Network Protocol basics: ARP Analysis

Summary of ARP

ARP: Address Resolution Protocol.

RARP: Reverse Address Resolution Protocol.

Different networks, such as Ethernet and Token networks, have different addressing mechanisms at the data link layer.

In an Ethernet LAN, a host sends packets to another host based on the 48-bit ethernet address. The device driver never checks the destination IP address in the IP datagram.

The Address Resolution Protocol (ARP) provides ing for these two different address formats: 32 bit IP address and 48bit data link layer address conversion. RFC 826 [Plummer1982] is a description of ARP specifications.

ARP provides dynamic ing between IP addresses and corresponding hardware addresses. RARP is used by systems that do not have a disk drive (generally a diskless workstation or X terminal). It needs to be manually set by the system administrator.

ARP communication process analysis:

(1). For example, on a lan, A host A (192.168.0.12) needs to access machine B (192.168.0.11 ). It sends an Ethernet data frame called an ARP request to each host (broadcast packet) on the Ethernet ). The ARP request data frame contains the IP address of the target host, which means: "If you are the owner of this IP address, please reply to your hardware address ."

(2) After receiving the broadcast packet, the target host identifies the IP address that the sender is asking for, and then sends an ARP response. This ARP response contains the IP address and the corresponding hardware address. (Non-broadcast)

(3 ). after receiving the ARP response, the system's ARP cache will record the corresponding information of the MAC-IP (ARP attack point), in cmd arp-a can query the current machine's ARP cache. IP datagram can be transmitted now.

There is a basic concept behind ARP, that is, the network interface has a hardware address (A 48bit value that identifies different Ethernet or ring-based network interfaces ). The correct interface address must be provided for data frame exchange at the hardware level. However, TCP/IP has its own address: 32 bit IP address.

Knowing the Host IP address does not allow the kernel to send a frame of data to the host. The kernel (such as the Ethernet driver) must know the destination hardware address to send data. ARP provides dynamic ing between 32-bit IP addresses and hardware addresses using different network technologies.

Note:

The ARP protocol is unreliable and connectionless. Generally, even if the host does not send an ARP request, it will accept the ARP response sent to it, and put the corresponding mac and ip addresses in the ARP cache. In addition, the linux system with the kernel 2.4.x has considered ARP spoofing in ARP implementation and will not accept unrequested ARP responses. Therefore, it is invalid to directly send ARP reply to such a system, interestingly, although it does not accept unrequested ARP reply, it will update its ARP cache as long as it receives an ARP request.