Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "ARP"

From NetSec
Jump to: navigation, search
Line 1: Line 1:
'''Address Resolution Protocol''' ('''ARP''') is used to resolve a network layer address to a link layer address, typically resolving a [[MAC]] address to an [[IPv4]] address. For example, ARP may resolve the MAC address 01:23:45:67:89:AB to the IPv4 address 192.168.1.1.  
+
'''Address Resolution Protocol''' ('''ARP''') is used to resolve a network layer address to a link layer address, typically resolving a [[MAC]] address to an [[IP address]]. For example, ARP may resolve the [[MAC]] address 01:23:45:67:89:AB to the IPv4 address 192.168.1.1.  
  
 
==How ARP Works==
 
==How ARP Works==
To resolve a MAC address to an IP address, ARP uses cached ARP tables containing IP address/MAC address pairs stored locally. For example, lets say Network Device A (NDA) wants to send a packet to Network Device B (NDB) with a MAC address of DE:AD:BE:EF:CA:FE and an IP address of 192.168.1.1, it first needs to resolve DE:AD:BE:EF:CA:FE into 192.168.1.1. To do this, it will first try and lookup the IP address 192.168.1.1 in its ARP table. If it finds the corresponding MAC address it will send the packet to the address it found, and it will (hopefully) reach its target. If it cannot find the corresponding MAC address it will send a broadcast ARP message (with a destination of FF:FF:FF:FF:FF:FF) requesting the IP address 192.168.1.1. NDB will now respond to that message with its MAC address (DE:AD:BE:EF:CA:FE), and will also store the MAC address of NDA in its own ARP cache table. NDA now has the MAC of NDB and can send its message along.
+
To resolve a MAC address to an IP address, ARP uses cached ARP tables containing IP address/MAC address pairs stored locally. When dynamic ARP is enabled, this cache is updated by ethernet frames on the Local Area Network (LAN) broadcasting [[IP address]] and MAC address pairs.
 +
 
 +
For example, Network Device A (NDA) wants to send a packet to Network Device B (NDB) with a MAC address of DE:AD:BE:EF:CA:FE and an IP address of 192.168.1.1.
 +
 
 +
Device A first needs to resolve 192.168.1.1 to its [[MAC]] address, DE:AD:BE:EF:CA:FE. To do this, it will first try and lookup the IP address 192.168.1.1 in its ''ARP table''. If it finds the corresponding MAC address it will send the packet to the address it found, and it will (hopefully) reach its target. If it cannot find the corresponding MAC address it will send a broadcast ARP message (with a destination of FF:FF:FF:FF:FF:FF) requesting the [[MAC]] address of 192.168.1.1 (also known as an ARP WhoHas). Network Device B would then respond to that message with its MAC address (DE:AD:BE:EF:CA:FE), and will also store the MAC address of Network Device A in its own ARP cache table. Network Device A now has the MAC of Network Device B and can send its [[TCP/IP]] message along over the ethernet.
  
 
==See Also==
 
==See Also==

Revision as of 20:15, 28 June 2012

Address Resolution Protocol (ARP) is used to resolve a network layer address to a link layer address, typically resolving a MAC address to an IP address. For example, ARP may resolve the MAC address 01:23:45:67:89:AB to the IPv4 address 192.168.1.1.

How ARP Works

To resolve a MAC address to an IP address, ARP uses cached ARP tables containing IP address/MAC address pairs stored locally. When dynamic ARP is enabled, this cache is updated by ethernet frames on the Local Area Network (LAN) broadcasting IP address and MAC address pairs.

For example, Network Device A (NDA) wants to send a packet to Network Device B (NDB) with a MAC address of DE:AD:BE:EF:CA:FE and an IP address of 192.168.1.1.

Device A first needs to resolve 192.168.1.1 to its MAC address, DE:AD:BE:EF:CA:FE. To do this, it will first try and lookup the IP address 192.168.1.1 in its ARP table. If it finds the corresponding MAC address it will send the packet to the address it found, and it will (hopefully) reach its target. If it cannot find the corresponding MAC address it will send a broadcast ARP message (with a destination of FF:FF:FF:FF:FF:FF) requesting the MAC address of 192.168.1.1 (also known as an ARP WhoHas). Network Device B would then respond to that message with its MAC address (DE:AD:BE:EF:CA:FE), and will also store the MAC address of Network Device A in its own ARP cache table. Network Device A now has the MAC of Network Device B and can send its TCP/IP message along over the ethernet.

See Also