5.2.6 Address Resolution Protocol ARP

Enterprise 2023-06-24 23:14:18 views: null

5.2.6 Address Resolution Protocol ARP

We know that in order to achieve communication between hosts around the world, there must be two unifications, one is the address, and the other is the data format. We use IP addresses to achieve a unified address, and use IP packets to achieve a unified data format. In the previous LAN study, we know that in the actual physical network, the physical address is really used for communication, so it is necessary to map the globally unified IP address to the physical address it uses in a certain physical network. We I have learned the TCP/IP protocol stack before, and there is an ARP protocol that matches IP in its Internet layer. physical address. **This is the main content we are going to learn here, namely the ARP Address Resolution Protocol.

The role of ARP

Address Resolution ARP provides a dynamic mapping between network layer (IP) addresses and data link layer (MAC) addresses. That is, the ARP protocol converts the IP address of a host into the MAC address it uses in a house network. There are many different types of computer networks in the world, and the methods for address conversion are also different. Here we use the most The widely used Ethernet is used as an example to introduce how to realize this kind of address translation in Ethernet.

ARP request packet

The picture shows a bus-type Ethernet, assuming that host A wants to communicate with host B, according to the Ethernet frame structure, the first field is the destination MAC address, which occupies 6 bytes and 48 bits, that is, A sends The first field in the header of the data frame for B is the MAC address of B, so host A must know the MAC address of host B, and at this time, host A will send an ARP request packet , which contains host A The IP address of host A, the physical address of host A, and the IP address of host B, how is the packet sent out? The first thing that comes to mind in Ethernet is the method of broadcasting, so when host A sends an ARP request, all hosts can receive it.

The key here is who will answer this request. It is stipulated in the ARP protocol that whoever is asked will answer, because the MAC address of B was asked in the request packet just now, and because host B also knows the MAC address of A, so as shown in the figure

Corresponding grouping

The B host will return an ARP corresponding packet to the A host in the form of unicast . The corresponding group contains the IP address of host B and the physical address of host B. It should be noted here that although the three hosts X, Y, and Z did not respond to host A, they will do one thing invariably. , What exactly do you do? This will be mentioned later, in short, in this way, host A finally obtained the physical address of host B. On the surface, the problem has been solved, but we also found that there is a problem. If all hosts use broadcast If you want to get the MAC address of other hosts in this way, for the network, the traffic caused by this kind of broadcast will make the network overload. In order to reduce the burden on the network, the improved method is to use a **ARP Cache (high-speed cache) ** There will be an ARP cache in each host, and the cache stores the recently obtained mapping between the IP addresses and physical addresses of certain hosts in the network. In practical applications, we can Enter commands using the DOC command line

arp -a

View the contents of the local ARP cache. as shown in the picture

cache

The IP address is the MAC address corresponding to 224.0.0.2 in the cache. Therefore, when the source host communicates with the destination host, the source host will first check whether there is the MAC address of the destination host in the local ARP cache. If there is, there is no need to broadcast, which reduces the burden on the network.

Let's go back to the question just now. In the example just now, although the three hosts X, Y, and Z say that they will not respond after receiving the request group, they will do one thing invariably, including host B. The IP address and physical address of host A are written into its own ARP Cache (cache). Similarly, when host A receives the corresponding packet unicast from host B, it will also update its own ARP cache, but we also need to consider A situation that may occur, for example, the network card of host B in the example just now is broken, and a new network card is replaced, or the IP address of host B has changed its owner after it is shut down, and it is given to a new host in the network. At this time, the physical address corresponding to the IP address has changed, that is to say, in view of the problem that the information in the ARP cache may become invalid, a timeout method is adopted in the ARP protocol software of Ethernet, which stipulates that When a piece of information is written into its ARP Cache, the effective time is 20 minutes, and the piece of information will be automatically deleted after 20 minutes.

The example we just gave is that host A and host B are in the same physical network. If the two hosts are not in the same physical network, what information is obtained through the ARP protocol? That is, whose physical address is obtained? At this time, we have to think about a question. When we use our own computer to visit a certain website, is the physical address of the WWW server corresponding to the website obtained through the ARP protocol software of this machine? To answer this question, we first need to understand how the connection is made from the source host to the WWW server of the website. as shown in the picture

web access

The data starts from the source host and passes through several routers (here we assume two), that is, the forwarding of router R1 and router R2 finally reaches the www server. From the perspective of the protocol stack, the entire data flow direction, for the source host, The data is encapsulated layer by layer from the highest layer to the lowest layer. Finally, a bit stream is sent from the source host to the input interface of the first router. The frame is stripped from the received bit stream, and the frame is again Strip the encapsulated IP packet, find the next hop for the packet through routing selection, and then encapsulate the IP packet into a new MAC frame, and send it to the router R2 through the output interface of the router R1, and pass it in the router R2 In a similar process, it is finally delivered to the destination host through the router R2, that is, the www server of the destination website we want to visit. After reaching the destination host, there is a layer-by-layer peeling process from the lowest layer to the upper layer, and finally the web request is completed .

From the perspective of the network layer, the source IP address and destination IP address in the header of the IP packet are always unchanged, while from the perspective of the data link layer, the basic unit of transmission is the frame, and the source MAC in the header of the frame Each segment of the address and the destination MAC address is changed, so whose MAC address did we obtain through the ARP protocol software just now? We can find that what he actually got is the MAC address of the left interface of router R1, which is HA3.

We can also do this experiment through the datagram capture software, of course, we need to pass the

arp -d

Command to clear our ARP Cache. Through experiments, we know that since the cache of the source host is empty, an ARP request packet is broadcast first, because the destination MAC address is all 1. When the destination host and the source host are not in the same physical network During the process, the MAC address of the default router connected to the host is obtained through the ARP protocol software.

Here we also need to know when the ARP protocol software works? It is like a live Lei Feng, it runs automatically when needed, so it is undetectable to users.

The above is what we have learned. We have mainly learned the role of ARP and how the ARP protocol software implements address translation in Ethernet. Through learning, we also know that there is a premise when the Ethernet protocol software runs, that is, whether it is The host that sends the ARP request packet is also the host that sends the ARP response packet. The address information in the packets sent by them is credible, but in the current society, some people with ulterior motives will take advantage of the trust between each other in ARP. **""ARP Spoofing and ARP Attack"**.

Guess you like

Origin blog.csdn.net/nytcjsjboss/article/details/131052077
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com