ARP – To display ARP cache in Windows

8 Comments

  1. Do you know some method that can help to delete fake arp entry on windows vista?

    Execution of these commands fails:

    arp -d *
    arp -s

  2. Author

    “arp -d” should work. Might not be able to run the command if you are not an administrator?

    What is the error when you try to delete the arp entry?

  3. What is the timeout for cache entries for arp in Windows?

  4. hi. should my arp table show ip of many of the computers in a network or should it show me only the default gateway? please be as clrear as you can be. thanks in advance.

  5. Author

    ARP table should show entries from your local subnet. By default, your interface and the Default Gateway are in the same subnet and are shown. If you have any other host in the same subnet then try pinging it and lookup the arp table. You should see that IP in ur ARP table added

  6. 1. What command is used to display all entries in the ARP cache?
    a.
    2. What command is used to delete all ARP cache entries (flush the ARP cache)?
    a.
    3. What command is used to delete the ARP cache entry for 172.16.255.254?
    a.

    Step 2. Use the arp command to examine the local ARP cache, as shown in Example 9-2.
    1. When you issued the command that displays ARP entries, what were the results?
    a.

    Step 3. Use the ping command to dynamically add entries to the ARP cache. Ping your neighbor in class.
    1. How was the ARP entry added to the ARP cache? Hint: Review the Type column.
    a.
    2. What is the IP address of the destination pod host computer?
    a.
    3. What is the physical address of the destination pod host computer?
    a.
    4. Do not send any traffic to the computer accessed previously. Wait between 2 and 3 minutes, and check the ARP cache again. Was the ARP cache entry cleared?
    a.
    Issue the ping command to your default Gateway. Examine the ARP cache entry.
    5. What is the IP address of the Gateway?
    a.
    6. What is the physical address of the Gateway?
    a.
    7. How was the address discovered?
    a.
    Issue the ping command to espn.com. Examine the ARP cache entry.
    8. What is the physical address of espn.com?
    a.

    Step 4. Manually adjust entries in the ARP cache. (Hint: See some answers to step 3)
    1. What command deletes all entries in the ARP cache?
    a.
    2. Consider a secure environment where the Gateway controls access to a web server that contains top-secret information. What is one layer of security that can be applied to ARP cache entries to help counter ARP spoofing?
    a.
    3. Simulate adding a static entry for the Gateway. What command adds a static ARP entry for the Gateway to the ARP cache?
    a.

    Task 2: Use Wireshark to Examine ARP Exchanges
    Perform steps 1,2 as directed. For step 3, ping your gateway ping –n 1 10.21.32.11 and then ping espn.com as ping –n 1 199.181.132.250

    Provide a scrn prnt of the WireShark window.
    1. What is the first ARP packet?
    a.
    2. What is the second ARP packet?
    a.

    Fill in Table 9-8 with information about the first ARP packet.

    Table 9-8 First ARP Packet
    Field Value
    Sender MAC address Answers will vary
    Sender IP address Answers will vary
    Target MAC address 00:00:00:00:00:00
    Target IP address 172.16.255.254

    Fill in Table 9-9 with information about the second ARP packet.

    Table 9-9 Second ARP Packet
    Field Value
    Sender MAC address Answers will vary
    Sender IP address 172.16.255.254
    Target MAC address Answers will vary
    Target IP address Answers will vary

    1. Why was there no ARP request for the ping to espn.com?
    a.
    2. How long should the Gateway mapping be stored in the ARP cache on the host computer? Why?
    a.

  7. Poor Hector, hope he is still not waiting on an answer!

  8. Hi, Is there any way to modify (add) ARP entry using DHCP option. Does Windows7 support add static ARP entry using DHCP option?

Leave a Reply

Your email address will not be published. Required fields are marked *