Tcpdump

That process that you described sounds accurate and expected. Assuming the arp cache is empty from the source TCP/IP host... when you "ping" another host by IP, the source computer first does a lookup in its local routing table, it then needs to determine what interface the packet will leave and whether or not the target is on the local subnet. if the target is on a remote submit, it will arp for the gateway. For the local subnet, it will send out an arp request and wait for a host on the subnet to replay with to the arp request.

What is happening is the source host needs to know what the target MAC address is so that it can deliver the packet. It knows the target IP, but not the target MAC. The host computer is sending out the arp request basically saying.. "Who has this IP..I need your MAC". If you look at the arp request, its a broadcast packet (255.255.255.255/ffffffffffff). All computers on the local subnet will pick up the packet and the one that has a match to the IP in the arp request will respond to the source host. Now that the source host has the MAC address, it can proceed with sending out the PING packet including the destination MAC address as well as the destination IP.

additional reading: How IP Packets are Routed on a Local Area Network

One more question. So if I would have a second router to connected to net 0 and it was the default route on Ws1. I know that Ws1 will get a redirect to R2. Can you explain redirects to me.

Here's a good explaination of ICMP redirects and when they're sent:
http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html