The goal of this assignment is to learn how to perform packet capture and analysis on Wireshark. We are specifically going to look at ARP packets.
Part A Wireshark packet capture (15 points)
Your first task is to capture an ARP exchange from your computer. To do this, open Wireshark and start recording. It will be easier if you filter for the “arp” packets. You should wait for some time, browse the Web etc and you will see an ARP message exchange. The message exchange includes a ARP request and a ARP response. Once you see the exchange, stop the capture and store the packet as “assignment4_my_ arp.pcap”. Read a Wireshark tutorial on the Web if you are unsure how to do capture messages and store them.
Here is an example ARP message exchange I captured from my computer.
Submit the assignment4_my_arp.pcap and the screenshot of your ARP message exchange (similar to the example above) for Part A.
Part B Analyze the ARP (85 points)
Your second task is to write a program “analysis_pcap_ arp” that analyzes the pcap trace for the ARP packet. This is similar to your previous assignment, but this time you are not allowed to use any structure. Perform a byte-level programming to read each byte and convert it to the ARP header element—for example, the sender MAC address, target MAC address, protocol type, etc. Refer to the ARP message structure in your book to determine the elements of the ARP message.
Your program does not need to process each packet. Instead, make sure for each packet you can determine if the packet is a ARP packet or not, and if it is an ARP packet then process it further. Based on your analysis, answer the following questions:
- Print the entire ARP request and response for one ARP packet exchange (preferably the one you show in the screenshot above).
- Based on the ARP messages, tell us the IP address and MAC address of your router. Explain how you determined this.
Submit your well formatted program, answers to (i) and (ii) and a README that explains how to run your program including details of your program logic for Part B.
Bonus: Capture Gratuitous ARP (10%)
Because ARP packets are over the LAN, every host in the LAN receives the ARP packet. Your task here is to capture gratuitous ARP packets that are not meant for your computer. One easy way to capture this is the following: make sure your computer and a friend’s computer is connected to the same LAN. Ask your friend to perform Web browsing and use Wireshark to capture traces on your computer. You should see the ARP packets meant for your friend’s computer in your traces. Get a snapshot of these ARP messages (only the ARP request). Make sure you show us that these ARP messages were meant for a different IP address than your own.
For the bonus points, include the snapshot of the ARP messages as well as a short writeup of why you are seeing these messages meant for a different computer.
As before, you may write your programs in the following languages: Python, Java, and C/C++. If you want to write in any other language, please talk to me.
You need to submit your homework in a single zip file as follows:
- The zip file and (the root folder inside) should be named using your last name, first name, and the assignment number, all separated by a dash (‘-‘) e.g. lastname-firstname-assignment3.zip
- The zip file should contain all submissions for parts A and B and bonus if doing.