PROTECTING THE ARP PROTOCOL
ARP Poisoning Lab
VIRTUAL MACHINES NEEDED FOR LAB:
Chiron Linux
Username: root
Password: toor
Loadholt
Username: Culex\administrator
Password: abc123!!!
Windows 7
Username: user
Password: abc123!!!
Lab Goal: Gain an understanding of ARP traffic
Objective: Identify the current MAC addresses for your VMs
1. On Chiron Linux VM, use the ifconfig command in a terminal to identify the IP and MAC
address for its ethernet interface (ens33). On the Windows 7 and Loadholt VMs, use the
ipconfig /all command in a command prompt to identify the IP and MAC addresses for the
ethernet interface (Local Area Connection). Record the IP and MAC address for each VM in
the table below.
7021 Columbia Gateway Dr. Suite 250, Columbia, MD 21046
www.chirontech.com | 410.672.1522 | @ChironTech
Any unauthorized use or disclosure of this material is strictly prohibited. © Chiron Technology
Services
, Hostname IP Address MAC address
Windows 7 192.168.12.53 00:0c:29:___:___:___
Chiron Linux 192.168.12.9 00:0c:29:___:___:___
Loadholt 192.168.12.55 00:0c:29:___:___:___
Objective: Understand ARP’s interaction with firewalls
2. Turn on the firewall on the Windows 7 VM and set it to NOT allow any exceptions.
Start Menu > Control Panel > System and Security > Windows Firewall > Click on
Turn Windows Firewall on or off
3. Ensure the firewall is on for both of the network locations and that the box Block all incoming
connections, including those in the list of allowed programs is checked.
Note: By default Windows allows unsolicited requests for several protocols
through the firewall. Checking the box mentioned above disables this behavior.
4. In a terminal on the Chiron Linux VM delete the ARP cache entry that may exist for the
Windows 7 VM:
root@chiron:~# arp -d 192.168.12.53
5. Check the contents of the ARP cache to ensure the Chiron Linux VM does not know the
MAC address for the Windows 7 VM:
root@chiron:~# arp -a
? (192.168.12.53) at <incomplete> [ether] on ens33
Note: You may not see any reference to the Windows 7 VM IP address in the
ARP cache.
6. In a command prompt on the Windows 7 VM delete all the ARP cache entries:
C:\Users\user> arp -d *
7021 Columbia Gateway Dr. Suite 250, Columbia, MD 21046
www.chirontech.com | 410.672.1522 | @ChironTech
Any unauthorized use or disclosure of this material is strictly prohibited. © Chiron Technology
Services
ARP Poisoning Lab
VIRTUAL MACHINES NEEDED FOR LAB:
Chiron Linux
Username: root
Password: toor
Loadholt
Username: Culex\administrator
Password: abc123!!!
Windows 7
Username: user
Password: abc123!!!
Lab Goal: Gain an understanding of ARP traffic
Objective: Identify the current MAC addresses for your VMs
1. On Chiron Linux VM, use the ifconfig command in a terminal to identify the IP and MAC
address for its ethernet interface (ens33). On the Windows 7 and Loadholt VMs, use the
ipconfig /all command in a command prompt to identify the IP and MAC addresses for the
ethernet interface (Local Area Connection). Record the IP and MAC address for each VM in
the table below.
7021 Columbia Gateway Dr. Suite 250, Columbia, MD 21046
www.chirontech.com | 410.672.1522 | @ChironTech
Any unauthorized use or disclosure of this material is strictly prohibited. © Chiron Technology
Services
, Hostname IP Address MAC address
Windows 7 192.168.12.53 00:0c:29:___:___:___
Chiron Linux 192.168.12.9 00:0c:29:___:___:___
Loadholt 192.168.12.55 00:0c:29:___:___:___
Objective: Understand ARP’s interaction with firewalls
2. Turn on the firewall on the Windows 7 VM and set it to NOT allow any exceptions.
Start Menu > Control Panel > System and Security > Windows Firewall > Click on
Turn Windows Firewall on or off
3. Ensure the firewall is on for both of the network locations and that the box Block all incoming
connections, including those in the list of allowed programs is checked.
Note: By default Windows allows unsolicited requests for several protocols
through the firewall. Checking the box mentioned above disables this behavior.
4. In a terminal on the Chiron Linux VM delete the ARP cache entry that may exist for the
Windows 7 VM:
root@chiron:~# arp -d 192.168.12.53
5. Check the contents of the ARP cache to ensure the Chiron Linux VM does not know the
MAC address for the Windows 7 VM:
root@chiron:~# arp -a
? (192.168.12.53) at <incomplete> [ether] on ens33
Note: You may not see any reference to the Windows 7 VM IP address in the
ARP cache.
6. In a command prompt on the Windows 7 VM delete all the ARP cache entries:
C:\Users\user> arp -d *
7021 Columbia Gateway Dr. Suite 250, Columbia, MD 21046
www.chirontech.com | 410.672.1522 | @ChironTech
Any unauthorized use or disclosure of this material is strictly prohibited. © Chiron Technology
Services
