cybersecurity-24weeks/v3.0-Curriculum/1-Lesson-Plans/08-Networking-Fundamentals/2/Resources/secondlogfile at Main · coding-boot-camp/cybersecurity-24weeks

Tags

Top Highlights

• This concept will be explained later in the lesson.

• To filter for ARP replies, use the

• Navigate to File > Open and select the arp.pcap file.

• entering

• The first ARP broadcast request can be translated

• The request is also stating

• Point out that there is a field for each ARP packet called

• equal

• Run

• Name a few ways to protect against this vulnerability. Creating a static ARP entry in your server can help reduce the risk of ARP poisoning. Third-party tools can identify and alert for potential ARP poisoning attacks. Determine the primary vendor for the MAC addresses. Many web tools can assist with looking up the vendor associated with a MAC address. The web tool at aruljohn.com/mac.pl identifies all the MAC addresses vendors as VMWare.

• Type

• Explain that we can end the ping by hitting

• or ping -n 4 45.60.135.51 for Windows.

• for Linux and Mac or type

• for Windows

• Explain that we can tell the terminal to ping the website four times by using

• The "probe" packets sent from the source device are datagrams

• Explain to the class that we will now demonstrate a failed response. We will use redbull.com as an example

• Businesses may restrict ICMP requests for security reasons, such as preventing external parties from enumeration.

• Explain that a failed response doesn't necessarily indicate that the host is down. It may simply mean that the host is not allowing requests from ICMP.