Step 1: PC A ping 192.168.10.2
SIP: 192.168.10.1
DIP: 192.168.10.2
SMAC: A
DMAC:?
Step 2: PC A checks ARP table for MAC information. But for now ARP the table has no cache information yet.
Step 3: Because PC A does not know what 192.168.10.2 has MAC.
Step 4: And PC A recognizes that SIP and DIP are on the same network.
Step 5: PC A will send ARP Request to ask what is 192.168.10.2 with MAC. ARP Request packet carries the information of PC A in the Sender IP and Sender MAC. And the target IP field is to ask what this IP has a MAC, so the field target MAC is empty. And then encapsulation down layer 2, DMAC field is broadcast 12 letters F. Send Broadcast ask all PCs in the network.
Step 6: PC B receives ARP Request packet which will update Sender IP and Sender MAC into ARP table of PC B.
Step 7: PC B will reply ARP Request packet with ARP Reply packet. Sender IP and Sender MAC are information of PC B. Target IP and Target MAC are Used to send to PC A.
Step 8: PC A will update the information received by PC B in the ARP table.
PC A send ICMP Request to PC B.
SIP: 192.168.10.1
DIP: 192.168.10.2
SMAC: A
DMAC: B
PC B will reply with the ICMP Reply.
SIP: 192.168.10.2
DIP: 192.168.10.1
SMAC: B
DMAC: A
We will setup the lab as shown above. Here I use VMWARE. We run 2 virtual machines win xp1 and win xp2. I use Windows XP for lightweight. You can use any system is fine. To connect 2 computers together. We connect 2 computers using VMnet1. On menu we select item "VM" -> "Settings".
We choose "Custom:" -> VMnet1. We do the same on 2 computers. So 2 PCs already Connected together.
First we check ARP on PC A. We open "cmd", then type arp -a to check the ARP Table.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C: \ Documents and Settings \ Administrator> arp -a
No ARP Entries Found
We see that the ARP table is currently empty. We use wireshake software to capture ARP packet.
We choose the card "Local Area Connection", then click start to start capturing data on this network card.
We check the IP and MAC of PC A.
C:\Documents and Settings\Administrator>ipconfig/all
Windows IP Configuration
Host Name. . . . . . . . . . . . : winxp1
Primary Dns Suffix. . . . . . . :
Node Type. . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix. :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 02-AA-AA-AA-AA-AA
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.1
Subnet Mask. . . . . . . . . . . : 255.255.255.0
Default Gateway. . . . . . . . . :
C:\Documents and Settings\Administrator>
PC A ping 192.168.10.2.
C:\Documents and Settings\Administrator> ping 192.168.10.2
Pinging 192.168.10.2 with 32 bytes of data:
Reply from 192.168.10.2: bytes = 32 time <1ms TTL = 128
Reply from 192.168.10.2: bytes = 32 time <1ms TTL = 128
Reply from 192.168.10.2: bytes = 32 time <1ms TTL = 128
Reply from 192.168.10.2: bytes = 32 time <1ms TTL = 128
Ping statistics for 192.168.10.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
successful ping. We check the ARP table again.
C:\Documents and Settings\Administrator> arp -a
Interface: 192.168.10.1 --- 0x2
Internet Address Physical Address Type
192.168.10.2 00-0c-29-73-24-8b dynamic
C:\Documents and Settings\Administrator>
PC A has received ARP Reply information from PC B. We go to PC B to check IP and MAC of PC B.
C:\Documents and Settings\Administrator> ipconfig /all
Windows IP Configuration
Host Name. . . . . . . . . . . . : winxp2
Primary Dns Suffix. . . . . . . :
Node Type. . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix. :
Description . . . . . . . . . . . : VMware Accelerated
Physical Address. . . . . . . . . : 00-0C-29-73-24-8B
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.2
Subnet Mask. . . . . . . . . . . : 255.255.255.0
Default Gateway. . . . . . . . . :
We open the wireshake to see the arp packets. Because wireshake will capture a lot of packets. We filter by typing "arp". At this point wireshake will only show arp packets.
We see the ARP Request and the ARP Reply. Then when PC A sends ARP Request to PC B. PC B also cached Sender IP and Sender MAC of PC A. We see arp table on PC B.
C:\Documents and Settings\Administrator> arp -a
Interface: 192.168.10.2 --- 0x2
Internet Address Physical Address Type
192.168.10.1 02-aa-aa-aa-aa-aa dynamic
C:\Documents and Settings\Administrator>
We see arp table on PC A.
C:\Documents and Settings\Administrator> arp -a
Interface: 192.168.10.1 --- 0x2
Internet Address Physical Address Type
192.168.10.2 00-0c-29-73-24-8b dynamic
We see that both PCs cache each other's MAC information. If we want to delete the information arp cache. We use "arp -d"
C:\Documents and Settings\Administrator> arp -d
C:\Documents and Settings\Administrator> arp -a
No ARP Entries Found
C:\Documents and Settings\Administrator>
If 2 PCs are no longer transmitting data, the information is stored in the arp table will be deleted depending on the operating system and the deletion time varies.
After MAC information is available, PC A will send ICMP Request packet. And PC B will send ICMP Reply packet. We see wireshake capture ICMP package.
PC A sends 4 ICMP Request packets and receives 4 ICMP Reply packets.
This lab, we can use packet tracert software to do.