I have to admit that I find the networking courses through Cisco’s Academy to be quite challenging. I’m learning a ton, but my to-do list for the day always comes screeching to an abrupt halt when I tackle my daily Packet Tracker practice and coursework, because it all just takes so long. But, I’m definitely learning!

On that vein, as part of the networking course, there is an exercise in working with Wireshark, so I thought that I would build up my knowledge and foundation before jumping into the assignment. I decided to use this resource for that. For my network, I have a raspberry pi 3 connected via its wireless NIC to the WAP, and a Mac laptop connected to the same network via a wireless NIC. I used Wireshark to inspect the packets between the two computers.

I used ip link to find the MAC address of my raspberry pi’s wireless NIC, as opposed to the ethernet NIC, which I am not using at this point:

b8:27:eb:6a:48:47

The MAC address, also known as the physical address, is a 12-digit hexadecimal code (48-bits) and is represented as MM:MM:MM:SS:SS:SS. The first 6 digits are known at the OUI or EUI, which is the manufacturer’s number. The second 6 digits are specific to the device itself.

I used a different command to find my Mac’s MAC address:

ifconfig

Raspberry pi: (IPv4) 10.0.0.95 (MAC) b8:27:eb:6a:48:47

Mac: (IPv4) 10.0.0.59 (MAC) a4:83:e7:34:2a:b3

Within the Rpi CLI, I pinged the Mac at 10.0.0.59 and was able to examine the packets within Wireshark. Sure enough, all the relevant data was there for inspection, from the initial ICMP echo request and reply with the appropriate frame details.

Now, to flush the Rpi ARP table:

ip -s -s neigh flush all

Then, I went sent a ping command to the Mac (IPv4 10.0.0.59) and my ARP table was rebuilt- this time with the router (IPv4 10.0.0.1) and the Mac (IPv4 10.0.0.59). The MAC address for both of these devices were included in the ARP table too (of course).