ARP command usage

Displays and modifies the items in the "Address Resolution Protocol (ARP)" cache. The ARP cache contains one or more tables, which are used to store IP addresses and Their resolved physical IP addresses over Ethernet or card rings. Each Ethernet or ring network adapter installed on the computer has its own independent table. If no parameters are available, the ARP command displays help information.

Syntax
ARP [-A [inetaddr] [-N ifaceaddr] [-G [inetaddr] [-N ifaceaddr] [-D inetaddr [ifaceaddr] [-s inetaddr etheraddr [ifaceaddr]

Parameters

-A [inetaddr] [-N ifaceaddr]
Displays the current ARP cache table for all interfaces. To display ARP cache items for a specific IP address, use ARP-A with the inetaddr parameter. inetaddr here represents the IP address. If inetaddr is not specified, the first applicable interface is used. To display the ARP cache table for a specific interface, use the-n ifaceaddr parameter with the-a parameter. ifaceaddr here represents the IP address assigned to the interface. The-N parameter is case sensitive.
-G [inetaddr] [-N ifaceaddr]
Same as-.
-D inetaddr [ifaceaddr]
Delete the specified IP address. inetaddr here represents the IP address. To delete an item in a table for the specified interface, use the ifaceaddr parameter. ifaceaddr here represents the IP address assigned to the interface. To delete all items, use the asterisk (*) wildcard to replace inetaddr.
-S inetaddr etheraddr [ifaceaddr]
Add a static entry that parses the IP address inetaddr into the physical address etheraddr to the ARP cache. To add a static ARP cache entry to the table of the specified interface, use the ifaceaddr parameter. ifaceaddr here represents the IP address assigned to the interface.
/?
Display help at a command prompt.
Note
The IP addresses of inetaddr and ifaceaddr are represented in decimal notation with dots.
The physical address of etheraddr consists of six bytes, which are expressed in hexadecimal notation and separated by a hyphen (for example, 00-aa-00-4f-2a-9c ).
ARP command
The ARP cache of the processing system can clear the address ing in the cache and create a new address ing;
Syntax: ARP [-V] [-N] [-H type] [-I if]-A [hostname]
ARP [-V] [-I if]-D hostname [Pub]
ARP [-V] [-H type] [-I if]-s hostname hw_addr [temp]
ARP [-V] [-H type] [-I if]-s hostname hw_addr [netmask nm] pub
ARP [-V] [-H type] [-I if]-Ds hostname IFA [netmask nm] pub
ARP [-V] [-N] [-D] [-H type] [-I if]-f [filename]

The options of this command are as follows:

-V: displays details;
-N is displayed as a digital address;
-I If selection interface;
-H type: Check the type address When configuring and querying ARP cache;
-A [hostname] displays all entries of the specified hostname;
-D hostname: delete all entries of the specified hostname;
-D use the IFA hardware address interface;
-S hostname hw_addr manually adds the hostname address ing;
-F filename: Read hostname and hardware address information from the specified file.
-S hostname hw_addr manually adds the hostname address ing;

Two-way binding is adopted to prevent ARP spoofing.

1. Bind the IP address and MAC address of the security gateway to the PC:
1) First, obtain the Intranet MAC address of the Security Gateway (for example, the MAC address of the HiPer gateway address 192.168.16.254 is 0022aa0022aa ).
2) Compile a batch file RARP. bat with the following content:CopyCodeThe Code is as follows: @ echo off
ARP-d
ARP-s 192.168.16.254 00-22-aa-00-22-aa

Change the gateway IP address and MAC address in the file to the actually used gateway IP address and MAC address.
Drag this batch of processing software to WindowsProgram.
3) if it is an Internet cafe, you can use the paid software server program (pubwin or Vientiane can both) to send the batch processing file RARP. bat to the startup directory of all clients. The default startup directory of Windows2000 is "C: \ Documents ents and Settings \ All users" start "menu program ".
We are also finding something a beautiful feeling... It is easy to know u are happy so I am happy

ARP binding function help

ARP is a network communication protocol at the data link layer. It converts IP addresses to physical addresses (MAC addresses. ARP spoofing is achieved by forging IP addresses and MAC addresses. As a result, packets cannot be sent to the correct MAC address, which causes a large amount of ARP traffic to block the network, as a result, the network cannot communicate normally.

The main symptom of ARP virus is that the machine can access the Internet normally before, And suddenly cannot access the Internet (cannot ping the gateway ), after restarting the machine or running the command ARP-D in the MS-DOS window, you can restore the Internet for a while. In some cases, you can access the Internet, but the network speed is very slow.
Currently, software with ARP spoofing features include "QQ sixth sense", "cyber law enforcement officer", "P2P Terminator", and "Internet cafe legend killer". Among these software, some are manual operations to damage the Network, some are as viruses or Trojans, and users may not know the existence of such ARP viruses.

From the perspective of affecting the smooth network connection, ARP spoofing can be two types of attacks: one is spoofing the ARP table of the router, and the other is spoofing the ARP table of the Intranet computer, of course, two types of attacks may also be carried out at the same time. If you do not manage the data, the data sent between the computer and the router will be sent to the wrong MAC address. This causes the above symptoms.

ARP binding is an effective way to prevent ARP spoofing. It is to bind the IP address to the corresponding MAC address to avoid ARP spoofing. There are two ARP spoofing forms: spoofing router ARP table and spoofing computer arp. Therefore, MAC Address binding also includes binding of the router ARP table and binding of the ARP table on the computer. Both settings are required. Otherwise, if you only set the ARP spoofing prevention function of the vro and do not set the computer, data packets will not be sent to the vro after the computer is cheated, it is sent to a wrong place. Of course, you cannot access the Internet or access the vro.

Example
To display the ARP cache tables for all interfaces, type:

ARP-

For an interface with the assigned IP address 10.0.0.99, to display its ARP cache table, type:

ARP-a-n 10.0.0.99

To add a static ARP cache entry that resolves the IP address 10.0.0.80 to the physical address 00-aa-00-4f-2a-9c, type:

ARP-s 10.0.0.80 00-aa-00-4f-2a-9c

Xox