[Computer Network] 13. ARP packet: Broadcast your own mac address and ip

Enterprise 2023-08-18 18:03:49 views: null

When the machine starts, it will broadcast its own mac address and ip address to the outside, which is called the arp protocol. The range is the part that has not passed through the router, as shown in the blue part in the figure below, the devices within the range will record the binding information of mac and ip locally, and if there are duplicates, they will be overwritten and updated (for example, receive mac1-ip1 first, then receive mac2 -ip1, the overwrite record is mac2-ip):

arp range

Case: Assuming that the mac address of a certain device will change after reboot, different arp packets will be sent out each time it reboots (for example, send itself as mac1-ip1 first, then send itself as mac2-ip1 at the next reboot, and then send it to the next reboot when sending itself is mac3-ip1). The following figure shows the changed mac address after reboot (the mac address can be seen through ip a):
Changed mac address after reboot

As a network administrator (IT), usually in order to deal with this kind of "device reboot mac address change", the impact on DHCP, will make some restrictions, such as setting a certain network port on the switch to accept up to 50 mac addresses , if it exceeds, the packet will be discarded.

  • DHCP is a service that requests an ip address through a mac address. It can be deployed as a server alone or configured on a switch.
  • If the mac address always changes after the device reboots, for the same device, it will request an ip address from DHCP every time it reboots, which will exhaust the ip address resources in the LAN, causing other devices to have no ip available, and the network will be paralyzed. This behavior can be considered a type of cyber attack.
    • For example, device a, the first reboot will get ipa from DHCP with maca, the second reboot will get ipb from DHCP with maca, and the nth reboot will get ipn from DHCP with maca
    • The DHCP cache has an expiration time. Although device a only uses ipn at the nth time, it has obtained many ip addresses that it does not need (such as ipa, ipb, ... ipn-1)
    • This will cause other devices (such as b, c, d, e) in the LAN to have no IP available, thus paralyzing the network. This behavior can be regarded as a network attack.
    • Therefore, the network administrator will set rules to limit the acceptance of a certain network port on the switch to a maximum of 50 mac addresses. If it exceeds, the packet will be lost, as shown in the figure below
      Limitations on the switch

The command to randomly generate a mac address (the first 6 numbers can also be random):

echo 13:25:46:`echo $RANDOM | md5sum | sed 's/../&:/g' | cut -c1-8`

reference

Guess you like

Origin blog.csdn.net/jiaoyangwm/article/details/132317383
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com