CSS50 Module 9 Address Resolution
SLAAC
(StateLess Address Auto Configuration) The preferred method of assigning IP addresses in an IPv6 network. SLAAC devices send the router a request for the network prefix, and the device uses the prefix and its own MAC address to create an IP address.
ARP table (ARP cache)
A database of records that maps MAC addresses to IP addresses. The ARP table is stored on a computer's hard disk where it is used by the ARP utility to supply the MAC addresses of network nodes, given their IP addresses.
Redirect Message
A message defined by the IPv6 Neighbor Discovery Protocol (NDP), Used for better next-hop selection
Router Advertisement (RA)
A message defined by the IPv6 Neighbor Discovery Protocol (NDP), used by routers to announce their willingness to act as an IPv6 router on a link. These can be sent in response to a previously received NDP Router Solicitation (RS) message.
Neighbor Solicitation (NS)
A message defined by the IPv6 Neighbor Discovery Protocol (NDP), used to ask a neighbor to reply with a Neighbor Advertisement, which lists the neighbor's MAC address.
Router Solicitation (RS)
A message defined by the IPv6 Neighbor Discovery Protocol (NDP), used to ask any routers on the link to reply, identifying the router, plus other configuration settings (prefixes and prefix lengths).
What two protocols are used to determine the MAC address of a known destination device IP address (IPv4 and IPv6)? DHCP ARP DNS ND
ARP ND
Neighbor Advertisement (NA)
A message defined by the IPv6 Neighbor Discovery Protocol (NDP), used to declare to other neighbors a host's MAC address. Sometimes sent in response to a previously received NDP Neighbor Solicitation (NS) message.
ARP Reply
A network protocol where the MAC address is returned ARP reply is encapsulated in an Ethernet frame using the following header information: • Destination MAC address - This is the MAC address of the sender of the ARP request. • Source MAC address - This is the MAC address of the sender of the ARP reply. • Type - ARP messages have a type field of 0x806. This informs the receiving NIC that the data portion of the frame needs to be passed to the ARP process.
ARP request
A process used to obtain the correct mapping when a source computer process used to obtain the correct mapping when a source computer cannot locate a destination MAC address for a known IP address in its ARP table. The ARP request is encapsulated in an Ethernet frame using the following header information: • Destination MAC address - This is a broadcast address FF-FF-FF-FF-FF-FF requiring all Ethernet NICs on the LAN to accept and process the ARP request. • Source MAC address - This is MAC address of the sender of the ARP request. • Type - ARP messages have a type field of 0x806. This informs the receiving NIC that the data portion of the frame needs to be passed to the ARP process.cannot locate a destination MAC address for a known IP address in its ARP table.
Which statement is true about ARP? An ARP cache cannot be manually deleted ARP entries are cached permanently ARP entries are cached temporarily
ARP entries are cached temporarily
What is an attack using ARP? ARP broadcasts ARP hopping attacks ARP poisoning ARP starvation
ARP poisoning
ARP
Address Resolution Protocol. Resolves IP addresses to MAC addresses. ARP poisoning attacks can redirect traffic through an attacker's system by sending false MAC address updates. VLAN segregation helps prevent the scope of ARP poisoning attacks within a network. ARP provides two basic functions: · Resolving IPv4 addresses to MAC addresses · Maintaining a table of IPv4 to MAC address mappings
broadcast frame
An Ethernet frame sent to destination address FFFF.FFFF.FFFF, meaning that the frame should be delivered to all hosts on that LAN.
What addresses are mapped by ARP? Destination IPv4 address to the source MAC address. Destination MAC address to the source IPv4 address. IPv4 address to a destination MAC address. The IPv4 address of the default gateway
Destination IPv4 address to the source MAC address.
The Layer 2 Ethernet frame contains:
Destination MAC address - This is the MAC address of the file server's Ethernet NIC. Source MAC address - This is the MAC address of PC-A's Ethernet NIC.
Which destination address is used in an ARP request frame? 127.0.0.1 01-00-5E-00-AA-23 0.0.0.0 FFFF.FFFF.FFFF 255.255.255.255.255
FFFF.FFFF.FFFF (Broadcast)
ICMPv6 ND
ICMPv6 Neighbor Discovery. Includes four protocol messages that are used for address resolution and duplicate address detection.
What type of information is contained in an ARP table? Switch ports associated with destination MAC addresses Domain name to IPv4 address mappings IPv4 address to MAC address mappings Route to reach destination networks
IPv4 address to MAC address mappings
default gateway
In a TCP/IP network, the nearest router to a particular host. This router's IP address is part of the necessary TCP/IP configuration for communicating with multiple networks using IP.
ICMP
Internet Control Message Protocol. Used by a router to exchange information with other routers
What will a Layer 2 switch do when the destination MAC address of a received frame is not in the MAC table? It initiates an ARP request It notifies the sending host that the frame cannot be delivered. It broadcasts the frame out of all ports on the switch. It forwards the frame out of all ports excepts for the port at which the frame was received.
It forwards the frame out of all ports excepts for the port at which the frame was received.
Which action is taken by a Layer 2 switch when it receives a Layer 2 broadcast frame? It send the frame to all ports that are registered to forward broadcasts. It drop the frame. It send the frame to all ports except the port on which it received the frame. It sent the frame to all ports.
It send the frame to all ports except the port on which it received the frame.
The ARP table in a switch maps which two types of address together? Layer 3 address to a Layer 4 address Layer 4 address to a Layer 2 address Layer 3 address to a Layer 4 address Layer 3 address to a Layer 2 address
Layer 3 address to a Layer 2 address
Layer 2 logical address
Logical address (the IP address) - Used to send the packet from the source device to the destination device. The destination IP address may be on the same IP network as the source or it may be on a remote network.
What two functions are provided by ARP? (Choose two.) Maintains a table of IPv4 address to domain names Maintains a table of IPv4 to MAC address mappings Maintains a table of IPv6 to MAC address mappings Resolves IPv4 addresses to domain names Resolves IPv4 addresses to MAC addresses Resolves IPv6 addresses to MAC addresses
Maintains a table of IPv4 to MAC address mappings Resolves IPv4 addresses to MAC addresses
ARP spoofing
More commonly known as ARP poisoning, this involves the MAC (Media Access Control) address of the data being faked.
To what type of address are ICMPv6 neighbor solicitation messages sent? Unicast Multicast Broadcast
Multicast
Which two ICMPv6 messages are used in to determine the MAC address of a known IPv6 address? Neighbor advertisement Neighbor solicitation Router advertisement Router solicitation
Neighbor advertisement Neighbor solicitation
Which two ICMPv6 messages are used during the Ethernet MAC address resolution process? (Choose two.) Router advertisement Neighbor solicitation Echo request Neighbor advertisement Router solicitation
Neighbor solicitation Neighbor advertisement
Layer 2 physical address
Physical address (the MAC address) - Used for NIC to NIC communications on the same Ethernet network
IPv6 (Internet Protocol version 6)
Protocol in which addresses consist of eight sets of four hexadecimal numbers, each number being a value between 0000 and FFFF, using a colon to separate the numbers. Here's an example: FEDC:BA98:7654:3210:0800:200C:00CF:1234.
Where is the ARP table stored on a device? ROM Flash NVRAM RAM
RAM
Which router component holds the routing table, ARP cache, and running configuration file? ROM Flash NVRAM RAM
RAM
What is one function of the ARP protocol? Obtaining an IPv4 address automatically Maintaining a table of domain names with their resolved IP addresses Mapping a domain name to its IP address Resolving an IPv4 address to a MAC address
Resolving an IPv4 address to a MAC address
Which two ICMPv6 messages are used in SLAAC? Neighbor advertisement Neighbor solicitation Router advertisement Router solicitation
Router advertisement Router solicitation
The Layer 3 IP packet contains
Source IP address - This is the IP address of the original source, PC-A. Destination IP address - This is the IP address of the final destination, the file server.
IPv4
The Internet Protocol version 4 is the dominant protocol for routing traffic on the Internet, specifying "to" and "from" addresses using a dotted decimal such as "122.45.255.0".
What destination MAC address would be included in a frame sent from a source device to a destination device on the same local network? A broadcast MAC address of FF-FF-FF-FF-FF-FF The MAC address of the destination device The MAC address of the local router interface
The MAC address of the destination device
What destination MAC address would be included in a frame sent from a source device to a destination device on a remote local network? A broadcast MAC address of FF-FF-FF-FF-FF-FF The MAC address of the destination device The MAC address of the local router interface
The MAC address of the local router interface
When an IPv4 packet is sent to a host on a remote network, what information is provided by ARP? The MAC address of the switch port that connects to the sending host The IPv4 address of the destination host The MAC address of the router interface closest to the sending host The IPv4 address of the default gateway
The MAC address of the router interface closest to the sending host
Source MAC Address
The hardware address of the device that sent the ethernet frame or data packet. In the data packet it follows the destination MAC address
Destination MAC address
The hardware address of the intended recipient that immediately follows the start frame delimiter
A PC is configured to obtain an IPv4 address automatically from network 192.168.1.0/24. The network administrator issues the arp -a command and notices an entry of 192.168.1.255 ff-ff-ff-ff-ff-ff. Which statement describes this entry? This is a dynamic map entry. This entry maps to the default gateway This entry refers to the PC itself This is a static map entry
This is a static map entry
How does the ARP process use an IPv4 address? To determine the MAC address of the remote destination host To determine the amount of time a packet takes when traveling from source to destination. To determine the MAC address of a device on the same network. To determine the network number based on the number based on the number of bits in the IPv4 address
To determine the MAC address of a device on the same network.
What is the purpose of ARP in an IPv4 network? To build the MAC address table in a switch from the information that is gathered. To forward data onward based on the destination MAC address. To obtain a specific MAC address when an IP address is known. To forward data onward base on the destination IP address.
To obtain a specific MAC address when an IP address is known.
A cybersecurity analyst believes an attacker is spoofing the MAC address of the default gateway to perform a man-in-the-middle attack. Which command should the analyst use to view the MAC address a host is using to reach the default gateway? route print arp -a ipconfig /all netstat -r
arp -a
Which command could be used on Windows CDM to view its ARP table? arp -a arp -d show arp table show ip arp
arp -a
ARP cache timer
removes ARP entries that have not been used for a specified period of time.
Which command could be used on a Cisco router to view its ARP table? arp -a arp -d show arp table show ip arp
show ip arp
