chapter 9 Address resolution
ARP table
A database of records that maps MAC addresses to IP addresses. The ARP table is stored on a computer's hard disk where it is used by the ARP utility to supply the MAC addresses of network nodes, given their IP addresses.
Router Solicitation (RS)
A message defined by the IPv6 NDP, used to ask any routers on the link to reply, identifying the router, plus other configuration settings (prefixes and prefix lengths). his message is sent to all ipv6 routers, so it uses the FF02::2 local scope multicast address. typically used for dynamic address alocation and stateless address autoconfiguration (SLAAC)
Router Advertisement (RA)
A message defined by the IPv6 Neighbor Discovery Protocol (NDP), used by routers to announce their willingness to act as an IPv6 router on a link. These can be sent in response to a previously received NDP Router Solicitation (RS) message. typically used for dynamic address alocation and stateless address autoconfiguration (SLAAC)
Neighbor Solicitation (NS)
A message defined by the IPv6 Neighbor Discovery Protocol (NDP), used to ask a neighbor to reply with a Neighbor Advertisement, which lists the neighbor's MAC address.
Neighbor Advertisement (NA)
A message defined by the IPv6 Neighbor Discovery Protocol (NDP), used to declare to other neighbors a host's MAC address. Sometimes sent in response to a previously received NDP Neighbor Solicitation (NS) message.
Neighbor Discovery
A process whereby routers learn about all of the devices on their networks. On IPv4 networks, this process is managed by ARP with help from ICMP. On IPv6 networks, NDP (Neighbor Discovery Protocol) automatically detects neighboring devices and automatically adjusts when nodes fail or are removed from the network.
Removing ARP entries
ARP cache timer remvoes arp entries after a specified period of time. it varies depending on operationg system. Windows store arp for 15 to 45 secs Commands can be used to remove arp entries.
ARP Basic funtions
ARP has 2 basic functions. Resolving the ipv4 addresses to MAC addresses. Maintaining a table of ipv4 MAC address mappings.
ARP broadcast
ARP request is received and processed by every device on the local network. On a typical business network, these broadcasts would probably have minimal impact on network performance. However, if a large number of devices were to be powered up and all start accessing network services at the same time, there could be some reduction in performance for a short period of time
ICMPv6 Neighbor Solicitation
ICMPv6 Neighbor Solicitation messages are sent using special Ethernet and IPv6 multicast addresses. This allows the Ethernet NIC of the receiving device to determine whether the Neighbor Solicitation message is for itself without having to send it to the operating system for processing.
ARP spoofing
More commonly known as ARP poisoning, this involves the MAC (Media Access Control) address of the data being faked. By doing this, it allows Threat actors to get the data that was meant for the real MAC address.
Destination on same network
Two primary assigned devices on a ethernet LAN. Physical Address( mac address) - used for nic to nic communication on same ethernet network Logical address(the ip address) - used to send packet from the source device to the destination device. can be on same network or on a remote network.
arp -a
command used on windows 10 pc to view routing table
ARP Function
When a packet is sent to the data link layer to be encapsulated into an ethernet frame, the device refers to a table stored in its memory to find the mac address that is mapped to the IPV4 address. If the packets destination ipv4 address is on the same network as the source ipv4 address, the device will search the arp table for the destination ipv4 address. if the destination ipv4 address is on a different router, it searches the mac address table for the default gateway mac address.
Address Resolution Protocol (ARP)
determines the destination mac address of a local device when it knows its ipv4 address.
ARP Reply
only the device with the target ipv4 address assocaited with the arp request will respond with an arp reply. encapped in ethernet frame with the following header. Destination MAC address - This is the MAC address of the sender of the ARP request. Source MAC address - This is the MAC address of the sender of the ARP reply. Type - ARP messages have a type field of 0x806. This informs the receiving NIC that the data portion of the frame needs to be passed to the ARP process. Only the device that sent the request will get an arp unicast reply. Entries are timestamped and will be deleted after a certain amount of time.
ARP request
sent when a device needs to determine the mac address that is associated with an ipv4 address, and it does not have an entry for the ipv4 address in its arp table. encapsulated in an ethernet frame useing the following header info. Destination MAC address - is a broadcast address FF-FF-FF-FF-FF-FF requiring all ethernet nics on the lan to accept and process the arp request. Source MAC Address - mac address of the sender of the arp request. Type - arp messages have a type field of 0x806. This informs the recieving nic that the data portion of the frame needs to be passed to the arp process. It is a broadcast message so it is flooded out all ports. All devices must process the arp request to see if they have the matching ip address.
IPv6 Address Resolution
this is like the IPv4 ARP request
show ip arp
used to display the ARP table on cisco routers.
Destination on remote network
when the destination is on a remote network, the destination mac address will be the address of the host default gateway.