1
00:00:00,520 --> 00:00:06,010
‫So let's see how the AAP packets are seen in Wireshark to see the AAP packet.

2
00:00:06,460 --> 00:00:09,430
‫We must first force the system to send an AAP request.

3
00:00:10,440 --> 00:00:14,580
‫Then we can have a close look into the fields of the art packets.

4
00:00:16,260 --> 00:00:19,710
‫So I'm in Cali and I want to look at the art table first.

5
00:00:20,880 --> 00:00:24,300
‫So I'll open a terminal browser and type AARP.

6
00:00:25,470 --> 00:00:27,350
‫So this is the ARP table of my colleague.

7
00:00:27,690 --> 00:00:29,350
‫There are two records at the moment.

8
00:00:29,370 --> 00:00:34,080
‫One for the Gateway and one for the VM with the IP address of two 07.

9
00:00:35,450 --> 00:00:37,150
‫So let's clear the table first.

10
00:00:38,580 --> 00:00:46,110
‫Now, I don't have to delete the records of the ARP table, so I can use the H parameter to get help.

11
00:00:47,380 --> 00:00:52,690
‫So it tells me to use the D parameter to delete a specified entry.

12
00:00:53,080 --> 00:00:57,250
‫Now there's a delete all the entries, if I don't specify any particular one.

13
00:00:58,670 --> 00:01:01,010
‫So I'll use the D parameter with no value.

14
00:01:02,820 --> 00:01:04,080
‫And it needs the hostname.

15
00:01:05,070 --> 00:01:05,380
‫OK.

16
00:01:05,790 --> 00:01:12,510
‫So I delete the entry for VMD two zero seven, so I can push it to create in our request.

17
00:01:13,260 --> 00:01:13,650
‫OK?

18
00:01:14,100 --> 00:01:14,910
‫Deleted the entry.

19
00:01:16,120 --> 00:01:22,630
‫Now run Wireshark now, remember, we run Wireshark within the terminal screen just as before.

20
00:01:23,080 --> 00:01:26,200
‫So click Wireshark icon.

21
00:01:27,310 --> 00:01:34,000
‫And that makes it run, so double click the eith zero to start capturing the traffic.

22
00:01:35,230 --> 00:01:39,460
‫OK, now go to the terminal screen and Ping VMD two zero seven.

23
00:01:40,540 --> 00:01:42,320
‫Turn back to the Wireshark interface.

24
00:01:42,730 --> 00:01:47,170
‫And since we have enough packets to examine and just start capturing.

25
00:01:48,740 --> 00:01:50,420
‫So let's look at the first packet.

26
00:01:50,900 --> 00:01:57,950
‫It's in our request when we ping the IP address one seven two one six nine nine two zero seven.

27
00:01:58,430 --> 00:02:04,580
‫Since Kali doesn't know who has this address, it broadcast and our request to learn the owner of the

28
00:02:04,580 --> 00:02:05,120
‫IP.

29
00:02:07,600 --> 00:02:11,020
‫And the second packet is in our response.

30
00:02:12,100 --> 00:02:16,120
‫So I go back to the request and expand the art packet information block.

31
00:02:17,510 --> 00:02:22,850
‫The sender Mac address and the sender IP address are Collins addresses.

32
00:02:23,840 --> 00:02:28,640
‫The Target Mac address is filled with zeros because, well, we don't know it yet.

33
00:02:30,120 --> 00:02:37,930
‫When we look at the Ethernet frame, we see that the 48 bit destination address is full of one, and

34
00:02:38,040 --> 00:02:44,610
‫all these f letters correspond to these ones in hexadecimal and the frame is broadcast right.

35
00:02:46,050 --> 00:02:51,270
‫Now, this is the sharp response by the PM two, zero seven.

36
00:02:52,340 --> 00:02:58,550
‫And as you can see, the VM returns its Mac address in the center Mac address field to Carly.

37
00:03:00,150 --> 00:03:07,890
‫And then, as seen in the table, Carly starts to send the ping requests the VM to zero seven and then

38
00:03:07,890 --> 00:03:10,260
‫VM two zero seven replies to the request.

39
00:03:12,320 --> 00:03:13,730
‫Talk about clear communication.