Initial knowledge of Address Resolution Protocol for ARP (addresses Resolution Protocol)

Source: Internet
Author: User

The ARP Address Resolution protocol is a TCP/IP protocol that obtains physical addresses based on IP addresses. It works in the second layer of the OSI seven-layer model-the data link layer.

Using the ARP Address Resolution protocol, the destination hardware address (MAC address) information can be resolved according to the IP address information in the IP packet header of the network layer, in order to ensure the smooth communication.

    • May be attacked by malicious--arp
    • ARP uses a broadcast less efficiently than the IPV6 NDP protocol.

ARP works through a message, and the structure of the message is as follows:

Assuming that host a in the same network communicates with Host B, the information for A and B is as follows:
The IP address of host A is 192.168.1.1,mac address is 0a-11-22-33-44-01;
The IP address of Host B is 192.168.1.2,mac address is 0a-11-22-33-44-02;

The workflow for ARP is as follows:

    1. Based on the routing table information on host A, it is concluded that the forwarding address to reach Host B is 192.168.1.2. Host A then looks for the MAC address for that IP in its own local ARP cache
    2. If the corresponding mapping is not found in the ARP cache of host A, it will broadcast to all hosts throughout the network asking for the MAC address of 192.168.1.2, which includes the IP address of the source host A, the MAC address, and the destination host. Each host on the local network receives an ARP request and checks that the destination IP in the request matches its own IP address, and if the host discovers that the requested IP address does not match its own IP address, it discards the ARP request.
    3. Host B determines that the IP address in the ARP request matches its own IP address, and adds the IP address and MAC address mappings for host A to the local ARP cache.
    4. Host B sends an ARP reply message containing its MAC address directly back to host a.
    5. When host a receives an ARP reply message from Host B, the ARP cache is updated with Host B's IP and MAC address mappings (the local cache has a lifetime, and the previous procedure is repeated after the lifetime is over). Once the MAC address of Host B is determined, host a can send IP traffic to Host B.

The ARP cache is a buffer for storing IP addresses and MAC addresses, which is essentially a corresponding table of IP address –>mac addresses. You can see this mapping information by typing "arp-a" under Windows cmd:

The ARP cache can contain both dynamic and static items.

    • Dynamic items are automatically added and deleted over time. The potential life cycle for each dynamic ARP cache entry is 10 minutes. Items that are added to the cache have a timestamp, and if an item is not reused within 2 minutes of being added, the item expires and is removed from the ARP cache, and if an item is already in use, it receives a 2-minute life cycle, and if an item is always in use, it receives an additional 2-minute life cycle. Up to 10 minutes for the longest life cycle.
    • Static items remain in the cache until the computer is restarted.

The ARP request is sent in the form of broadcast, the host on the network can send the ARP reply message autonomously, and when the other host receives the reply message, it will not detect the authenticity of the message and record it in the local MAC address translation table, so that the attacker can send the pseudo ARP reply message to the target host, IELTS and TOEFL thereby tampering with the local MAC address table.
ARP spoofing can cause the target computer to fail communication with the gateway, which will lead to traffic redirection, and all data will pass through the attacker's machine, so there is a great security risk.

    • Set the static Mac–>ip table, and do not let the host refresh the Set conversion table.
    • Use the ARP server.
    • The administrator polls periodically to check the ARP cache on the host.
    • RARP (Reverse address Resolution Protocol reverse addresses translation protocol): It is a protocol that requests an IP address based on the MAC address, and its function is the opposite of the Address Resolution Protocol.
    • PARP (proxy arp proxy arp): ARP works in a network segment, while proxy ARP works between different network segments. When the gateway receives an ARP request from the source computer, it responds to the source computer with its own MAC address and the IP address of the destination computer.
    • NDP (Neighbor Discovery Protocol Neighbor Discovery Protocol): The Address Resolution Protocol is an essential protocol in IPV4, but the address Resolution Protocol will no longer exist in IPV6. In IPv6, the function of the Address Resolution Protocol will be implemented by NDP, which uses a series of IPV6 control information messages (ICMPV6) to manage the interaction of neighboring nodes (nodes on the same link) and to maintain a mapping between the network layer address and the data Link layer address in a subnet. Address Resolution protocol and ICMPV4 router discovery and ICMPV4 redirect messages are based on broadcast, while NDP neighbor Discovery messages are based on efficient multicast and unicast.

Initial knowledge of Address Resolution Protocol for ARP (addresses Resolution Protocol)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.