Analyzing ARP in Wireshark
Welcome back to my blog. This a write-up on the Analyzing Network Protocols with Wireshark Pluralsight course.
First, I am glad the Wireshark is already installed on Kali Linux. According to wireshark.org Wireshark is a network packet analyzer. A network packet analyzer presents captured packet data in as much detail as possible. Stands for "Address Resolution Protocol." According to techterms.com ARP is a protocol used for mapping an IP address to a computer connected to a local network LAN. Understanding ARP is vital to becoming a successful cyber security analyst.
This is what Wireshark looking like when you first open it up.
I opened up the example .pcap file and this is what some of the packets look like. As you can see different protocols are represented by different colors.
By right clicking on Profile Default you can create or delete your Wireshark profile. I actually make a new profile just to test out this feature.
Our two ARP packets show a completed cycle. This ARP communication is between an apple device and a Belkin device.
This is an example of an ARP sweep.
Wireshark is a great open source packet analyzer. Analyzing packets can help detect a cyber attack before it happens. Tcpdumps, network general, Aircrack-ng are other packet analyzer. I will have more Wireshark content coming soon.
Thanks for visiting my blog!
Please leave a donation with the link below if you would like to support the blog.
