TCP/IP Chapter 4 ARP
IP networks
use logical addressing (IP address) for communicating among hosts
arp -a
will list the current entries in the ARP cache(table)
Timeout required for dynamic entries
-NIC may change -IP address changes -IP lease expires
Ethernet frame with ARP payload
-64 bytes
ARP frame
-9 required fields; 28 bytes -Hard type -Prot type -Hard size -Prot Size -Op -Sender's Hardware Address -Sender's Protocol Address -Target Hardware Address -Target Protocol Address
Sender HW address (6)/Sender's Protocol Address (4)
-ARP Request is who sent request or -ARP Reply the address that was being searched for
Target HW address (6)/Target Protocol address (4)
-Request what you're looking for -Reply the answer to the request
arp -s internet_addr physical_addr -EX, arp -s 192.168.1.1 00-aa-00-62-c6-09
-add static entry to the ARP cache - does not timeout from the cache -disappears when the system is rebooted
Address Conflict Detection (ACD)
-attempts to find and correct -IPv4
ARP spoofing/poisoning
-bogus ARP Reply frame can be used to "poison" an ARP cache with fake IP-to-MAC mappings - allows for redirecting traffic to the attacker's host and enable man-in-the-middle (MITM)attacks
Hard size
-byte length of physical address used -MAC address size 6 bytes -Hardware Address Length -06 -1 byte
Addressing Resolution Protocol
-can be used between any IP layer address and any multi-access link layer address -vast majority will be used between Ethernet and IPv4
RFC 5227
-defines two ARP frames -ARP probe -ARP Announcement
Gratuitous ARP
-done when network powered up -host sends ARP request, looking for its own address -detects address conflict, but has no means of resolving it
ARP Cache Example
-entries can be either dynamic or static -dynamic entries stay in the ARP Cache for 20 munites
ARP Announcement
-formatted as ARP Request -sender's IP address is filled in with the IP address the host wants to use -target IP address is also filled in with the IP address the host wants to use -announces host's intent to use this address
ARP probe
-formatted as ARP Request -sender's IP address sent to 0.0.0.0 -avoids cache pollution if another HW address is already matched to the sender's IP address
Prot type
-identifies protocol used at the internet layer -value 08 00 IPv4 -2 bytes
Hard type
-identifies type of underlying network -00 01 Ethernet -2 bytes
ARP Flooding
-large volumes of frames injected into networks -Ethernet and wireless LANs affected since MAC addresses are used
Prot size
-length of logical protocol used -IPv4 addresses have a length of 4 bytes - Protocol Address Length -04 -1 byte
Proxy ARP
-lets a system answer ARP request for a different system -generally configured on a router
goals of Gratuitous ARP
-lets host know if another host is configured with the same address -if host sending out ____________ has just changed its hardware, it lets all other hosts on the subnet update their ARP cache with new hardware address
Avoid Proxy ARP
-probably an issue with the network -should be solved in a different way
arp -d internet_addr -Ex. arp -d 192.168.1.1
-requires administrator privilege -deletes an entry from ARP cache enteries
Ethernet frame
Every ________ is sent to a MAC address on the same physical subnet
physical
Physical network that actually carries the data uses a _______ address for sending packets
Op
Specifies whether reply or request 1= request 2= reply -2 bytes
ARP cache
a table of Internet addresses and corresponding MAC addresses
arp -d
clear ARP cache
arp -a
displays the current ARP cache entries
address resolution protocol
does not offer a way to check the validity and authenticity of an ARP Reply frame received
Secondary purpose of ARP request
every host on the subnet receives the request -receiving host notes the sender's HW address and IP address -updates his ARP cache if the values were already present
basic ARP function
finding out the physical address to use in sending a packet for IP -only used for IPv4
Primary purpose of ARP request
for the sender to receive a reply and update its ARP cache
Internet Protocol
relies on underlying Link Layer Protocol (Ethernet or Wi-Fi) to transmit its packets
