Abstract image of a woman sitting on books and studying on a laptop

Networking.pdf

D
DarshaniKarunarathne

The document provides an overview of the Address Resolution Protocol (ARP). It discusses: - ARP allows mapping between a host's logical IP address to its physical MAC address on a local area network. - Each device maintains an ARP cache table to map IP-MAC address pairs for other devices on the network. An ARP request is broadcast to resolve addresses and the responding device unicasts an ARP reply. - ARP spoofing vulnerabilities exist since ARP does not authenticate requests/replies, allowing an attacker to poison a device's ARP cache with false address mappings and intercept network traffic.

Technology
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
MASTER OF INFORMATION TECHNOLOGY UNIVERSITY OF COLOMBO SCHOOL OF COMPUTING Address Resolution Protocol (ARP) MIT 2201 Computer Networking Dr. Ajantha Atukorale aja@ucsc.cmb.ac.lk
Overview
Overview • The delivery of a packet to a host or a router requires two levels of addressing: logical and physical. • We need to be able to map a logical address to its corresponding physical address and vice versa. • These can be done using either static or dynamic mapping.
Address Resolution Protocol (ARP) • Each device on a network maintains its own ARP table. • A device that requires an IP and MAC address pair broadcasts an ARP request. • If one of the local devices matches the IP address of the request, it sends back an ARP reply that contains its IP-MAC pair. • If the request is for a different IP network, a router performs a proxy ARP. • The router sends an ARP response with the MAC address of the interface on which the request was received, to the requesting host.
Address Translation with ARP ARP Request: Argon broadcasts an ARP request to all stations on the network: “What is the hardware address of Router137?”
Address Translation with ARP ARP Reply: Router 137 responds with an ARP Reply (unicast) which contains the hardware address
Address Translation with ARP
Address Translation with ARP LAN a. ARP request is multicast System A System B b. ARP reply is unicast LAN System A System B Looking for physical address of a node with IP address 141.23.56.23 Request The node physical address is A4:6E:F4:59:83:AB Reply
• Sender knows the IP address of the target. • IP asks ARP to create ARP request message. It includes sender’s and target’s IP and physical addresses. Target Physical address is all 0s. • Message is passed to data link layer, encapsulated in a frame using sender’s physical address. The physical destination address is the broadcast address. • All machines drop the packet except the targeted machine. Target machine identifies the IP address. • Target machine sends the ARP reply with its physical address. • Sender receives the reply and knows the physical address of target. • IP datagram, carries data for target machine, is now encapsulated in a frame and is unicast to the destination. Delivery of the Datagram
• Hardware Type: 16-bits; Defining the type of network; Ethernet is 1. • Protocol Type: 16-bits; IPv4 is 0800. • Hardware and Protocol length is 8-bits. ARP Packet Format
Encapsulation of ARP Packet Start of Frame Delimiter -SFD
Encapsulation of ARP Packet An ARP request is broadcast; an ARP reply is unicast.
Example 1 • A host with IP address 130.23.43.20 and physical address B2:34:55:10:22:10 has a packet to send to another host with IP address 130.23.43.25 and physical address A4:6E:F4:59:83:AB. • The two hosts are on the same Ethernet network. Show the ARP request and reply packets encapsulated in Ethernet frames.
Example 1
ARP Cache Timeout • Since sending an ARP request/reply for each IP datagram is inefficient, hosts maintain a cache (ARP Cache) of current entries. The entries expire after ARP cache timeout. • Older versions of Windows used to have a timeout of 2 minutes for ARP entries. • This has changed in Vista and Server 2008 onwards to comply with RFC4861. The new implementation has lowered this time to a random value between 15 seconds and 45 seconds. • Commands to check: C:> netsh interface ipv4 show interface <interface ID> $ cat /proc/sys/net/ipv4/neigh/default/gc_stale_time
Four cases using ARP
Proxy ARP Proxy ARP: Host or router responds to ARP Request that arrives from one of its connected networks for a host that is on another of its connected networks. 128.143.137.1/16 00:e0:f9:23:a8:20 128.143.71.1/24 128.143.0.0/16 Subnet 128.143.71.0/24 Subnet Router137 ARP Request: W hat is the MAC address of 128.143.71.21? 128.143.137.144/16 128.143.171.21/24 00:20:af:03:98:28 Argon Neon ARP Reply: The MAC address of 128.143.71.21 is 00:e0:f9:23:a8:20 128.143.71.21/24
Things to know about ARP • What happens if an ARP Request is made for a non-existing host? Several ARP requests are made with increasing time intervals between requests. Eventually, ARP gives up. • On some systems (including Linux) a host periodically sends ARP Requests for all addresses listed in the ARP cache. This refreshes the ARP cache content, but also introduces traffic.
Vulnerabilities of ARP • Since ARP does not authenticate requests or replies, ARP Requests and Replies can be forged • ARP is stateless: ARP Replies can be sent without a corresponding ARP Request • According to the ARP protocol specification, a node receiving an ARP packet (Request or Reply) must update its local ARP cache with the information in the source fields, if the receiving node already has an entry for the IP address of the source in its ARP cache. (This applies for ARP Request packets and for ARP Reply packets)
Vulnerabilities of ARP Typical exploitation of these vulnerabilities: • A forged ARP Request or Reply can be used to update the ARP cache of a remote system with a forged entry (ARP Poisoning) • This can be used to redirect IP traffic to other hosts • Generally, the aim is to associate the attacker's MAC address with the IP address of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead. • ARP spoofing may allow an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether.
ARP Spoofing/poisoning • Simplicity also leads to major insecurity • No Authentication • ARP provides no way to verify that the responding device is really who it says it is • Stateless protocol • Updating ARP Cache table • Attacks • DOS • Hacker can easily associate an operationally significant IP address to a false MAC address • Man-in-the-Middle • Intercept network traffic between two devices in your network
Ethernet: 0800.0020.1111 IP = ??? What is my IP address? Reverse ARP
Ethernet: 0800.0020.1111 IP: 172.16.3.25 Ethernet: 0800.0020.1111 IP = ??? What is my IP address? I heard that broadcast. Your IP address is 172.16.3.25. Maps: MAC IP Reverse ARP
• RARP (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway. • A network administrator creates a table in a local area network's gateway router that maps the physical machine (MAC address) addresses to corresponding Internet Protocol addresses. • When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address. • Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use. • RARP is available for Ethernet, Fiber Distributed-Data Interface, and token ring LANs. Reverse ARP
Home Work
End of Lecture Any Questions?

More Related Content

PPT
module06-arpV4(1) fr computer network protocol
AhamedTuani
 
PPT
Cours de réseau internet sur les protocoles et technologies réseaux
FredarmelNKETCHEMEN
 
PPT
Arp
naveenarvinth
 
DOCX
84486335 address-resolution-protocol-case-study
homeworkping3
 
PPT
ARP.ppt
Jayaprasanna4
 
PPTX
MAC in the Address Resolution Protocol.pptx
marunkumareee77
 
PPTX
04 coms 525 tcpip - arp and rarp
Palanivel Kuppusamy
 
PDF
Arp config-arp
Raafat younis
 
module06-arpV4(1) fr computer network protocol
AhamedTuani
 
Cours de réseau internet sur les protocoles et technologies réseaux
FredarmelNKETCHEMEN
 
Arp
naveenarvinth
 
84486335 address-resolution-protocol-case-study
homeworkping3
 
ARP.ppt
Jayaprasanna4
 
MAC in the Address Resolution Protocol.pptx
marunkumareee77
 
04 coms 525 tcpip - arp and rarp
Palanivel Kuppusamy
 
Arp config-arp
Raafat younis
 

Similar to Networking.pdf (20)

PPTX
Address resolution protocol (ARP)
NetProtocol Xpert
 
PDF
Network Intrusion Ditection System
Hitesh Mohapatra
 
PPT
Arp spoofing
Luthfi Widyanto
 
PPT
Address resolution protocol
asimnawaz54
 
PDF
Arp security by_abdimuna_sep_28
Abdimuna Muna
 
PDF
Communication networks_ARP
GouravSalla
 
PDF
Web technology and commerce unit 1
arun0501
 
PPTX
Support-Protocols ARP, RARP tcp tcmp .pptx
FredarmelNKETCHEMEN
 
PPTX
Cours de réseau internet sur les protocoles et technologies réseaux arp
FredarmelNKETCHEMEN
 
PPTX
Presentation on arp protocol
Mohd. Ahmad Siddiqi
 
PDF
Protect The Fundamental of IP Networking - Network Security Features 2019
Jiunn-Jer Sun
 
PPT
Address resolution protocol and internet control message protocol
asimnawaz54
 
PPSX
ARP
selvakumar_b1985
 
PPT
Lecture 5 internet-protocol_assignments
Serious_SamSoul
 
PPTX
Arp (address resolution protocol)
tigerbt
 
PPTX
ARP,RARP,DHCP,ICMP NETWORKING PROTOCOLS INTERNET
Janagi Raman S
 
PDF
Chap-07 ARP and RARP.pdf
HemantBorse6
 
PPTX
presentation of first program exist.pptx
MajidAzeemChohan
 
PDF
Arp Cache Poisoning
Subhash Kumar Singh
 
PPTX
Advanced_Networking_Principles_and_Protocols_Lecture_3_part2.pptx
KUMKUMOKUSSIA
 
Address resolution protocol (ARP)
NetProtocol Xpert
 
Network Intrusion Ditection System
Hitesh Mohapatra
 
Arp spoofing
Luthfi Widyanto
 
Address resolution protocol
asimnawaz54
 
Arp security by_abdimuna_sep_28
Abdimuna Muna
 
Communication networks_ARP
GouravSalla
 
Web technology and commerce unit 1
arun0501
 
Support-Protocols ARP, RARP tcp tcmp .pptx
FredarmelNKETCHEMEN
 
Cours de réseau internet sur les protocoles et technologies réseaux arp
FredarmelNKETCHEMEN
 
Presentation on arp protocol
Mohd. Ahmad Siddiqi
 
Protect The Fundamental of IP Networking - Network Security Features 2019
Jiunn-Jer Sun
 
Address resolution protocol and internet control message protocol
asimnawaz54
 
ARP
selvakumar_b1985
 
Lecture 5 internet-protocol_assignments
Serious_SamSoul
 
Arp (address resolution protocol)
tigerbt
 
ARP,RARP,DHCP,ICMP NETWORKING PROTOCOLS INTERNET
Janagi Raman S
 
Chap-07 ARP and RARP.pdf
HemantBorse6
 
presentation of first program exist.pptx
MajidAzeemChohan
 
Arp Cache Poisoning
Subhash Kumar Singh
 
Advanced_Networking_Principles_and_Protocols_Lecture_3_part2.pptx
KUMKUMOKUSSIA
 
Ad

Recently uploaded (20)

PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
Unlock new opportunities with location data.pdf
Precisely
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PPTX
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
Unlock new opportunities with location data.pdf
Precisely
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Ad

Networking.pdf

  • 1. MASTER OF INFORMATION TECHNOLOGY UNIVERSITY OF COLOMBO SCHOOL OF COMPUTING Address Resolution Protocol (ARP) MIT 2201 Computer Networking Dr. Ajantha Atukorale aja@ucsc.cmb.ac.lk
  • 3. Overview • The delivery of a packet to a host or a router requires two levels of addressing: logical and physical. • We need to be able to map a logical address to its corresponding physical address and vice versa. • These can be done using either static or dynamic mapping.
  • 4. Address Resolution Protocol (ARP) • Each device on a network maintains its own ARP table. • A device that requires an IP and MAC address pair broadcasts an ARP request. • If one of the local devices matches the IP address of the request, it sends back an ARP reply that contains its IP-MAC pair. • If the request is for a different IP network, a router performs a proxy ARP. • The router sends an ARP response with the MAC address of the interface on which the request was received, to the requesting host.
  • 5. Address Translation with ARP ARP Request: Argon broadcasts an ARP request to all stations on the network: “What is the hardware address of Router137?”
  • 6. Address Translation with ARP ARP Reply: Router 137 responds with an ARP Reply (unicast) which contains the hardware address
  • 8. Address Translation with ARP LAN a. ARP request is multicast System A System B b. ARP reply is unicast LAN System A System B Looking for physical address of a node with IP address 141.23.56.23 Request The node physical address is A4:6E:F4:59:83:AB Reply
  • 9. • Sender knows the IP address of the target. • IP asks ARP to create ARP request message. It includes sender’s and target’s IP and physical addresses. Target Physical address is all 0s. • Message is passed to data link layer, encapsulated in a frame using sender’s physical address. The physical destination address is the broadcast address. • All machines drop the packet except the targeted machine. Target machine identifies the IP address. • Target machine sends the ARP reply with its physical address. • Sender receives the reply and knows the physical address of target. • IP datagram, carries data for target machine, is now encapsulated in a frame and is unicast to the destination. Delivery of the Datagram
  • 10. • Hardware Type: 16-bits; Defining the type of network; Ethernet is 1. • Protocol Type: 16-bits; IPv4 is 0800. • Hardware and Protocol length is 8-bits. ARP Packet Format
  • 11. Encapsulation of ARP Packet Start of Frame Delimiter -SFD
  • 12. Encapsulation of ARP Packet An ARP request is broadcast; an ARP reply is unicast.
  • 13. Example 1 • A host with IP address 130.23.43.20 and physical address B2:34:55:10:22:10 has a packet to send to another host with IP address 130.23.43.25 and physical address A4:6E:F4:59:83:AB. • The two hosts are on the same Ethernet network. Show the ARP request and reply packets encapsulated in Ethernet frames.
  • 15. ARP Cache Timeout • Since sending an ARP request/reply for each IP datagram is inefficient, hosts maintain a cache (ARP Cache) of current entries. The entries expire after ARP cache timeout. • Older versions of Windows used to have a timeout of 2 minutes for ARP entries. • This has changed in Vista and Server 2008 onwards to comply with RFC4861. The new implementation has lowered this time to a random value between 15 seconds and 45 seconds. • Commands to check: C:> netsh interface ipv4 show interface <interface ID> $ cat /proc/sys/net/ipv4/neigh/default/gc_stale_time
  • 17. Proxy ARP Proxy ARP: Host or router responds to ARP Request that arrives from one of its connected networks for a host that is on another of its connected networks. 128.143.137.1/16 00:e0:f9:23:a8:20 128.143.71.1/24 128.143.0.0/16 Subnet 128.143.71.0/24 Subnet Router137 ARP Request: W hat is the MAC address of 128.143.71.21? 128.143.137.144/16 128.143.171.21/24 00:20:af:03:98:28 Argon Neon ARP Reply: The MAC address of 128.143.71.21 is 00:e0:f9:23:a8:20 128.143.71.21/24
  • 18. Things to know about ARP • What happens if an ARP Request is made for a non-existing host? Several ARP requests are made with increasing time intervals between requests. Eventually, ARP gives up. • On some systems (including Linux) a host periodically sends ARP Requests for all addresses listed in the ARP cache. This refreshes the ARP cache content, but also introduces traffic.
  • 19. Vulnerabilities of ARP • Since ARP does not authenticate requests or replies, ARP Requests and Replies can be forged • ARP is stateless: ARP Replies can be sent without a corresponding ARP Request • According to the ARP protocol specification, a node receiving an ARP packet (Request or Reply) must update its local ARP cache with the information in the source fields, if the receiving node already has an entry for the IP address of the source in its ARP cache. (This applies for ARP Request packets and for ARP Reply packets)
  • 20. Vulnerabilities of ARP Typical exploitation of these vulnerabilities: • A forged ARP Request or Reply can be used to update the ARP cache of a remote system with a forged entry (ARP Poisoning) • This can be used to redirect IP traffic to other hosts • Generally, the aim is to associate the attacker's MAC address with the IP address of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead. • ARP spoofing may allow an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether.
  • 21. ARP Spoofing/poisoning • Simplicity also leads to major insecurity • No Authentication • ARP provides no way to verify that the responding device is really who it says it is • Stateless protocol • Updating ARP Cache table • Attacks • DOS • Hacker can easily associate an operationally significant IP address to a false MAC address • Man-in-the-Middle • Intercept network traffic between two devices in your network
  • 22. Ethernet: 0800.0020.1111 IP = ??? What is my IP address? Reverse ARP
  • 23. Ethernet: 0800.0020.1111 IP: 172.16.3.25 Ethernet: 0800.0020.1111 IP = ??? What is my IP address? I heard that broadcast. Your IP address is 172.16.3.25. Maps: MAC IP Reverse ARP
  • 24. • RARP (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway. • A network administrator creates a table in a local area network's gateway router that maps the physical machine (MAC address) addresses to corresponding Internet Protocol addresses. • When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address. • Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use. • RARP is available for Ethernet, Fiber Distributed-Data Interface, and token ring LANs. Reverse ARP
  • 26. End of Lecture Any Questions?