1
00:00:00,260 --> 00:00:06,140
So let's see how the ARP packets are seen in Wireshark to see the ARP packets.

2
00:00:06,170 --> 00:00:09,590
We must first force the system to send an ARP request.

3
00:00:10,270 --> 00:00:14,770
Then we can have a close look into the fields of the ARP packets.

4
00:00:16,020 --> 00:00:19,890
So I'm in Cali and I want to look at the ARP table first.

5
00:00:20,620 --> 00:00:24,130
So I'll open a terminal browser and type ARP.

6
00:00:25,240 --> 00:00:27,430
So this is the table of my collie.

7
00:00:27,460 --> 00:00:33,130
There are two records at the moment, one for the gateway and one for the VM with the IP address of

8
00:00:33,160 --> 00:00:34,240
207.

9
00:00:35,460 --> 00:00:37,310
Let's clear the table first.

10
00:00:38,400 --> 00:00:46,260
Now I don't have to delete the records of the ARP tables so I can use the H parameter to get help.

11
00:00:47,140 --> 00:00:52,840
So it tells me to use the D parameter to delete a specified entry.

12
00:00:52,870 --> 00:00:57,460
Now does it delete all the entries if I don't specify any particular one?

13
00:00:58,430 --> 00:01:01,160
So I'll use the D parameter with no value.

14
00:01:02,670 --> 00:01:04,230
And it needs the host name.

15
00:01:05,010 --> 00:01:12,720
Okay, so I delete the entry for VM 207 so I can push it to create an ARP request.

16
00:01:13,230 --> 00:01:13,890
Okay.

17
00:01:14,010 --> 00:01:15,060
Deleted the entry.

18
00:01:15,910 --> 00:01:17,860
Now run, Wireshark.

19
00:01:17,890 --> 00:01:22,770
Now, remember, we run Wireshark within the terminal screen just as before.

20
00:01:22,780 --> 00:01:26,410
So I'll click Wireshark Icon.

21
00:01:27,220 --> 00:01:28,660
And that makes it run.

22
00:01:29,140 --> 00:01:34,270
So double click the eth0 to start capturing the traffic.

23
00:01:35,190 --> 00:01:39,600
Okay, now go to the terminal screen and ping VM 2007.

24
00:01:40,290 --> 00:01:42,510
Turn back to the Wireshark interface.

25
00:01:42,510 --> 00:01:45,360
And since we have enough packets to examine.

26
00:01:45,780 --> 00:01:47,340
Let me just stop capturing.

27
00:01:48,470 --> 00:01:50,510
So let's look at the first packet.

28
00:01:50,630 --> 00:01:52,160
It's an ARP request.

29
00:01:52,430 --> 00:01:54,350
When we ping the IP address.

30
00:01:54,350 --> 00:01:58,130
172.16.99.207.

31
00:01:58,160 --> 00:02:01,070
Since Kali doesn't know who has this address.

32
00:02:01,100 --> 00:02:04,970
It broadcasts an ARP request to learn the owner of the IP.

33
00:02:07,370 --> 00:02:11,210
And the second packet is an ARP response.

34
00:02:11,820 --> 00:02:16,230
So go back to the request and expand the ARP packet information block.

35
00:02:17,260 --> 00:02:23,020
The sender Mac address and the sender IP address are Cali's addresses.

36
00:02:23,770 --> 00:02:24,220
The target.

37
00:02:24,220 --> 00:02:28,750
Mac address is filled with zeros because, well, we don't know it yet.

38
00:02:29,930 --> 00:02:37,880
When we look at the Ethernet frame, we see that the 48 bit destination address is full of ones and

39
00:02:37,910 --> 00:02:44,710
all these F letters correspond to these ones in hexadecimal and the frame is broadcast, right?

40
00:02:45,880 --> 00:02:51,520
Now this is the ARP response by VM 207.

41
00:02:52,210 --> 00:02:58,670
And as you can see, the VM returns its Mac address in the sender Mac Address field to Collie.

42
00:02:59,950 --> 00:03:09,370
And then as seen in the table, Kylie starts to send the ping requests to VM 2007 and then VM 2007 replies

43
00:03:09,370 --> 00:03:10,450
to the requests.

44
00:03:12,240 --> 00:03:13,890
Talk about clear communication.