ARP: Address Resolution Protocol

　　The basic concept behind ARP, a network interface has a hardware address (a 48-bit value that identifies a different Ethernet or Token Ring interface). Knowing the host's IP address doesn't mean it should let the kernel send a frame of data to the host. The hardware address of the destination must be known to send data.

　　The function of ARP is to provide dynamic mapping between 32bit IP addresses and hardware addresses using different network technologies. (That is, finding the ethernet address by the IP address.)

　　The following figure shows the ARP request and response packets captured during tftp communication.

　　Although the fields "Ethernet source address" and "sender source address" in the reply message are the same, it should be understood that the source address of a network may change during the transmission of the reply message. Therefore, the source address of the sender is the final address required for the entire ARP communication .

 1 3、ARP：Who has 192.168.1.2? Tell 192.168.1.5
 2 3    31.841367    RealtekS_34:16:f4    Broadcast    ARP    42    Who has 192.168.1.2? Tell 192.168.1.5
 3 
 4     0000   ff ff ff ff ff ff 00 e0 4c 34 16 f4 08 06 00 01
 5     0010   08 00 06 04 00 01 00 e0 4c 34  16 f4 c0 a8 01  05 
6      0020    00  00  00  00  00  00 c0 a8 01  02 
7  
8      ff ff ff ff ff ff #Ethernet broadcast address                              
 9      00 e0 4c 34  16 f4 #Ethernet source address                                
 10      08  06                  #Frame type : ARP request or reply                       
 11      00  01                  #hardware type: ethernet address                        
 12      08  00              　　 #protocol type: IP address                            
 13     06                     #Hardware address length - MAC address                        
 14      04                     #Protocol address length - IP address                         
 15      00  01              　　 # 1 : ARP request 2 : ARP reply 3 : RARP request 4 : RARP reply   
 16      00 e0 4c 34  16 f4 # Ethernet address of the sender                            
 17      c0 a8 01  05 #Sender            : IP 192.168 . 1.5                         
18      00  00  00  00  00  00     #Destination ethernet address                              
 19      c0 a8 01  02 #Destination           IP address: 192.168 . 1.2                      
20  
21  4 , ARP: 192.168 . 1.2 is at 08 : 00 : 27 : 00 : 01 : 92     
22  4     31.842162     CadmusCo_00: 01 : 92     RealtekS 16 : f4     ARP 60     192.168.1.2 is at 08:00:27 _ _ _:00:01:92
23 
24     0000   00 e0 4c 34 16 f4 08 00 27 00 01 92 08 06 00 01
25     0010   08 00 06 04 00 02 08 00 27 00 01 92 c0 a8 01 02
26     0020   00 e0 4c 34 16 f4 c0 a8 01 05 00 00 00 00 00 00 
27      0030    00  00  00  00  00  00  00  00  00  00  00  00 
28  
29      00 e0 4c 34  16 f4 #Ethernet broadcast address                            
 30      08  00  27  00  01  92     #Ethernet source address                              
 31      08  06                 #Frame type: ARP request or Reply                     
 32      00  01                 #hardware type: ethernet address                      
 33      08  00             　  #Protocol type: IP address                          
 34      06                    #Hardware address length - MAC address                      
 35      04                    #Protocol address length - IP address                       
 36      00  02              　 # 1 : ARP request 2 : ARP reply 3 : RARP request 4 : RARP reply 
 37      08  00  27  00  01  92 #Sender     Ethernet address                          
 38      c0 a8 01  02 #Sender           : IP 192.168 . 1.5                     
39      00 e0 4c34  16 f4 #Destination Ethernet address                            
 40      c0 a8 01  05 #Destination           IP address: 192.168 . 1.2                    
41      
42      00  00  00  00  00 00  #What     field is this?
43      00  00  00  00  00  00  
44      00  00  00  00  00  00

Proxy ARP

1. Proxy ARP

　　In the above figure, gemini sends an ARP request to 140.252.1.29 (sun), and gemini compares the network number (140.252) with the subnet number (1), thus sending an ARP request in Ethernet. The router netb recognizes that the IP belongs to one of its dial-up hosts, and responds with its own Ethernet interface address 140.252.1 as the hardware address. This process is transparent to hosts on the 140.252.1 subnet, the host sun is actually configured behind router netb.

　　Execute the arp command on gemini and find that the hardware addresses mapped by netb and IP addresses on the same subnet 140.252.1 are the same.

　　In general, the router netb completes the ARP proxy function .

2. SLIP dial-up IP

　　NetBlazer determines the dial-up host sending the packet from the serial line interface to which the packet arrives. All dial-up hosts use the same IP address 140.252.1.183 as the destination address of the SLIP link.

3. Free ARP

　　Sending an ARP request for its own IP address usually occurs during the boot process.

　　effect:

　　1), determine whether there is another host with the same IP;

　　2) If the hardware address of the sender changes, the data in the caches of other hosts of this packet can be updated.

3 basic ways of ARP spoofing:

　　1. Host C pretends to be a gateway to deceive host B;

　　2. Host c pretends to be host B to deceive the gateway;

　　3. Host C deceives host B and the gateway at the same time, realizes data transfer, and monitors all data of host B.

ARP: Address Resolution Protocol

Guess you like