The OSI model divides the network into seven layers, and the IP address of the third layer (network layer), Mac address of the second layer (data link layer). When sending IP packets over Ethernet encapsulation header third to first and second layers, since only know the destination IP address when you send, do not know the Mac address, they can not be directly across the second and third floors, it is necessary to address the resolution protocol.
ARP function is to resolve IP addresses become known Mac address.
A host when sending data to the host B, the host A in its own local ARP cache table matches host B checks the Mac address, if not found in the Mac address of the host B, host A will broadcast an ARP request frame (this broadcast frame comprising the IP address of the host a and the Mac address of the IP host B) to all hosts on the local network, all hosts receive all broadcast frame checks whether its own IP address is the IP address request , and if not it will discard the request frame. Host C and D will be discarded. Host B will be added Mac and IP addresses A to its cache, and then a unicast ARP reply to A response (the response will contain its own Mac and IP addresses), Mac addresses will host A host B and its own IP address to the cache table, then a can send a message to the host B.
Check the local ARP cache table: cmd input arp -a
Each row represents arp entry, the default arp cache periodic table is 120s, will repeat the process expires.
Arp packet analysis:
Open arp in a Table in wireshark
In the frame of a data frame having a size of 42 bytes
Opening the second layer: F represents the full spread by broadcasting in the network, rather than the whole F represents only one object in the host network, it is not used to transmit a broadcast network.
Open Third layer:
Representative top to bottom: hardware type, protocol type, hardware length, the length of the agreement, the operation code (1 represented arp request packet), the sender the MAC, a sender IP address and the Mac address of the recipient, the recipient IP address.
In this figure obviously find the recipient's Mac address is 0 (after resolved before the host only their Mac, IP and IP to end, get to get on the end of the Mac address).
Opcode is 2: ARP response packet represents
Free ARP: Mac address of the network equipment generally does not change, and IP address is likely to change, once the IP address changes, Mac address and IP address mapping is not valid, and the failure to prevent the map errors generated, free arp will be sent to the network, forcing all devices receive information using the new Mac and IP addresses. Generally there will be free ARP process interface configuration or IP address changes during system boot.
As can be seen in FIG consistent with the IP address of the sender and receiver, the other hosts in the network after receiving the data packet, the host will use the new IP address mapping relation Mac update ARP cache table, the ARP in FIG. packet is the original host unsolicited unsolicited, and led to the target host ARP cache is updated, so called free arp.
