The basic concept behind ARP, a network interface has a hardware address (a 48-bit value that identifies a different Ethernet or Token Ring interface). Knowing the host's IP address doesn't mean it should let the kernel send a frame of data to the host. The hardware address of the destination must be known to send data.
The function of ARP is to provide dynamic mapping between 32bit IP addresses and hardware addresses using different network technologies. (That is, finding the ethernet address by the IP address.)
The following figure shows the ARP request and response packets captured during tftp communication.
Although the fields "Ethernet source address" and "sender source address" in the reply message are the same, it should be understood that the source address of a network may change during the transmission of the reply message. Therefore, the source address of the sender is the final address required for the entire ARP communication .
1 3、ARP:Who has 192.168.1.2? Tell 192.168.1.5 2 3 31.841367 RealtekS_34:16:f4 Broadcast ARP 42 Who has 192.168.1.2? Tell 192.168.1.5 3 4 0000 ff ff ff ff ff ff 00 e0 4c 34 16 f4 08 06 00 01 5 0010 08 00 06 04 00 01 00 e0 4c 34 16 f4 c0 a8 01 05 6 0020 00 00 00 00 00 00 c0 a8 01 02 7 8 ff ff ff ff ff ff #Ethernet broadcast address 9 00 e0 4c 34 16 f4 #Ethernet source address 10 08 06 #Frame type : ARP request or reply 11 00 01 #hardware type: ethernet address 12 08 00 #protocol type: IP address 13 06 #Hardware address length - MAC address 14 04 #Protocol address length - IP address 15 00 01 # 1 : ARP request 2 : ARP reply 3 : RARP request 4 : RARP reply 16 00 e0 4c 34 16 f4 # Ethernet address of the sender 17 c0 a8 01 05 #Sender : IP 192.168 . 1.5 18 00 00 00 00 00 00 #Destination ethernet address 19 c0 a8 01 02 #Destination IP address: 192.168 . 1.2 20 21 4 , ARP: 192.168 . 1.2 is at 08 : 00 : 27 : 00 : 01 : 92 22 4 31.842162 CadmusCo_00: 01 : 92 RealtekS 16 : f4 ARP 60 192.168.1.2 is at 08:00:27 _ _ _:00:01:92 23 24 0000 00 e0 4c 34 16 f4 08 00 27 00 01 92 08 06 00 01 25 0010 08 00 06 04 00 02 08 00 27 00 01 92 c0 a8 01 02 26 0020 00 e0 4c 34 16 f4 c0 a8 01 05 00 00 00 00 00 00 27 0030 00 00 00 00 00 00 00 00 00 00 00 00 28 29 00 e0 4c 34 16 f4 #Ethernet broadcast address 30 08 00 27 00 01 92 #Ethernet source address 31 08 06 #Frame type: ARP request or Reply 32 00 01 #hardware type: ethernet address 33 08 00 #Protocol type: IP address 34 06 #Hardware address length - MAC address 35 04 #Protocol address length - IP address 36 00 02 # 1 : ARP request 2 : ARP reply 3 : RARP request 4 : RARP reply 37 08 00 27 00 01 92 #Sender Ethernet address 38 c0 a8 01 02 #Sender : IP 192.168 . 1.5 39 00 e0 4c34 16 f4 #Destination Ethernet address 40 c0 a8 01 05 #Destination IP address: 192.168 . 1.2 41 42 00 00 00 00 00 00 #What field is this? 43 00 00 00 00 00 00 44 00 00 00 00 00 00
Proxy ARP
1. Proxy ARP
In the above figure, gemini sends an ARP request to 140.252.1.29 (sun), and gemini compares the network number (140.252) with the subnet number (1), thus sending an ARP request in Ethernet. The router netb recognizes that the IP belongs to one of its dial-up hosts, and responds with its own Ethernet interface address 140.252.1 as the hardware address. This process is transparent to hosts on the 140.252.1 subnet, the host sun is actually configured behind router netb.
Execute the arp command on gemini and find that the hardware addresses mapped by netb and IP addresses on the same subnet 140.252.1 are the same.
In general, the router netb completes the ARP proxy function .
2. SLIP dial-up IP
NetBlazer determines the dial-up host sending the packet from the serial line interface to which the packet arrives. All dial-up hosts use the same IP address 140.252.1.183 as the destination address of the SLIP link.
3. Free ARP
Sending an ARP request for its own IP address usually occurs during the boot process.
effect:
1), determine whether there is another host with the same IP;
2) If the hardware address of the sender changes, the data in the caches of other hosts of this packet can be updated.
3 basic ways of ARP spoofing:
1. Host C pretends to be a gateway to deceive host B;
2. Host c pretends to be host B to deceive the gateway;
3. Host C deceives host B and the gateway at the same time, realizes data transfer, and monitors all data of host B.