1
00:00:00,490 --> 00:00:07,690
So let's see how the ARP packets are seen in Wireshark to see the art packet, we must first force the

2
00:00:07,690 --> 00:00:09,430
system to send in our request.

3
00:00:10,440 --> 00:00:14,610
Then we can have a close look into the fields of the art packet's.

4
00:00:16,260 --> 00:00:19,710
So I'm in Cali and I want to look at the art table first.

5
00:00:20,880 --> 00:00:24,330
So I'll open a terminal browser and type a R Pete.

6
00:00:25,440 --> 00:00:27,340
So this is the ARP table of my colleague.

7
00:00:27,660 --> 00:00:29,330
There are two records at the moment.

8
00:00:29,370 --> 00:00:34,080
One for the gateway and one for the VM with the IP address of two zero seven.

9
00:00:35,440 --> 00:00:37,180
Let's clear the table first.

10
00:00:38,550 --> 00:00:46,140
Now, I don't have to delete the records of the table so I can use the H parameter to get help.

11
00:00:47,350 --> 00:00:55,150
So it tells me to use the deep parameter to delete a specified entry now does delete all the entries

12
00:00:55,160 --> 00:00:57,280
if I don't specify any particular one.

13
00:00:58,640 --> 00:01:01,010
So I'll use the parameter with no value.

14
00:01:02,790 --> 00:01:04,080
And it needs the hostname.

15
00:01:05,010 --> 00:01:13,650
OK, so I delete the entry for PVM two zero seven so I can push it to create an hour request, OK,

16
00:01:14,070 --> 00:01:14,940
deleted the entry.

17
00:01:16,120 --> 00:01:24,460
Now run Wireshark, now remember, we run Wireshark within the terminal screen just as before, so click

18
00:01:24,970 --> 00:01:26,230
Wireshark icon.

19
00:01:27,250 --> 00:01:34,030
And that makes it run so double click the F zero to start capturing the trap.

20
00:01:35,170 --> 00:01:39,460
OK, now I go to the terminal screen and ping pvm two zero seven.

21
00:01:40,540 --> 00:01:47,200
Turn back to the Wireshark interface, and since we have enough packets to examine and just stop capturing.

22
00:01:48,710 --> 00:01:50,460
So let's look at the first packet.

23
00:01:50,900 --> 00:01:57,980
It's an off request when we ping the IP address, one seven two one six eight nine nine two zero seven.

24
00:01:58,430 --> 00:02:04,610
Since Colly doesn't know who has his address, it broadcast and our request to learn the owner of the

25
00:02:04,610 --> 00:02:05,120
IP.

26
00:02:07,570 --> 00:02:11,050
And the second packet is in our response.

27
00:02:12,070 --> 00:02:16,120
So I go back to the request and expand the art packet information blog.

28
00:02:17,470 --> 00:02:22,880
The Senator Mac address and the center IP address are colleagues addresses.

29
00:02:23,960 --> 00:02:28,660
Target Mac address is filled with zeros because, well, we don't know it yet.

30
00:02:30,150 --> 00:02:37,550
When we look at the Ethernet frame, we see that the 48 bit destination address is full of ones and

31
00:02:38,040 --> 00:02:44,630
all these F letters correspond to these ones in hexadecimal and the frame is broadcast, right.

32
00:02:46,050 --> 00:02:51,300
Now, this is the AAP response by Vem two zero seven.

33
00:02:52,280 --> 00:02:58,580
And as you can see, the PVM returns its Mac address in the center Mac address field to Kukali.

34
00:03:00,120 --> 00:03:08,370
And then as seen in the table, Colin starts to send the ping requests to Veum to 07 and then VMD to

35
00:03:08,370 --> 00:03:10,290
zero seven replies to the request.

36
00:03:12,320 --> 00:03:13,760
Talk about clear communication.