Analyze ARP Poisoning with Wireshark

 You are the security analyst for a small corporate network. You believe that a hacker has penetrated your network and is using ARP poisoning to infiltrate it.

In this lab, your task is to determine whether ARP poisoning is taking place by doing the following:

• Use Wireshark to capture packets on the enp2s0 interface for five seconds.
• Analyze the Wireshark packets to determine whether ARP poisoning is taking place.
• Use the 192.168.0.2 IP address to help make your determination.
• Answer the questions.

EXPLANATION

Complete this lab as follows:

1. Using Wireshark, capture packets for a short time.
   1. From the Favorites bar, select Wireshark.
   2. Maximize the window for easier viewing.
   3. Under Capture, select enp2s0.
   4. Select the blue fin to start a Wireshark capture.
   5. After capturing packets for five seconds, select the red box to stop the Wireshark capture.
2. Filter for ARP packets and answer the question.
   1. In the Apply a display filter field, type arp and press Enter to only show ARP packets.
   2. In the Info column, look for the lines containing the 192.168.0.2 IP address.
   3. In the top right, select Answer Questions.
   4. Answer the questions.
   5. Select Score Lab.