Shulou(Shulou.com)06/01 Report--

This article is about how to use ARP commands to solve network problems. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Address Resolution Protocol (Address Resolution Protocol), its basic function is to query the IP address of the target device through the MAC address of the target device, so as to ensure the smooth progress of communication. It is an indispensable protocol in the network layer of IPv4.

How to use ARP command to solve network failure how to use ARP command to solve network fault arp command

Arp commands generally have three uses, namely, query display, add records, and delete records, which are often used when we do network projects. \ 1. Arp-a, used when you need to display the mac address corresponding to the current ip address.

Enter "arp-a" at the command prompt and enter; automatically read the corresponding table of IP address and mac address in the cache;\ 2. Arp-s, used when you need to manually add an arp record.

Manually enter an ARP item in the format "ARP+ space +-a+IP address + MAC address"

As shown in the figure below, I specifically used arp-a to query the ARP record

In fact, this command is also called binding mac address command, such as a company's network, employees often like to change the ip address of their computers, often causing ip address confusion, unable to manage, then at this time you only need to bind its ip address to its computer mac address, then the next time there is a network failure, you can directly locate the mac address to those computers.

3. Arp-d, when you think there is a problem with an arp record, you can delete it.

Function: delete all ARP records

In fact, if you want to completely empty the ARP list, you need to disable all network connections, otherwise a new ARP list will still be generated in the process of network data interaction.

So some friends will ask, what is the use of these three orders?

In fact, it is very useful, for example, when there is a problem in your network, some ip addresses may conflict, and the ip address corresponding to mac is incorrect, then you can delete the arp record and then add a new record, and the network problem will be solved.

What arp attack?

1. What is an arp attack

The basic function of ARP protocol is to query the MAC address of the target device through the IP address of the target device to ensure the communication. Based on this working characteristic of ARP protocol, hackers continue to send fraudulent ARP packets to the other computer, and the packets contain Mac addresses repeated with the current device, so that when the other party responds to the message, the normal network communication can not be carried out due to simple address repetition errors.

2. How to defend arp address

In general, there are two phenomena that occur on computers attacked by ARP:

Keep popping up the dialog box of "the local XXX segment hardware address conflicts with the XXX segment address in the network". The computer can not access the Internet normally, resulting in the symptoms of network interruption. This kind of situation is more common in our monitoring system or in the network with more users, and there are often problems such as ip address conflicts, so how to prevent it?

For monitoring or network systems, once there are more users, it is necessary to divide the vlan or isolate the ports of the network to avoid arp attacks and spread to other devices, there are usually the following three methods.

(1) two-way binding of ARP

IP+mac binding on the pc side and ip+mac+ port binding on the network device (switching route)

The gateway also performs static binding between IP and mac.

(2) set up DHCP server

ARP attacks generally attack the gateway first, establishing the DHCP server on the gateway, or using an arp filtered firewall.

(3) divide the safe area.

ARP broadcast packets cannot be propagated across subnets or network segments, and network segments can isolate broadcast packets. VLAN is a logical broadcast domain. Multiple subnets can be created in the local area network through VLAN technology, so the broadcast is isolated in the local area network. Narrow the scope of infection. However, too fine the division of security domains will make the management and resource sharing of the local area network inconvenient.

3. How to solve the problem after the arp attack

The network may have been down after the arp attack. Looking at this comparison table, it is found that the Mac address of the gateway has changed.

(1) then type arp-a to see a list of all gateways, but normally, there should be only one gateway, and the extra gateway must be a camouflaged gateway on the computer of the initiator of the arp attack.

(2) then arp-d.

Clear all gateways, and then your computer will find its own gateway.

(3) in arp-a

List the newly found gateways, and if there are still multiple, continue with arp-d. Until only one record appears in arp-a,

This list will show the IP address and MAC address of the gateway, which is your gateway.

(4) arp-s, then re-bind

Enter arp-s xxx.xxx.xxx.xxx ab-cd-ef-gh-ij-kl

Xxx.xxx.xxx.xxx represents the IP address of the gateway, and ab-cd-ef-gh-ij-kl represents the MAC address of the gateway.

Thank you for reading! This is the end of the article on "how to use ARP commands to solve network failure problems". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.