ARP协议抓包分析

版权声明：© By www.mrchen.love https://blog.csdn.net/weixin_43206704/article/details/85223178

ARP缓存表

一、查看ARP缓存表指令

arp -a

二、删除ARP缓存表指令
比如删除接口为192.168.182.128的ARP记录：

arp -d 192.168.182.128

Windows下也可清空所有ARP条目：

arp -d

---

实验环境搭建

配置两个虚拟机，IP地址分为192.168.182.128和192.168.182.132。清除与对方相关的APR条目。在192.168.182.132主机上执行ping指令：

---

Wireshark抓包

在虚拟机上打开Wireshark，设置arp协议过滤。在192.168.182.132主机上执行ping指令：

ping 192.168.182.128

Wireshark得到如下数据：
ARP请求
3 20.419117759 Vmware_41:b4:5d Broadcast ARP 60 Who has 192.168.182.128? Tell 192.168.182.132

Frame 3: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Vmware_41:b4:5d (00:0c:29:41:b4:5d), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Source: Vmware_41:b4:5d (00:0c:29:41:b4:5d)
Type: ARP (0x0806)
Padding: 000000000000000000000000000000000000

Address Resolution Protocol (request)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (1)
Sender MAC address: Vmware_41:b4:5d (00:0c:29:41:b4:5d)
Sender IP address: 192.168.182.132
Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
Target IP address: 192.168.182.128

0000 ff ff ff ff ff ff 00 0c 29 41 b4 5d 08 06 00 01
0010 08 00 06 04 00 01 00 0c 29 41 b4 5d c0 a8 b6 84
0020 00 00 00 00 00 00 c0 a8 b6 80 00 00 00 00 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00


ARP应答
4 20.419151652 Vmware_f9:e3:17 Vmware_41:b4:5d ARP 42 192.168.182.128 is at 00:0c:29:f9:e3:17

Frame 4: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0
Ethernet II, Src: Vmware_f9:e3:17 (00:0c:29:f9:e3:17), Dst: Vmware_41:b4:5d (00:0c:29:41:b4:5d)
Destination: Vmware_41:b4:5d (00:0c:29:41:b4:5d)
Source: Vmware_f9:e3:17 (00:0c:29:f9:e3:17)
Type: ARP (0x0806)

Address Resolution Protocol (reply)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: reply (2)
Sender MAC address: Vmware_f9:e3:17 (00:0c:29:f9:e3:17)
Sender IP address: 192.168.182.128
Target MAC address: Vmware_41:b4:5d (00:0c:29:41:b4:5d)
Target IP address: 192.168.182.132

0000 00 0c 29 41 b4 5d 00 0c 29 f9 e3 17 08 06 00 01
0010 08 00 06 04 00 02 00 0c 29 f9 e3 17 c0 a8 b6 80
0020 00 0c 29 41 b4 5d c0 a8 b6 84