Displays and modifies items in the Address Resolution Protocol (ARP) cache. The ARP cache contains one or more tables that are used to store IP addresses and their resolved Ethernet or Token ring physical addresses. Each Ethernet or Token Ring network adapter installed on the computer has its own separate table. If used without parameters, the ARP command displays help information.
Grammar
arp[-a [InetAddr] [-N ifaceaddr]] [g [InetAddr] [-N ifaceaddr]] [D-InetAddr [IfaceAddr]] [-S inetaddr etheraddr [ifacead Dr]]
Parameters
-a[InetAddr] [-N ifaceaddr]
Displays the current ARP cache table for all interfaces. To display the ARP cache entry for a specific IP address, use the arp-a with the InetAddr parameter, where the INETADDR represents the IP address. If INETADDR is not specified, the first applicable interface is used. To display the ARP cache table for a specific interface, use the-n ifaceaddr parameter with the-a parameter, where the IFACEADDR represents the IP address assigned to the interface. The-n argument is case-sensitive.
-g[InetAddr] [-N ifaceaddr]
Same as-a.
-D InetAddr [IfaceAddr]
Deletes the specified IP address entry, where the INETADDR represents the IP address. For the specified interface, to delete an item in the table, use the IfaceAddr parameter, where the IFACEADDR represents the IP address assigned to the interface. To remove all items, use the asterisk (*) wildcard character instead of InetAddr.
-S InetAddr etheraddr [IfaceAddr]
Adds a static entry to the ARP cache that resolves IP address inetaddr to physical address etheraddr. To add a static ARP cache entry to the table for the specified interface, use the IFACEADDR parameter, where the IFACEADDR represents the IP address assigned to the interface.
/?
Displays help at the command prompt.
Comments
The IP addresses of InetAddr and ifaceaddr are represented by decimal notation with dots.
The physical address of the ETHERADDR is composed of six bytes, which are represented in hexadecimal notation and separated by hyphens (for example, 00-aa-00-4f-2a-9c).
ARP Commands
Processing the ARP cache of the system, it can clear the address mapping in the cache, and establish a new address mapping;
Syntax: ARP [-v][-n][-h type][-i if]-a [hostname]
ARP [-v][-i if]-d hostname [PUB]
ARP [-v][-h type][-i if]-s hostname hw_addr [temp]
ARP [-v][-h type][-i if]-s hostname hw_addr [netmask NM] Pub
ARP [-v][-h type][-i if]-ds hostname IFA [netmask NM] Pub
ARP [-v][-n][-d][-h type][-i if]-f [filename]
The options for this command have the following meanings:
-V displays detailed information;
-N is displayed in the form of a digital address;
-I if selection interface;
-H type when setting and querying the ARP cache, check the type's address;
-A [hostname] displays all entrances to the specified hostname;
-d hostname Deletes all entrances to the specified hostname;
-D uses the IFA hardware address interface;
-s hostname HW_ADDR add hostname address mapping manually;
-f filename reads hostname and hardware address information from the specified file
-s hostname HW_ADDR add hostname address mapping manually;
the method of bidirectional binding is used to resolve and prevent ARP spoofing.
1, on the PC binding security gateway IP and MAC address:
1 First, to obtain the Security gateway Intranet MAC address (for example, HiPER gateway address 192.168.16.254 MAC address is 0022AA0022AA).
2) The preparation of a batch document Rarp.bat reads as follows:
Copy Code code as follows:
@echo off
Arp-d
Arp-s 192.168.16.254 00-22-aa-00-22-aa
Change the gateway IP address and MAC address in the file to the actual gateway IP address and MAC address that you are using.
Drag this batch software to the Windowsà start à program à start.
3 If it is an Internet café, you can use the Billing Software server program (Pubwin or Vientiane can) send batch files Rarp.bat to all client's startup directory. The default startup directory for Windows2000 is "C:\Documents and Settings\All users" Start "menu program start.
We are also finding something a beautiful feeling ... it is easy to know u are happy I am happy
The ARP binding feature uses Help
The ARP protocol is a network communication protocol at the data Link layer, which completes the conversion function of IP address to physical address (i.e. MAC address). and ARP virus is through the fake IP address and MAC address to achieve ARP spoofing, resulting in packets can not be sent to the correct MAC address, will generate a large number of ARP traffic in the network blocking the network, resulting in the network can not carry out normal communication.
The main symptoms of the ARP virus is that the machine can be normal before the Internet, suddenly appear unable to surf the internet phenomenon (can not ping the gateway), restart the machine or under the MS-DOS window to run the command "Arp–d", but also to restore the internet for some time. Some of them can surf the internet, but the speed is very slow.
Currently with ARP spoofing function of the software has "QQ Sixth Sense", "Network law enforcement officer," Peer-to-peer Terminator "," internet café legendary Killer ", and so on, some of these software, some artificial manual operation to destroy the network, and some as a virus or trojan appear, users may not know it exists, The lethality of such ARP virus can not be underestimated.
From the way of affecting the smooth network connection, ARP spoofing has two kinds of attacks, one is the deception of the Router ARP table, the other is the deception of the intranet computer ARP table, and of course, two kinds of attacks can be carried out simultaneously. Do not manage how, after spoofing occurs, the data sent between the computer and the router is sent to the wrong MAC address. Which leads to the occurrence of the above symptoms.
ARP binding is an effective way to prevent ARP spoofing, which is to bind the IP address to the corresponding MAC address to avoid ARP spoofing. ARP spoofing forms have spoofed router ARP table and spoofing computer ARP two kinds, so MAC address binding also has the binding of the Router ARP table and the ARP table on the computer. Two aspects of the settings are necessary, otherwise, if you only set the router to prevent ARP spoofing function and not set up a computer, the computer will not be deceived after the packet sent to the router, but sent to a wrong place, of course, can not access the Internet and routers.
Example
To display an ARP cache table for all interfaces, type:
Arp-a
For an interface with an assigned IP address of 10.0.0.99, to display its ARP cache table, type:
ARP-A-N 10.0.0.99
To add a static ARP cache entry that resolves an IP address 10.0.0.80 to a physical address 00-aa-00-4f-2a-9c, you can type:
Arp-s 10.0.0.80 00-aa-00-4f-2a-9c
XOX
