Lab 1: Network Discovery with Wireshark

Duration: 90 minutes Difficulty: Beginner

Learning Objectives

  • Install and configure Wireshark for network analysis
  • Capture and analyze DHCP request/response sequences
  • Understand ARP resolution process
  • Identify different protocol layers in captured packets
  • Use Wireshark filters for targeted analysis

Exercise 1: Network Configuration Discovery

Step 1: Examine Current Network Configuration

Windows Commands:

ipconfig /all
arp -a
route print

Linux Commands:

ip addr show
ip route show
arp -a

Analysis Questions:

  1. What is your current IP address and subnet mask?
  2. What is your default gateway IP address?
  3. How many devices are in your ARP table?
  4. What DNS servers are configured?

Exercise 2: DHCP Analysis

Step 1: Start Packet Capture

  1. Open Wireshark with administrator privileges
  2. Select your active network interface
  3. Apply filter: dhcp or bootp
  4. Start capture before triggering DHCP

Step 2: Trigger DHCP Request

Windows:

ipconfig /release
ipconfig /renew

Linux:

sudo dhclient -r
sudo dhclient

Step 3: Analyze DHCP Sequence

Look for the four-step DHCP process:

  1. DHCP Discover - Client broadcasts request
  2. DHCP Offer - Server offers IP address
  3. DHCP Request - Client accepts offer
  4. DHCP ACK - Server confirms assignment

Analysis Questions:

  1. What destination MAC address is used for DHCP Discover?
  2. What IP address range does your DHCP server offer?
  3. How long is the lease time?
  4. What additional options are provided (DNS, gateway)?

Exercise 3: ARP Resolution Analysis

Step 1: Clear ARP Cache

Windows:

arp -d *

Linux:

sudo ip neigh flush all

Step 2: Capture ARP Traffic

  1. Apply Wireshark filter: arp
  2. Start capture
  3. Generate ARP requests:
ping 8.8.8.8
ping [your-gateway-ip]

Step 3: Analyze ARP Process

Analysis Questions:

  1. What happens when you ping an external IP vs local IP?
  2. How does ARP request/reply work?
  3. What MAC address responds for your gateway?
  4. Why do you see ARP for external IPs?

Lab Deliverables

  1. Screenshot of complete DHCP sequence with annotations
  2. ARP table before and after ping operations
  3. Analysis report answering all questions
  4. Custom Wireshark filter expressions