Address Resolution Protocol (ARP): Understanding the basics

-

Address resolution Protocol or ARP for short is basically used to resolve an IP address to a MAC address.
A MAC address is a unique identifier for any device. And since we are talking networking today, The mac address we will be concentration on is that of a network device.
Its important to note that, no two device can have the same mac address.


Whenever a network device needs to communicate with another network device in a Local Area Network, it needs the MAC address of that device. This is where ARP comes to play.

Lets take a look at the scenario bellow to clearly understand this concept:

1. There are 2 computers say A and B on the network.
2. They have both been assigned an IP address as seen below:
       A: 192.168.0.1
       B: 192.168.0.2
3. Computer A needs to communicate with computer B.
4. It looks at a list for the IP address to see if it has a corresponding MAC address. This list is called an ARP Cache.
5. If the entry is not in the ARP cache, it will attempt to create it by doing the following below
6. Computer A will broadcast the IP address over the network to locate Computer B and request for the mac address.
7. Computer B acknowledges and responds back with the mac address.
8. The IP address and corresponding MAC address will then be stored in the ARP cache.
9. Connection is completed and communication is established.

The following should be noted:
1. An IP address is used to Locate a devices while
2. A MAC address is used to identify the device.

How to check the ARP Cache
There is a utility on windows that can be used to see the contents of the ARP cache.
Lets go through a short step to see this:
1. Open Command prompt
2. type the following command and hit the enter key:
arp -a

It should be noted that the major advantage of the ARP cache is simply to make networking more efficient. What this means is that if the information needed to establish a connection is already contained in the ARP cache, then there is no need for the broadcasting of IP address on the network to request for MAC addresses. The connection is just simply established. Now that is a faster an efficient approach.

What are the contents of the ARP cache
Lets have a brief look at the contents of the ARP cache:
1. Internet address: This column stores the IP address of the network device
2. Physical Address: This column stores the MAC address of the device
3. Type: There are 2 different type of entries for this column (DYNAMIC and STATIC)

 DYNAMIC
Dynamic is automatic and used only when the broadcast over the network for a MAC address is initiated and completed.
They are not permanent entries and thus are flushed out periodically so that the cache is not filled up with entries that are not been used.

STATIC
Static type is when the ARP cache details are entered manually by the network administrator through the ARP command line utility.

 Advantage of Static over Dynamic
1. Static ARP cache is used over Dynamic to reduce unnecessary broadcast over the network.
2. Additionally its also a quick was to establish a connection if two computers are to constantly communicate with each other.

A static entry can be created using the follwing command:
arp -s {IP address} {MAC address}

An example can be seen below

arp -s 192.168.0.123 ff:02:f4:00:00


And that's it for this post. I hope you found it educative

Comments

  1. Unknown16 September 2018 at 14:10

    This was a good read. Thanks so much for sharing your knowledge. Looking forward to more exciting posts. Is there any chance you could do something on penetration testing?

    ReplyDelete
  2. Olutayo Oluwole17 September 2018 at 21:55

    Hi. Thanks.. This is actually the first part of the main attraction. Stay tuned

    ReplyDelete
  3. Olutayo Oluwole26 September 2018 at 06:49

    you can check this out:
    http://itcasxp.blogspot.com/2018/03/using-metasploit-framework-to-hack.html

    ReplyDelete

Post a Comment

Popular posts from this blog

Auditing Virtualization

-
Image
Virtualization is the process of creating virtual, representation of an entity, such as virtual applications, servers, storage and networks. It is the single most effective way to reduce IT expenses by reducing hardware footprint while boosting efficiency and agility for all size businesses. However good as it is, virtualization can create a single point of failure if poor implementation introduced a security flaw to the system. In this post I will be sharing with you how to audit virtualization.
Read more

How to Identify if the capacity of your FLASH storage device is genuine or counterfeit

-
Image
Have you at some time purchased a flash drive  or memory card that always stored corrupt data? You paid for a 64gig memory card and all you stored in it is simply just got corrupted. I have been a victim several times even with reputable retailers. These counterfeit flash storages are low capacity in nature, devices that have been maliciously altered so that they appear to have much more capacity than its original. An example is the 64 gig memory card I purchased which ended up having actual capacity of 2gig. So I actually paid for 2gig. Now I didn't get to know this on time because I actually copied a video file inside it as a test which checked out fine. The video file size was 1.5gb. I was able to play the video with no issue of corruption. Thus I "Assumed" the flash was genuine. Boy was I wrong. Later in the week I decided to do a major backup of my mobile phone since I was purchasing another one. After the backup, I formatted ...
Read more