TCP/IP Chapter 4 ARP

Ace your homework & exams now with Quizwiz!

IP networks

use logical addressing (IP address) for communicating among hosts

arp -a

will list the current entries in the ARP cache(table)

Timeout required for dynamic entries

-NIC may change -IP address changes -IP lease expires

Ethernet frame with ARP payload

-64 bytes

ARP frame

-9 required fields; 28 bytes -Hard type -Prot type -Hard size -Prot Size -Op -Sender's Hardware Address -Sender's Protocol Address -Target Hardware Address -Target Protocol Address

Sender HW address (6)/Sender's Protocol Address (4)

-ARP Request is who sent request or -ARP Reply the address that was being searched for

Target HW address (6)/Target Protocol address (4)

-Request what you're looking for -Reply the answer to the request

arp -s internet_addr physical_addr -EX, arp -s 192.168.1.1 00-aa-00-62-c6-09

-add static entry to the ARP cache - does not timeout from the cache -disappears when the system is rebooted

Address Conflict Detection (ACD)

-attempts to find and correct -IPv4

ARP spoofing/poisoning

-bogus ARP Reply frame can be used to "poison" an ARP cache with fake IP-to-MAC mappings - allows for redirecting traffic to the attacker's host and enable man-in-the-middle (MITM)attacks

Hard size

-byte length of physical address used -MAC address size 6 bytes -Hardware Address Length -06 -1 byte

Addressing Resolution Protocol

-can be used between any IP layer address and any multi-access link layer address -vast majority will be used between Ethernet and IPv4

RFC 5227

-defines two ARP frames -ARP probe -ARP Announcement

Gratuitous ARP

-done when network powered up -host sends ARP request, looking for its own address -detects address conflict, but has no means of resolving it

ARP Cache Example

-entries can be either dynamic or static -dynamic entries stay in the ARP Cache for 20 munites

ARP Announcement

-formatted as ARP Request -sender's IP address is filled in with the IP address the host wants to use -target IP address is also filled in with the IP address the host wants to use -announces host's intent to use this address

ARP probe

-formatted as ARP Request -sender's IP address sent to 0.0.0.0 -avoids cache pollution if another HW address is already matched to the sender's IP address

Prot type

-identifies protocol used at the internet layer -value 08 00 IPv4 -2 bytes

Hard type

-identifies type of underlying network -00 01 Ethernet -2 bytes

ARP Flooding

-large volumes of frames injected into networks -Ethernet and wireless LANs affected since MAC addresses are used

Prot size

-length of logical protocol used -IPv4 addresses have a length of 4 bytes - Protocol Address Length -04 -1 byte

Proxy ARP

-lets a system answer ARP request for a different system -generally configured on a router

goals of Gratuitous ARP

-lets host know if another host is configured with the same address -if host sending out ____________ has just changed its hardware, it lets all other hosts on the subnet update their ARP cache with new hardware address

Avoid Proxy ARP

-probably an issue with the network -should be solved in a different way

arp -d internet_addr -Ex. arp -d 192.168.1.1

-requires administrator privilege -deletes an entry from ARP cache enteries

Ethernet frame

Every ________ is sent to a MAC address on the same physical subnet

physical

Physical network that actually carries the data uses a _______ address for sending packets

Op

Specifies whether reply or request 1= request 2= reply -2 bytes

ARP cache

a table of Internet addresses and corresponding MAC addresses

arp -d

clear ARP cache

arp -a

displays the current ARP cache entries

address resolution protocol

does not offer a way to check the validity and authenticity of an ARP Reply frame received

Secondary purpose of ARP request

every host on the subnet receives the request -receiving host notes the sender's HW address and IP address -updates his ARP cache if the values were already present

basic ARP function

finding out the physical address to use in sending a packet for IP -only used for IPv4

Primary purpose of ARP request

for the sender to receive a reply and update its ARP cache

Internet Protocol

relies on underlying Link Layer Protocol (Ethernet or Wi-Fi) to transmit its packets


Related study sets

Industrial Electronics Chapter 6 [AC Motors]

View Set

Basic Pharmacology: Part II - Pharmacotherapeutic Issues, Drug Regulations, and Prescription Writing

View Set

Geometry - Areas of Circles and Sectors Quiz

View Set