Home‎ > ‎CIS 140NA‎ > ‎

Lab 12: Infrastructure Protocols

In this lab you'll examine packets from the most fundamental infrastructure protocols.


In this lab you'll look at ARP, DHCP and ICMP packets. These packets are often indicators of problems on your network. It's important to be familiar with them. 

Silent Failures

Download the following packet capture:

The capture shows an ARP and ND exchange. Use those packets to determine the IPv4 and IPv6 address of the machines. The capture also shows a sequence of events that ends in an error. Examine the packets and answer the following questions: 
  1. What IP addresses does 00:24:d7:e5:31:44 have?
  2. What IP addresses does 00:25:90:f1:05:c8 have?
  3. Which packet signals the error, what protocol is it? 
  4. What is the error? 
  5. What problem could cause this error? 

Capturing DHCP

You can find an example DHCP packet capture on the Sample Captures page of the Wireshark Wiki. Samples are taken from the DHCP server or the client. When you capture on a shared network you often see DHCP traffic. However, you may not see all of the DORA packets. Perform a capture on your network (or the CIS network) and watch for DHCP packets. You may have to capture for a while so it'll be helpful to use a capture filter. 
  • What capture filter should you use to limit the capture to only DHCP packets?
  • What DHCP packets from other hosts do you see and why? 

Turn In

  1. The answers to part 1
  2. The answers to part 2 with your capture.
Submit your homework on Canvas.


  • 10 points for part 1
  • 10 points for part 2
Problem Packets.pcapng
Michael Matera,
Apr 26, 2016, 9:22 AM