Concept data structure of ARP Address Resolution Protocol

We often talk about ARP attacks and other security issues in the network. What is ARP here? It is the ARP Address Resolution Protocol. Here, we will not talk about its security issues for the moment, so let's briefly talk about its basic meaning and data structure.

ARP Address Resolution Protocol

Address Resolution Protocol (ARP) is used to convert a computer's network Address (32-bit IP Address) to a physical Address (48-bit MAC Address) [RFC826]. ARP protocol is a link layer protocol. When data frames over Ethernet arrive from one host to another over the network, it is based on the 48-bit ethernet address (hardware address) to determine the interface, rather than based on the 32-bit IP address. The kernel (such as the driver) must know the destination hardware address to send data. Of course, point-to-point connections do not require address resolution protocols ｡

Data Structure of ARP Protocol

The following is a reference clip:

Typedefstructarphdr
{
Unsignedshortarp_hrd;/* hardware type */
Unsignedshortarp_pro;/* protocol type */
Unsignedchararp_hln;/* hardware address length */
Unsignedchararp_pln;/* Protocol address length */
Unsignedshortarp_op;/* ARP operation type */
Unsignedchararp_sha [6];/* the sender's hardware address */
Unsignedlongarp_spa;/* Protocol address of the sender */
Unsignedchararp_tha [6];/* target hardware address */
Unsignedlongarp_tpa;/* Target Protocol address */
} ARPHDR, * PARPHDR;

To explain the role of the Address Resolution Protocol, you must understand the data transmission process on the network. Here is a simple PING example ｡

Assume that the IP address of our computer is 192.168.1.1. Execute this command: ping192.168.1.2. This command will send ICMP data packets through ICMP. This process requires the following steps:

1. The application constructs a data packet. In this example, an ICMP packet is generated and submitted to the kernel (Network Driver );

2. Check whether the kernel can convert the IP address to the MAC address, that is, view the corresponding table of the IP-MAC in the local ARP cache;

3, if there is a IP-MAC ing, then jump to Step 9; if the IP-MAC ing does not exist, then continue the following steps;

4, the kernel ARP broadcast, the destination MAC address is FF-FF-FF-FF-FF-FF, ARP command type for REQUEST (1), which contains its own MAC address;

5. When the host 192.168.1.2 receives the ARP request, it sends an arp reply (2) command, which contains its own MAC address;

6. Obtain the IP-MAC address correspondence of the host 192.168.1.2 locally and save it to the ARP cache;

7. The kernel will convert the IP address to the MAC address, encapsulate it in the Ethernet header structure, and then send the data;

You can use the arp-a command to view the local ARP cache content. Therefore, after executing a local PING command, the ARP cache will have a record of the destination IP address, if your packet is sent to the destination of different CIDR blocks, there must be a record corresponding to the IP-MAC address of a gateway ｡

Knowing the role of the ARP protocol, we can clearly know that packet forwarding relies heavily on the ARP Protocol. Of course, it depends on the ARP cache, all ARP operations are automatically completed by the kernel and have nothing to do with other applications. Note that the Address Resolution Protocol is only used in this network ｡