CMIT 265 ARP, MAC, ping, frames, IP stuff on XP. Name:____________________________ During this exercise don't use a web browser (once you've made a copy of this) or any other network application except what's specified below. Know how to copy and paste from CMD. What's your computer's NIC's MAC address? ___________________________ What's your computer's NIC's IP address? ___________________________ A MAC address is how many bits:_______ A MAC address is how many bytes:_______ A MAC address is how many hexadecimal digits:_________ The OUI is what part of and how much of the MAC address:______________ Use this website: www.coffer.com/mac_find (paste your MAC address) to identify the manufacturer of your NIC:____________________ In the Command Prompt run arp -a to see the ARP cache/table What IP to MAC address mappings does it have now, if any: ignore the 'static' ones, just look at the 'dynamic' ones of the Ethernet connection (ignore WiFi, VM etc.) __________________________ __________________________ There might be some or none. Your computer has recently sent something to the ones whose IP-to-MAC mapping is in the ARP cache. ping another computer in the LAN whom you know responds and whose MAC is not in the ARP cache. Run arp -a What line has been added to the ARP cache: __________________________ Before the ping Echo Requests were sent, your computer sent out an ARP Request broadcast into the LAN. Every computer in the LAN received it and looked at it but only the one with the requested IP address responded to you with a unicast ARP Response. ping 192.168.100.199 [Korea: or your switch/router's IP] What is its MAC address:______________________ What is the make/manufacturer of that NIC:___________________ Do a OUI lookup. Based on the who the maker is, what kind of device is this likely to be:________________ ping a non-existent host in [y]our network, i.e. an IP in your network that doesn't exist What does ping say:________________________________ Anything about this host in the arp cache:______________ ARP was unable to resolve this IP address to a MAC address. A non-existent host doesn't exist to reply to your ARP Request. The ping Echo Requests didn't leave your computer (why should they have, there was no one to send them to) ping an existing host that doesn't reply to pings (somebody's firewalled computer 192.168.100.TBD) The "Request timed out" indicates the host exists, the ping Echo Requests were sent to it but no Echo Responses were received back. Is that host in the ARP cache:___________ YES! moral of this is that firewalling the ping Request is useless for security. MAC addresses are only for communicating within ONE LAN! All communication to computers in other networks goes through the default gateway. Your computer is oblivious about those other networks, it only knows to send packets destined to them to the default gateway. EVERY frame that leaves your computer has your MAC address as the Source MAC field and the MAC address of the intended receiver as the Destination MAC field (unless it's a broadcast, in which case it has the special destination MAC address of all 1 bits (all Fs in hex: FF-FF-FF-FF-FF-FF)). If you're sending to a host in the LAN you send directly to it with its MAC address which you learn by first sending an ARP broadcast and then getting the ARP reply with the MAC address of who you want to send to (but looking first in the ARP cache/table). If sending to a host in any other network you send the frame to the default gateway (whose MAC address you also learn by ARP broadcast). Any MAC address learned by ARP is kept for a few minutes in the APR cache/table for the efficiency of reducing the time delay and the network clogging of ARP frames. ARP broadcasts are NOT forwarded by the default gateway into other networks. Wait until the default gateway's entry in the ARP cache has timed out. Then ping www.yahoo.com ping www.cenpac.net.nr Run arp -a to see the ARP cache now. Are any of those distant computers in the ARP cache?:_____ No MAC of any computer outside of the local network will ever be in the ARP cache. (unless you are in a sophisticated advanced network) What new entry is in the ARP cache:__________________ yes, it's the default gateway. What is the make/manufacturer of that NIC:___________________ ping the farside of your default gateway: Is it now in the ARP cache?:_____ ping the default gateway of the network next to yours, if you can determinet it: Is it now in the ARP cache?:_____ Use the 'netstat -e' command to see how many "packets" have been sent and received by the computer. (I believe 'packet' here actually means 'frame') Received Sent Unicast packets ________ _______ Non-unicast packets ________ _______ (non-unicasts are essentially broadcasts) ping a neighbor whose MAC address is not now in your ARP cache Do 'netstat -e' again: Received Sent Unicast packets ________ _______ Non-unicast packets ________ _______ (if there's no difference in Sent non-unicasts, do netstat -e again. There seems to be a lag in netstat's being updated.) Using simple subtraction, How many unicast packets were received _______ and sent ________ How many non-unicast packets were received _______ and sent ________ The sent non-unicast was the ARP broadcast your computer sent out to resolve your neighbor's IP address to its MAC address. Start a web browser, go to www.asia.umuc.edu. Do 'netstat -e' again: Received Sent Unicast packets ________ _______ Non-unicast packets ________ _______ Using simple subtraction, How many unicast packets were received _______ and sent ________ How many non-unicast packets were received _______ and sent ________ Some unicasts were sent to that web site (at least one requesting the web page and a request for each image in the page, and some addtional unicasts were sent as acknowledgements that chunks of the downloaded page and images had been received), many unicasts were received from that site containing the content of the page and images. netstat -sp icmp shows ICMP packet statistics. Received Sent Echo Replies ______ ____ Echos (requests) ______ ____ ping someone who replies, then do the command again: Received Sent Echo Replies ______ ____ Echos (requests) ______ ____ So by the advanced mathematical operation of subtraction, how many Echo Requests were sent:_____ and how many Echo Replies received:_____ Answer should be 4 each. Do it again until that happens.