There have been more than a few times where I had to illustrate that ARP was an issue.
When a suspected ARP issue, or you just need to understand how often a device ARP’s, or you need a good challenge when using your favorite packet analyzer, this is a great exercise.
There are 2 basic goals to this video:
- Always learn how to configure your tools for the task at hand. In this specific example I turn off my colors, disable my bytes view and configure my time format.
- Protocol analysis is largely an exercise in pattern recognition, using the correct display and filters allow you to see that pattern. Even if you are just learning, this is a great way to figure things out.
In this specific example, I was chatting with someone about ARP timeouts and mentioned that I only had up to Windows XP figured out and documented, then he asked “what about windows 8 and 10?” to which I responded, “I’ll show you how to do it so you can figure it out yourself.
Now you can figure out the ARP behavior of any device regardless if it’s a computer, appliance IOT device, etc..
In this video, I measure how often my windows 8 laptop refreshed its ARP cache while pinging my default gateway. Funny thing, as soon as we figure it out – which took about 5 minutes because we had to wait for the packets and ARP refresh, he asked “Is it different when you use TCP?”. I laughed and said “well you know how to do it, figure it out”
