The ARP protocol and "with what it is eaten" (added)
Thanks to the hardex habraiser for publishing the original article, as well as to all those who pushed into the karma for the possibility of my handwritten publication. Now the updated version with the wishes and additions. Welcome under cat.
Good day, dear habrayuzer. With this article I want to start a cycle of narration about protocols that help us to exchange information transparently, quickly and securely. And start with the ARP protocol.
')
As is known, Internet addressing is a 32-bit sequence of 0 and 1, called IP addresses. But the direct connection between two devices in the network is carried out by the addresses of the data link layer (MAC-addresses).
So, to determine the correspondence between the logical address of the network layer (IP) and the physical address of the device (MAC), the ARP (Address Resolution Protocol) protocol described in RFC 826 is used.
ARP consists of two parts. The first one determines the physical address when sending a packet, the second one responds to requests from other stations.
The protocol has a buffer memory (ARP-table) in which address pairs (IP-address, MAC-address) are stored in order to reduce the number of requests sent, consequently, to save traffic and resources.
An example of an ARP table.
192.168.1.1 08: 10: 29: 00: 2F: C3
192.168.1.2 08: 30: 39: 00: 2F: C4
On the left - IP addresses, on the right - MAC addresses.
Before connecting to one of the devices, the IP protocol checks whether its ARP table contains an entry for the corresponding device. If there is such an entry, then the connection and transfer of packets takes place directly. If not, a broadcast ARP request is sent that ascertains which device the IP address belongs to. After identifying itself, the device sends back its MAC address, and the corresponding entry is entered into the sender's ARP table.
ARP-table entries are of two kinds: static and dynamic. Static ones are added by the user, while dynamic ones are created and deleted automatically. In this case, the broadcast physical address FF: FF: FF: FF: FF: FF is always stored in the ARP table (in Linux and Windows).
Creating an entry in the ARP table is simple (via the command line):
arp –s <ip address> <mac address>
Display ARP table entries:
arp –a
After adding a record to the table, it is assigned a timer. At the same time, if the recording is not used for the first 2 minutes, it is deleted, and if used, its lifetime is extended for another 2 minutes, with a maximum of 10 minutes for Windows and Linux (FreeBSD - 20 minutes, Cisco IOS - 4 hours) after which a new broadcast ARP request is made.
ARP messages do not have a fixed header format and, when transmitted over a network, are encapsulated in a data-link data field.
The format of the ARP message.
And this is how the route is determined with the participation of the ARP protocol.
Let sender A and receiver B have their addresses with the subnet mask indicated.
The main advantage of the ARP protocol is its simplicity, which gives rise to its main drawback - absolute insecurity, since the protocol does not check the authenticity of the packets, and as a result, you can replace the entries in the ARP table (material for a separate article), wedged between the sender and the recipient.
You can deal with this drawback by manually hammering entries into the ARP table, which adds a lot of routine work both during table formation and subsequent maintenance during network modification.
There are also InARP (Inverse ARP) protocols that perform the inverse function: a logical recipient is searched for a given physical address, and RARP (Reverse ARP), which is similar to InARP, only it searches for the logical address of the sender.
In general, ARP protocol is universal for any networks, but is used only in IP and broadcast (Ethernet, WiFi, WiMax, etc.) networks, as the most widespread, which makes it indispensable when searching for matches between logical and physical addresses.
PS I wrote this article myself, not prying anywhere, based only on my knowledge gained from studying networks.
Good day, dear habrayuzer. With this article I want to start a cycle of narration about protocols that help us to exchange information transparently, quickly and securely. And start with the ARP protocol.
')
As is known, Internet addressing is a 32-bit sequence of 0 and 1, called IP addresses. But the direct connection between two devices in the network is carried out by the addresses of the data link layer (MAC-addresses).
So, to determine the correspondence between the logical address of the network layer (IP) and the physical address of the device (MAC), the ARP (Address Resolution Protocol) protocol described in RFC 826 is used.
ARP consists of two parts. The first one determines the physical address when sending a packet, the second one responds to requests from other stations.
The protocol has a buffer memory (ARP-table) in which address pairs (IP-address, MAC-address) are stored in order to reduce the number of requests sent, consequently, to save traffic and resources.
An example of an ARP table.
192.168.1.1 08: 10: 29: 00: 2F: C3
192.168.1.2 08: 30: 39: 00: 2F: C4
On the left - IP addresses, on the right - MAC addresses.
Before connecting to one of the devices, the IP protocol checks whether its ARP table contains an entry for the corresponding device. If there is such an entry, then the connection and transfer of packets takes place directly. If not, a broadcast ARP request is sent that ascertains which device the IP address belongs to. After identifying itself, the device sends back its MAC address, and the corresponding entry is entered into the sender's ARP table.
ARP-table entries are of two kinds: static and dynamic. Static ones are added by the user, while dynamic ones are created and deleted automatically. In this case, the broadcast physical address FF: FF: FF: FF: FF: FF is always stored in the ARP table (in Linux and Windows).
Creating an entry in the ARP table is simple (via the command line):
arp –s <ip address> <mac address>
Display ARP table entries:
arp –a
After adding a record to the table, it is assigned a timer. At the same time, if the recording is not used for the first 2 minutes, it is deleted, and if used, its lifetime is extended for another 2 minutes, with a maximum of 10 minutes for Windows and Linux (FreeBSD - 20 minutes, Cisco IOS - 4 hours) after which a new broadcast ARP request is made.
ARP messages do not have a fixed header format and, when transmitted over a network, are encapsulated in a data-link data field.
The format of the ARP message.
- network type (16 bits): for Ethernet - 1 ;
- protocol type (16 bits): h0800 for IP ;
- hardware address length (8 bits);
- network address length (8 bits);
- operation type (16 bits): 1 - request, 2 - answer ;
- sender's hardware address (variable length);
- network address of the sender (variable length);
- recipient hardware address (variable length);
- recipient's network address (variable length).
And this is how the route is determined with the participation of the ARP protocol.
Let sender A and receiver B have their addresses with the subnet mask indicated.
- If the addresses are on the same subnet, then the ARP protocol is called and the physical address of the recipient is determined, after which the IP packet is encapsulated in a link layer frame and sent to the specified physical address corresponding to the destination IP address.
- If not, it starts to look at the table looking for a direct route.
- If the route is found, the ARP protocol is called and the physical address of the corresponding router is determined, after which the packet is encapsulated in the link layer frame and sent to the specified physical address.
- Otherwise, ARP is called and the default physical address of the router is determined, after which the packet is encapsulated in the link layer frame and sent to the specified physical address.
The main advantage of the ARP protocol is its simplicity, which gives rise to its main drawback - absolute insecurity, since the protocol does not check the authenticity of the packets, and as a result, you can replace the entries in the ARP table (material for a separate article), wedged between the sender and the recipient.
You can deal with this drawback by manually hammering entries into the ARP table, which adds a lot of routine work both during table formation and subsequent maintenance during network modification.
There are also InARP (Inverse ARP) protocols that perform the inverse function: a logical recipient is searched for a given physical address, and RARP (Reverse ARP), which is similar to InARP, only it searches for the logical address of the sender.
In general, ARP protocol is universal for any networks, but is used only in IP and broadcast (Ethernet, WiFi, WiMax, etc.) networks, as the most widespread, which makes it indispensable when searching for matches between logical and physical addresses.
PS I wrote this article myself, not prying anywhere, based only on my knowledge gained from studying networks.
Source: https://habr.com/ru/post/80364/
All Articles