Shulou(Shulou.com)06/01 Report--

First, Overview of ARP

ARP (Address Resolution Protocol, address Resolution Protocol) is used to realize the mapping from IP address to MAC address and to realize the process of data encapsulation. It belongs to the network layer on Ethernet.

Second, ARP working principle

How ARP works: from IP- > MAC address

When the host sends information, the ARP request containing the destination IP address is broadcast to all hosts on the network, and the corresponding host receives the broadcast packet, then the ARP unicast reply message and the return message are received to determine the target MAC address, and the IP address and MAC address are stored in the local ARP cache, and the ARP cache can be directly queried on the next request.

Note: ARP requests are sent as broadcasts and ARP replies are sent as unicast.

Third, ARP deception

1. Brief introduction

Because the host on the network can send the ARP reply message independently, and other hosts will not detect the authenticity of the ARP packet when they receive the message, they will record it in the local ARP cache, so * the host can send a pseudo ARP reply message, so that the information sent by the host cannot reach the expected host, resulting in an ARP spoofing.

two。 working principle

① hacker tells PC1 that the iP----hacker's MAC of the gateway

② hacker tells the gateway that A's IP---- > hacker's MAC

The traffic between ③ An and the gateway communicates through the host of hacker.

④ hacker can grab, analyze, perform * * and steal data through wireshack.

(common * * software: P2P Terminator, Network Marshal.)

Fourth, ARP grouping format

Field analysis:

1. Ethernet destination address

6 bytes, all 1 indicates the broadcast address

two。 Ethernet source address

6 bytes

3. Frame Typ

2 bytes, indicating the type of subsequent data; for ARP request or reply, the value is 0x0806

And RARP is 0x0835.

4. Hardware Typ

2 bytes, indicating the type of hardware address, and a value of 1 indicating the Ethernet address

5. Protocol Typ

2 bytes, indicating the type of protocol address to be mapped

0x0800: indicates the IP address

The value is the same as the value of the type field in the Ethernet data frame of the IP Datagram

6. Hardware address length

1 byte, ARP request or reply for Ethernet IP address, with a value of 6

7. Protocol address length

1 byte, ARP request or reply for Ethernet IP address, value is 4

8. Action field

2 bytes, indicating the type of operation

ARP request: 1

ARP reply: 2

RARP request: 3

RARP reply: 4

9. Hardware address of the sender (6bytes)

10. The protocol address of the sender (4bytes)

11. Hardware address of the destination (6bytes)

twelve。 Protocol address of the destination (4bytes)

Fifth, acting ARP

1. Proxy ARP (also known as ARP rental) is a variant of ARP protocol. For computers without a default gateway to communicate with computers in other networks, the gateway will reply to the source computer with its own MAC address and the IP address of the target computer when it receives the ARP request from the source computer.

two。 A proxy ARP is to respond to one host as a response to another host ARP.

3. Question1: what is an ARP agent?

A: when the router receives the ARP Request, if it finds that the destination IP address of the query is in a different subnet, the router will act as the ARP of the agent, answer instead, and tell the querier the MAC address it is going to do (using the MAC address of the interface between them)

Question2: why is there an ARP agent?

A: one of the important functions of routers is to limit LAN broadcast packets to the network and not to spread, otherwise it will cause a network storm. ARP Request is a broadcast package that will answer if the person it asks is on the same local area network. But what if the query object is not on the same local area network? In order to solve this problem, the router provides a service: proxy ARP.

Question 3: is there any other way to solve the address query across the local area network?

Answer: if the host is configured with a default gateway, you can assign the query task to the default gateway when the object querying the MAC address is outside the local area network.

Question 4: under what circumstances do I use ARP as an agent?

Answer: hosts and routers in the network all have ARP cache. Hosts are usually configured with a default gateway, which is used to query MAC addresses outside the local area network. When a router needs to query the MAC address on a remote network segment, the router connected to it acts as a proxy ARP when it receives the ARP Request.

Six, free ARP

1. Free ARP message is a special ARP message. The sender IP address and destination IP address carried by this message are native IP address, source MAC address is native MAC address, and destination MAC address is broadcast address.

two。 The role of free ARP:

① advertises the role of broadcasting, telling hosts throughout the broadcast domain what the current MAC address of this IP is.

② checks whether other hosts in the broadcast domain are using their own IP address, and if so, it will display an IP address conflict

If a router running Hot standby routing Protocol (HSRP) in a ③ subnet becomes the master router from another router, it will send an unprovoked ARP to update the ARP cache on that subnet-(the device changes the hardware address and notifies other devices to update the ARP entry by sending a free ARP message. )

Seventh, reverse ARP-IARP

1. Brief introduction

IARP inverse address Resolution Protocol (Inverse Address Resolution Protocol). The dynamic maintenance of Inverse ARP for the mapping between IP address and virtual circuit number in frame Relay network is mainly used in frame relay network.

IARP is a method of establishing dynamic routing in a network so that the access server can know the network address of the device associated with the virtual circuit.

IARP is used to automatically establish a mapping between a router IP address and a frame Relay DLCI in a frame Relay network.

two。 working principle

What is the IP address of ① A that sends a broadcast message requesting its corresponding destination MAC address? At the same time, its own IP address is attached to the broadcast message.

After receiving the broadcast packet, ② B modifies the request packet and extracts the hardware address from the frame Relay frame header and puts it into the source hardware address domain of the request packet to form the address mapping of A.

The ③ then forms a unicast response, and the response packet contains the IP address of B and the IP address and hardware address of A.

④ A receives the response, modifies the response packet, takes the hardware address from the frame header and puts it in the source hardware address field of the response packet, and then adds it to the address mapping table.

⑤ devices An and B can transfer data normally.

Eight, reverse ARP

1. Brief introduction

Reverse address Translation Protocol (RARP:Reverse Address Resolution Protocol) allows physical machines in a local area network to request their IP addresses from the ARP table or cache of the gateway server (router).

two。 working principle

From the known MAC address-> IP address

Each device on a ① network has a unique hardware address, usually an MAC address assigned by the device manufacturer. PC1 reads the MAC address from the network card, and then sends a broadcast packet of the RARP request on the network, requesting the RARP server to reply to the IP address of the PC.

The ② RARP server receives the RARP request packet, assigns an IP address to it, and sends the RARP response to PC1

When ③ PC1 receives the RARP response, it communicates using the resulting IP address.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.