The arp entry deletion failed the requested operation requires elevation

Activity 3.2 Page 1

MGMT 393 Laboratory Manual

Activity 3.2 — Protocols and Conversations

SOFTWARE REQUIRED. You will need Wireshark (which you downloaded in Activity 1.3), and TCPVIEW,

which you will download this week, in PART 2.

The textbook’s Hands-On Cases, in Chapter 5 and 6, step you through some of this. You may find it

useful to have it handy while doing this Activity.

DON’T PANIC. You’re still not writing a lengthy lab report here – and there’s really not a lot of things

you’ll be doing this week. But you will be cranking through some details with Wireshark, and making

notes as you go along. Don’t rush. Be patient. It will pay off in the long run!

PART 1: Identifying the TCP/IP Layers in a Frame (see Hands-On Project 5.2, pgs 211-212 in the text).

1. START WIRESHARK: Set its Interface and Capture Options so that you’re ready to capture on

your active Internet connection, with NO filtering. START the CAPTURE.

2. BROWSER window: start up your browser, and after your home page loads, exit the browser.

3. STOP CAPTURE. Now, let’s take a closer look at what WIRESHARK found.

A. Click a packet summary in the top pane with HTTP in the protocol field and an INFO line

beginning with GET. In the middle pane Wireshark shows us summaries of each protocol

header. Ignore the lines that start Frame X.

B. Expand the ETHERNET II line in the PACKET DETAILS (middle) pane.

Examine the details that this reveals.

PASTE IN A SCREEN SHOT of that expanded ETHERNET II packet details pane in your

Report. (You might want to grab Wireshark’s scroll bars and expand the window, and

MGMT 393 Laboratory Manual Last Updated 16 Jun 2013

Activity 3.2 Page 2

trim down the parts of the screen shot outside of that area. JING makes that very easy,

but so does PAINT.) What are you seeing here?

What layer of the TCP/IP protocol does this header represent?

C. Collapse that line, and then expand the line starting with INTERNET PROTOCOL. Expand its

sublevels. What is this telling you? PASTE a screen shot of that into your report. What

new information about this conversation are you seeing here?

What layer of the TCP/IP protocol does this header represent?

D. Do the same for the line that begins “Transmission Control Protocol” (expand it, screen

print, past that in your report.) What new information about this conversation are you

seeing here?

What layer of the TCP/IP protocol does this header represent?

E. Do the same for the line that begins “Hypertext Transmission Protocol” (expand it, screen

print, past that in your report.) Can you explain what we’re seeing now, and why it seems

so different than what we’ve seen at the other protocol lines we’ve looked inside?

What layer of the TCP/IP protocol does this header represent?

If you’re not going on to the next part of the lab, close Wireshark (exit without saving), save your

lab report file. Else, press on!

PART 2: Taking a good hard look at ARP (see Hands-On Project 5-4: Capturing ARP and ICMP Packets,

pgs 219-220)

You’ll again need your lab report open in one window, these instructions in another, a

Command Prompt window and a WIRESHARK window. NOTE that we’re borrowing a

typographical convention from the textbook here: instead of showing you a C:> prompt with the

command on the line, the commands you’ll need to type in to the Command Prompt window

MGMT 393 Laboratory Manual Last Updated 16 Jun 2013

Activity 3.2 Page 3

will be shown in BOLDFACE and HIGHLIGHTED in GREEN. (We’ll assume that “press Enter” is

after each command, if it’s not already shown, okay?)

ALSO NOTE that sometimes, you have to click a few different times on Wireshark’s main pane

(on a particular frame number’s line) to get it to refresh the detail panes. Minimize each line

that you expand, then click on the next frame you want, then expand its lines as you need to.

Don’t let it baffle you.

1. open a command prompt window.

2. Type arp -d and press Enter to clear your ARP cache.

NOTE that WINDOWS may respond with

The ARP deletion failed: the requested operation requires elevation.

then you will have to exit Command Prompt, and rerun it by RIGHT-CLICKING it in your

START menu, and selecting RUN AS ADMINISTRATOR.

3. Start Wireshark and click Capture Options. In the Capture Filter text box, type arp or

icmp, and then click Start.