[ARP] ARP protocol and ARP attack

What is the ARP protocol. The ARP is short to address resolution PROTOCOL.

Let's take a look at this scene:

What do we do when we want to send a packet to the destination IP address in the network?

First, we're going to get the address of the destination host, so what does this address mean?

We look at the bottom, Ethernet network send information on the physical level is the current, network card can be based on the level of voltage to identify the signal, 7 layer

There is a layer of "data link layer" in the model that converts a voltage signal into a frame signal, which is the prototype of the package we call it.

So when we send a package, the real process is to put the packet information at different voltages on the wire, the destination host can identify the information by listening to the voltage.

Anyway, what does this have to do with the arp we're talking about?

Because in the frame signal we are hiding the information of the destination host, that is, all the hosts in the network can receive the information you send packets, but they will be based on the information in the frame to determine whether to send their own information, if not directly discarded. So what is the message of the host in this destination?

In fact, he is our very familiar network card physical address.

OK, now the problem is, our IP packet is sent to a fixed IP address instead of a network card physical address, the two directly do how to match it.

The ARP protocol is used to deal with the relationship between the two.

When to send an IP packet, ARP first go to its own buffer check there is no matching ip-mac pair, there will be directly to the MAC address into the frame head, if not he sent a broadcast frame information, request IP address XXX.XXX.XXX.XXX corresponding MAC address. When this destination host receives this frame information will issue a reply said the IP address is XXX.XXX.XXX.XXX the MAC address is yy, and updates own buffer, records IP-MAC pair. Then the sending host can send this IP packages to the destination host.

So how does ARP spoofing attack work?

The host that launched the attack kept on initiating ARP request packets to the host on the network, the main purpose of this request package was to bind a particular IP (not the host of the attack) to its own MAC address, so as to successfully guide the network traffic to its own host.

So as long as we bind the static Ip-mac, we don't have to suffer from ARP spoofing.