-
Notifications
You must be signed in to change notification settings - Fork 0
How to install Wireshark, dump your arp cache, and capture the associated arp traffic
You can install Wireshark on a windows machine by simply going to this link https://www.wireshark.org/download.html and clicking on the appropriate installer for your operating system which in this case is either Windows 32 or 64 bit depending on which version of windows is being run. Then simply the downloaded installer and respond to the prompts it asks for however you want. There are a few additional packages you can choose to install several optional components and select the location of the installed package. Note there that the default settings are recommended for most users but if you want or aretoldto change them the installation prompts should give you the option to change it to fit your needs.
On Windows, you'll need to use slightly different command then in linux. First, you'll need to open the command prompt with the run as Administrator command, since the Sudo command used in Linux does not work in Windows command prompt. The actual command after opening the shell like this, simply enter the command netsh interface ip delete arpcache. This will do nearly the exact same as the Linux command, with it deleting all the data within the cache thus erasing all entries it was holding. Be sure to use arp -a to display the cache afterward to make sure it works by having the cache display nothing.
Capturing traffic with Windows is pretty much the same as that of Linux. In Wireshark you'll need to capture a specific filter like ens160 in Linux, in this case any type of internet or wired connection will do. After this simply open the command prompt, probably should dump the arp cache before starting any of this, and ping any given address. While still in the command prompt simply use arp -a to make sure the ping went through, and then stop the Wireshark capture. For more simple monitoring you can filter the capture with "arp" written into the display filter. Afterwards its the exact same as studying captures in Linux.