Thumbs up just for the way she says ARP ARP ARP! Man my networking classes would've have been so much more fun with Shannon in them and I would've actually went to class LOL.
Great video! But I just wanted to add some supplemental information regarding ARP requests: ARP is used to match IP addresses to MAC addresses. MAC addresses are needed for a computer to know where to send information to on the data-link layer (OSI model). Because of this, your computer can't talk to other computers with just an IP address, it needs the MAC address. Your computer keeps MAC Addresses stored in the ARP table. If it doesn't have an entry for an IP address, it sends out a broadcast to all devices on the network asking 'Who has this IP?'. All devices on the network will hear this message, but only the one with the correct IP will respond and say "I do! Here is my MAC address!". Once it does that, your computer will add an entry for that IP address into its MAC table and the devices can now communicate. Why this is important to Wireshark: If you are seeing ARP requests for IPs that don't exist on your network, it's possible that someone is doing a ping scan (potentially malicious) or a service is misconfigured. You can use bad ARP requests to track down the PC that is sending them out and investigate why it is happening.
Would've liked to see a reply packet analyzed too. Just seeing one part of the conversation is a bit unfortunate. An arp poisioning attack would also be interesting.
Request and reply packets have the same format, so they could be analysed accordingly. There are sample captures on wireshark.org. Arp Posioning was coveres in hak5's very first season like 5 years ago, just search for hak5 arp poisoning like watch?v=EF3kZF6MLUo and watch?v=7YAhi0aikT8 and watch?v=7FQO5jisQoI ...
Thumbs up just for the way she says ARP ARP ARP!
Man my networking classes would've have been so much more fun with Shannon in them and I would've actually went to class LOL.
Great video! But I just wanted to add some supplemental information regarding ARP requests:
ARP is used to match IP addresses to MAC addresses. MAC addresses are needed for a computer to know where to send information to on the data-link layer (OSI model). Because of this, your computer can't talk to other computers with just an IP address, it needs the MAC address.
Your computer keeps MAC Addresses stored in the ARP table. If it doesn't have an entry for an IP address, it sends out a broadcast to all devices on the network asking 'Who has this IP?'. All devices on the network will hear this message, but only the one with the correct IP will respond and say "I do! Here is my MAC address!".
Once it does that, your computer will add an entry for that IP address into its MAC table and the devices can now communicate.
Why this is important to Wireshark:
If you are seeing ARP requests for IPs that don't exist on your network, it's possible that someone is doing a ping scan (potentially malicious) or a service is misconfigured. You can use bad ARP requests to track down the PC that is sending them out and investigate why it is happening.
David Sullivan Great info! Thanks for sharing.
Awesome!
It doesn't answer all my questions but it goes a long way to helping me learn all this stuff. Thanks for the video.
Would've liked to see a reply packet analyzed too. Just seeing one part of the conversation is a bit unfortunate. An arp poisioning attack would also be interesting.
Request and reply packets have the same format, so they could be analysed accordingly. There are sample captures on wireshark.org. Arp Posioning was coveres in hak5's very first season like 5 years ago, just search for hak5 arp poisoning like watch?v=EF3kZF6MLUo and watch?v=7YAhi0aikT8 and watch?v=7FQO5jisQoI ...
Love the way you teach this stuff you make it understandable
thats exactly what i needed. thanks alot.
What would you consider too many ARP requests? Where does normal traffic end and where does a broadcast begin?
Another one for the Favs folder.
What does the protocol say(or Shannon) , ARP ARP, ARP
How do I find the Source and Destination though?
Great video. Ty.
Awesome!
which type of broadcast ARP do. How ARP packet look like.
Arp arp arp arp arp arp I would say that for a while when I learn about arp in my class that used the Cisco networking academy aka netacad
cool story bro. tell us more.