure
Network Setup

We want to observe the ARP protocol in action. Recall that ARP is used to find the Ethernet address that
corresponds to a local IP address to which your computer wants to send a packet. A typical example of a
local IP address is that of the local router or default gateway that connects your computer to the rest of the
Internet. Your computer caches these translations in an ARP cache so that the ARP protocol need only
be used occasionally to do the translation. The setup from the viewpoint of your computer is as shown in
the example below.

ARP
packets Rest of
ARP cache Internet

Your computer Local router (default gateway)

e.g., IP addr = 128.208.2.151 e.g., IP addr = 128.208.2.100
Eth addr = 00:25:64:D5:10:8B Eth addr = <learned by ARP>

Figure 1: Network setup under which we will study ARP

Step 1: Capture a Trace

Proceed as follows to capture a trace of ARP traffic; alternatively, you may use a supplied trace. To gather
ARP packets, we will cause your computer to send traffic to the local router when it does not know the
router’s Ethernet address – your computer will then use ARP to discover the Ethernet address.
1. Find the Ethernet address of the main network interface of your computer with the ifconfig /
ipconfig command. You will want to know this address for later analysis. On Windows, bring up a
command-line shell and type “ipconfig /all”. On Mac/Linux, bring up a command-line shell and
type “ifconfig”. Among the output will be a section for the main interface of the computer (likely an
Ethernet interface) and its Ethernet address. Common names for the interface are “eth0”, “en0”,
or “Ethernet adapter”. Two examples are shown below, with our added highlighting.
 BEC41201 Computer Networks Laboratory 6
Module 03 (M03): Assigning IP Address to the Network: Address Resolution Protocol

Figure 2: Finding the computer's Ethernet address with ipconfig (Windows)

Figure 3: Finding the computer’s Ethernet address with ifconfig (Mac)

 BEC41201 Computer Networks Laboratory 7
Module 03 (M03): Assigning IP Address to the Network: Address Resolution Protocol

2. Find the IP address of the local router or default gateway that your computer uses to reach the
rest of the Internet using the netstat / route command. You should be able to use the netstat
command (“netstat –r” on Windows, Mac and Linux, may require ctrl-C to stop). Alternatively, you
can use the route command (“route print” on Windows, “route” on Linux, “route –n get default” on
Mac). In either case you are looking for the gateway IP address that corresponds to the
destination of default or 0.0.0.0. Two examples are shown below for netstat, with our added
highlighting.

Figure 4: Finding the default gateway IP address with netstat (Mac)

 BEC41201 Computer Networks Laboratory 8
Module 03 (M03): Assigning IP Address to the Network: Address Resolution Protocol

Figure 5: Finding the default gateway IP address with netstat (Windows)

3. Launch Wireshark and start a capture with a filter of “arp”. Your capture window should be
similar to the one pictured below, other than our highlighting. Select the interface from which to
capture as the main wired or wireless interface used by your computer to connect to the Internet.
If unsure, guess and revisit this step later if your capture is not successful. Uncheck “capture
packets in promiscuous mode”. This mode is useful to overhear packets sent to/from other
computers on broadcast networks. We only want to record packets sent to/from your computer.
Leave other options at their default values. The capture filter, if present, is used to prevent the
capture of other traffic your computer may send or receive. On Wireshark 1.8, the capture filter
box is present directly on the options screen, but on Wireshark 1.9, you set a capture filter by
double-clicking on the interface.
 BEC41201 Computer Networks Laboratory 9
Module 03 (M03): Assigning IP Address to the Network: Address Resolution Protocol

Figure 4: Setting up the capture options

4. When the capture is started, use the “arp” command to clear the default gateway from the ARP
cache. Using the command “arp –a” will show you the contents of the ARP cache as a check that
you can run “arp”. You should see an entry for the IP address of the default gateway. To clear
this entry, use the arp command with different arguments (“arp –d” on Windows, “arp –d –a” on
Mac, “arp –d xx.xx.xx.xx” where xx.xx.xx.xx is the IP address of the default gateway on Linux).
This usage of arp will need administrator privileges to run, so you may run as a privileged user on
Windows or issue “sudo arp –d xx.xx.xx.xx” on Linux/Mac. Note that the command should run
without error but the ARP entry may not appear to be cleared if you check with “arp –a”. This is
because your computer will send ARP packets to repopulate this entry as soon as you need to
send a packet to a remote IP address, and that can happen very quickly due to background
activity on the computer.
5. Now that you have cleared your ARP cache, fetch a remote page with your Web browser. This
will cause ARP to find the Ethernet address of the default gateway so that the packets can be
sent. These ARP packets will be captured by Wireshark. You might clear the ARP cache and
fetch a document a couple of times. Hopefully there will also be other ARP packets sent by other
computers on the local network that will be captured. These packets are likely to be present if
there are other computers on your local network. In fact, if you have a busy computer and
extensive local network then you may capture many ARP packets. The ARP traffic of other
computers will be captured when the ARP packets are sent to the broadcast address, since in
this case they are destined for all computers including the one on which you are running
 BEC41201 Computer Networks Laboratory 10
Module 03 (M03): Assigning IP Address to the Network: Address Resolution Protocol

Wireshark. Because ARP activity happens slowly, you may need to wait up to 30 seconds to
observe some of this background ARP traffic.
6. Once you have captured some ARP traffic, stop the capture. You will need the trace, plus the
Ethernet address of your computer and the IP address of the default gateway for the next steps.

Step 2: Inspect the Trace

Now we can look at an ARP exchange! Since there may be many ARP packets in your trace, we’ll first
narrow our view to only the ARP packets that are sent directly from or to your computer.

Set a display filter for packets with the Ethernet address of your computer. You can do this by entering an
expression in the blank “Filter:” box near the top of the Wireshark window and clicking “Apply”. The filter to
enter depends on your Ethernet address. For example, if your Ethernet address is 01:02:03:04:05:06 then
enter a filter expression of “eth.addr==01:02:03:04:05:06”. Note the double equal sign. If you are using
the supplied trace, it comes with an additional text file giving the Ethernet address and default gateway IP
address. After applying this filter your capture should look something like the figure below, in which we
have expanded the ARP protocol details.
 BEC41201 Computer Networks Laboratory 11
Module 03 (M03): Assigning IP Address to the Network: Address Resolution Protocol

Figure 5: Capture of ARP packets, showing details of a request

Find and select an ARP request for the default gateway and examine its fields. There are two kinds of
ARP packets, a request and a reply, and we will look at each one in turn. The Info line for the request will
start with “Who has …”. You want to look for one of these packets that asks for the MAC address of the
default gateway, e.g., “Who has xx.xx.xx.xx …” where xx.xx.xx.xx is your default gateway. You can click
on the + expander or icon for the Address Resolution Protocol block to view the fields:
• Hardware and Protocol type are set to constants that tell us the hardware is Ethernet and the
protocol is IP. This matches the ARP translation from IP to Ethernet address.
• Hardware and Protocol size are set to 6 and 4, respectively. These are the sizes of Ethernet and
IP addresses in bytes.
• The opcode field tells us that this is a request.
 BEC41201 Computer Networks Laboratory 12
Module 03 (M03): Assigning IP Address to the Network: Address Resolution Protocol

• Next come the four key fields, the sender MAC (Ethernet) and IP and the target MAC (Ethernet)
and IP. These fields are filled in as much as possible. For a request, the sender knows their MAC
and IP address and fills them in. The sender also knows the target IP address – it is the IP
address for which an Ethernet address is wanted. But the sender does not know the target MAC
address, so it does not fill it in.

Next, select an ARP reply and examine its fields. The reply will answer a request and have an Info line of
the form “xx.xx.xx.xx is at yy:yy:yy:yy:yy:yy”:
• The Hardware and Protocol type and sizes are as set as before.
• The opcode field has a different value that tells us that this is a reply.
• Next come the four key fields, the sender MAC (Ethernet) and IP and the target MAC (Ethernet)
and IP just as before. These fields are reversed from the corresponding request, since the old
target is the new sender (and vice versa). The fields should now be all filled in since both
computers have supplied their addresses.
 BEC41201 Computer Networks Laboratory 13
Module 03 (M03): Assigning IP Address to the Network: Address Resolution Protocol

Question
ARP request and reply

To show your understanding of an ARP exchange, draw a figure that shows the ARP request and reply
packets sent between your computer and the default gateway. Make it for the case we examined of your
computer doing an ARP for the default gateway. Label one packet the request and the other the reply.
Give the sender and target MAC and IP addresses for each packet; you can use Wireshark to inspect the
packets to get these values. Finally, circle the sought after Ethernet address on your drawing to show
where it comes from in the exchange.

Turn-in: Hand in your drawing of the ARP exchange.

Problem Crafting
Details of ARP over Ethernet
To look at further details of ARP, examine an ARP request and ARP reply to answer these questions:
1. What opcode is used to indicate a request? What about a reply?
2. How large is the ARP header for a request? What about for a reply?
3. What value is carried on a request for the unknown target MAC address?

ARP packets are carried in Ethernet frames, and the values of the Ethernet header fields are chosen to
support ARP. For instance, you may wonder how an ARP request packet is delivered to the target
computer so that it can reply and tell the requestor its MAC address. The answer is that the ARP request
is (normally) broadcast at the Ethernet layer so that it is received by all computers on the local network
including the target. Look specifically at the destination Ethernet address of a request: it is set to
ff:ff:ff:ff:ff:ff, the broadcast address. So the target receives the request and recognizes that it is the
intended recipient of the message; other computers that receive the request know that it is not meant for
them. Only the target responds with a reply. However, anyone who receives an ARP packet can learn a
mapping from it: the sender MAC and sender IP pair.

Examine an ARP request and reply to answer these questions:

4. What Ethernet Type value which indicates that ARP is the higher layer protocol?
5. Is the ARP reply broadcast (like the ARP request) or not?

Turn-in: Hand in your answers to the above questions.