Chapter5 ARP
23
Computer Networks Prof. Lin Weiguo College of Computing Copyleft © 2003~2015 [email protected] http://icourse.cuc.edu.cn/computernetworks/
-
Upload
rohitpatyal82 -
Category
Documents
-
view
65 -
download
2
description
l
Transcript of Chapter5 ARP
Computer Networks Prof. Lin Weiguo
College of Computing Copyleft © 2003~2015 [email protected]
http://icourse.cuc.edu.cn/computernetworks/
2
Address Resolution Protocol
(ARP), RFC 826
Relates to Lab Ethernet and ARP:
A short module on the Address Resolution Prococol(ARP).
Reference: http://www.cs.virginia.edu/~itlab/book/
Protocol Data Unit Encapsulation
TCP/IP over Ethernet 5/20/15 [email protected] 3
Application
TCP
IP
Ethernet Driver
Ethernet Transmission
Line
Ethernet Header
IP Header
TCP Header
Application Data
Ethernet Trailer
14 Bytes 4 Bytes 20 Bytes 20 Bytes Variable Length 46 to 1500Bytes
IP Header
TCP Header
Application Data
TCP Header
Application Data
Application Header User Data
User Data
Application Message
TCP Segment
IP Packet (Datagram)
Ethernet Frame
TCP/IP packet in a Ethernet II Frame
Ethernet II with the ‘Preamble’ and ‘IFG (Inter-Frame Gap)’
5/20/15
http://www.tamos.net/~rhay/overhead/ip-packet-overhead.htm
6
ARP and RARP l Note:
l The Internet is based on IP addresses l Data link protocols (Ethernet, FDDI, ATM) may have different
(MAC) addresses
l The ARP and RARP protocols perform the translation between IP addresses and MAC layer addresses
l We will discuss ARP for broadcast LANs, particularly Ethernet LANs
RARP
Ethernet MACaddress(48 bit)
ARPIP address(32 bit)
Problem of mapping l The problem of mapping Internet addresses to physical
addresses is known as the address resolution problem. l Each ethernet device has its own unique number. Change the
card and you change its physical address. l Physical address are 6 bytes long, too large to multiplex within an
Internet address. l New machines can be added to the network with no disruption of
service. l But, adding new hosts should not require reconfiguring existing
hosts to inform them of the new machine.
5/20/15 [email protected] 7
8
Address Translation with ARP ARP Request:
Argon broadcasts an ARP request to all stations on the network: “What is the hardware address of Router137?”
Argon128.143.137.14400:a0:24:71:e4:44
Router137128.143.137.1
00:e0:f9:23:a8:20
ARP Request:What is the MAC addressof 128.143.71.1?
9
Address Translation with ARP ARP Reply:
Router 137 responds with an ARP Reply which contains the hardware address
Argon128.143.137.14400:a0:24:71:e4:44
Router137128.143.137.1
00:e0:f9:23:a8:20
ARP Reply:The MAC address of 128.143.71.1is 00:e0:f9:23:a8:20
10
ARP Packet Format Destination
address
6
ARP Request or ARP Reply
28
Sourceaddress
6 2
CRC
4
Type0x0806 Padding
18
Ethernet II header
Hardware type (2 bytes)
Hardware address length (1 byte)
Protocol address length (1 byte) Operation code (2 bytes)
Target hardware address(6 bytes)*
Protocol type (2 bytes)
Source hardware address(6 bytes)*
Source protocol address(4 bytes)*
Target protocol address(4bytes)*
* Note: The length of the address fields is determined by the corresponding address length fields
11
Example l ARP Request from Argon:
Source hardware address: 00:a0:24:71:e4:44 Source protocol address: 128.143.137.144 Target hardware address: 00:00:00:00:00:00 Target protocol address: 128.143.137.1
l ARP Reply from Router137:
Source hardware address: 00:e0:f9:23:a8:20 Source protocol address: 128.143.137.1 Target hardware address: 00:a0:24:71:e4:44 Target protocol address: 128.143.137.144
12
ARP Cache l Since sending an ARP request/reply for each IP
datagram is inefficient, hosts maintain a cache (ARP Cache) of current entries. The entries expire after 20 minutes.
l Contents of the ARP Cache: (128.143.71.37) at 00:10:4B:C5:D1:15 [ether] on eth0 (128.143.71.36) at 00:B0:D0:E1:17:D5 [ether] on eth0 (128.143.71.35) at 00:B0:D0:DE:70:E6 [ether] on eth0 (128.143.136.90) at 00:05:3C:06:27:35 [ether] on eth1 (128.143.71.34) at 00:B0:D0:E1:17:DB [ether] on eth0 (128.143.71.33) at 00:B0:D0:E1:17:DF [ether] on eth0
13
Proxy ARP l Proxy ARP: Host or router responds to ARP
Request that arrives from one of its connected networks for a host that is on another of its connected networks.
14
Things to know about ARP l What happens if an ARP Request is made for a non
-existing host? Several ARP requests are made with increasing time intervals between requests. Eventually, ARP gives up.
l On some systems (including Linux) a host periodically sends ARP Requests for all addresses listed in the ARP cache. This refreshes the ARP cache content, but also introduces traffic.
l Gratuitous ARP Requests: A host sends an ARP request for its own IP address:
Useful for detecting if an IP address has already been assigned.
15
Vulnerabilities of ARP 1. Since ARP does not authenticate requests or replies, ARP Requests and
Replies can be forged 2. ARP is stateless: ARP Replies can be sent without a corresponding ARP
Request 3. According to the ARP protocol specification, a node receiving an ARP
packet (Request or Reply) must update its local ARP cache with the information in the source fields, if the receiving node already has an entry for the IP address of the source in its ARP cache. (This applies for ARP Request packets and for ARP Reply packets)
Typical exploitation of these vulnerabilities: l A forged ARP Request or Reply can be used to update the ARP cache of a
remote system with a forged entry (ARP Poisoning) l This can be used to redirect IP traffic to other hosts
Layering: Different views From a layering point of view,
ARP sits below IP, but above the data link layer.
5/20/15 [email protected] 17
IP
Transport TCP/UDP
ARP
DLL
NetworkLayer
Link Layer
IP
ARP NetworkAccess RARP
Media
ICMP IGMP
TransportLayer
TCP UDP
While others don’t agree. They consider that ARP sites in the data link layer.
Windows Arp Command
l Displays and modifies entries in the Address Resolution Protocol (ARP) cache, which contains one or more tables that are used to store IP addresses and their resolved Ethernet or Token Ring physical addresses. There is a separate table for each Ethernet or Token Ring network adapter installed on your computer.
l Used without parameters, arp displays help. 5/20/15 [email protected] 18
Arp Command Syntax l arp [-a [InetAddr] [-N IfaceAddr]] [-g [InetAddr] [-N IfaceAddr]] [-d
InetAddr [IfaceAddr]] [-s InetAddr EtherAddr [IfaceAddr]]
5/20/15 [email protected] 19
• To display the ARP cache tables for all interfaces, type: C:\> arp -a
• To display the ARP cache table for the interface that is assigned the IP address 10.0.0.99, type:
C:\>arp -a -N 10.0.0.99 • To add a static ARP cache entry that resolves the IP address 10.0.0.80 to the physical address 00-AA-00-4F-2A-9C, type:
C:\>arp -s 10.0.0.80 00-AA-00-4F-2A-9C • To clear your ARP cache
c:\>arp –d *
Parameter -a l -a [InetAddr] [-N IfaceAddr] : Displays current ARP
cache tables for all interfaces. To display the ARP cache entry for a specific IP address, use arp -a with the InetAddr parameter, where InetAddr is an IP address. To display the ARP cache table for a specific interface, use the -N IfaceAddr parameter where IfaceAddr is the IP address assigned to the interface. The -N parameter is case-sensitive.
l -g [InetAddr] [-N IfaceAddr] : Identical to -a.
5/20/15 [email protected] 20
Parameter -d
l -d InetAddr [IfaceAddr] : Deletes an entry with a specific IP address, where InetAddr is the IP address. To delete an entry in a table for a specific interface, use the IfaceAddr parameter where IfaceAddr is the IP address assigned to the interface. To delete all entries, use the asterisk (*) wildcard character in place of InetAddr.
5/20/15 [email protected] 21
Parameter -s
l -s InetAddr EtherAddr [IfaceAddr] : Adds a static entry to the ARP cache that resolves the IP address InetAddr to the physical address EtherAddr. To add a static ARP cache entry to the table for a specific interface, use the IfaceAddr parameter where IfaceAddr is an IP address a ssigned to the interface.
5/20/15 [email protected] 22
