Part 1: Examining an ARP Query
In this activity, we are going to be taking a look at PDUs generated in the network during an ARP request. We will also see how the PDUs propagate the network.
In order to generate an ARP request, we will need to clear the ARP cache of the device first. The device we will be clearing the ARP table on is 172.16.31.2. This is done using the command “arp -d” on the devices command prompt. After this, we enter simulation mode and issue the “ping 172.16.31.3” command in order to ping the device at 172.16.31.3. This action generates two PDUs, an ICMP PDU and an ARP PDU. Since the ICMP packet cannot be sent out without knowing the MAC address of the device at 172.16.31.3, the device broadcasts and ARP request. After this, clicking on the Capture then Forward button once sends the ARP request to the switch. The destination MAC address on this ARP request is a broadcast address, FF:FF:FF:FF:FF:FF. This address tells the switch to forward this message on all its ports except the one it was received on. The switch then makes 3 copies of the ARP request and sends it out on its three of the four connected ports. Two of the devices then have a red cross (X) marked on the ARP request signifying they did not accept it, since their IP address does not match the one in the ARP request. The device living on the network with the IP 172.16.31.3 however, accepts the ARP request. In its reply, the source MAC address is its own (0060.7036.2849) while the destination MAC address is that of 172.16.31.2 (000C.85CC.1DA7). When this ARP reply reaches the switch, it is only forwarded to the destination address since both the required addresses are available.
Once the ARP is complete and the reply is received, the ICMP packet at 172.16.31.2 re-appears since the ping command has not yet been completed. In this ICMP PDU, we can see that the source and destination MAC and IP addresses are well aligned. Generally speaking, a device will issue and ARP request when it cannot find the MAC address to an IP address withing its own Local Area Network. The ARP Table can be viewed by keying in the command “arp -a” on the device’s command prompt.
Part 2: Examining a Switch MAC Address Table
In order to do this, we need to first populate the tables using pings. In the first part, we sent a ping to one of the devices on the 172.16.31.0/24 network. We will ping other devices on that network and them move to the 10.10.10.0/24 network. Following steps in part1, the following pings need to
be sent:
1. 172.16.31.2 to 172.16.31.4
2. 10.10.10.2 to 10.10.10.3
From the above result we can notice that the time taken for the reply of the first ping is considerably higher than those of the following 3. This can be attributed to the device taking time to send an ARP query into the network. Let us now examine the MAC address table on the switches.
When compared to the ARP table on 10.10.10.2, we can see that they correspond with each other, however the Switch’s MAC Address table understands which link to find the device on whereas the endpoint knows the device IP and MAC pairing. The switch also had the MAC address for all the devices on the network.
Part 3: Examine ARP Process in Remote Communications
Pinging the 10.10.10.1 Router will add the IP and MAC address of the 172.16.31.1. This is because that packet leaves the network and the device discovers the router since it communicates with it directly.
We can examine this further by going into simulation mode in packet tracer. Make sure to clear the ARP table in the device being used to send out the pings. Sending out a ping to 10.10.10.1 will generate 3 PDUs at a device. The PDUs are not addressed to 10.10.10.1 directly, but to the gateway of the network which is 172.16.31.1. This is because the device knows that the destination address does not live on the same network as the sender and thus has to address it to the gateway for it to be sent out of the network.
Checking the MAC Address Table in Router1, we can see that the MAC Address Table is empty. This is because Router1 and Router0 live on different networks. At this point a MAC address table is not used but an IP table is used. To view the routing tables, use the command “show ip route”. This will give you a breakdown of the networks the router is connected to and their IP addresses as well as subnet masks. It can also tell you how they are connected.
The “show arp” command on Router1’s CLI will give us the Local Area Network Information. This will include, the link the IP and MAC address pair lives on, the IP addresses and MAC addresses in the network.
