NETWORK ~ ARP Protocol

 

    ARP (Address Resolution Protocol) is a protocol used to find out the hardware address (MAC) of a device from an IP address. It is used when a device wants to communicate with another device on a local network (for example, on an Ethernet network that requires knowledge of physical addresses before sending packets).

    The sending device uses ARP to translate IP addresses into MAC addresses. The device sends the "ARP request" message containing the IP address of the receiving device. The message is displayed on all devices in a LAN segment, but only the device with that IP address responds with the "ARP reply" message containing its MAC address. The sending device now has enough information to send the packet to the receiving device.

    The "ARP request" packets are sent to a broadcast address (FF:FF:FF:FF:FF:FF for the broadcast MAC address and 255.255.255.255 for the broadcast IP address).

The explanation of the ARP process: 

    Suppose Host A wants to communicate with Host B. Host A knows the IP address of Host B, but does not know the MAC address of Host B. In order to know the MAC address of host B, host A sends "ARP request", displaying host B's IP address as the destination IP address and the MAC address of FF:FF:FF:FF:FF:FF. The switch will forward the frame to all interfaces (except the incoming interface). Each device in the segment will receive the packet, but since the destination IP address is the IP address of host B, only host B responds with the "ARP Reply" packet, indicating its MAC address. Host A now has enough information to send the traffic to Host B.

    To reduce the number of address resolution requests, a client normally caches resolved addresses for a (short) period of time. The arp cache has a finite size. It is therefore periodically flushed of all entries. This removes unused entries and frees up space in the cache. It also removes all unsuccessful attempts to contact computers that are not running.

    If a host changes the MAC address it is using, this can be detected by other hosts when the cached entry is deleted and a new ARP message is sent to establish a new connection.

You can view the ARP entries in Windows and Linux with the command > arp -a

The format of an ARP message:

•         Hardware Type: This field specifies the type of hardware used for the LAN transmitting the ARP message. Ethernet is the common hardware type and its value for Ethernet is 1. The size of this field is 2 bytes.

•     Protocol Type: Each protocol is assigned a number used in this field. IPv4 is 2048 (0x0800 in hex).

•     Hardware Address Length: The length in bytes of the hardware address (MAC). Ethernet MAC addresses are 6 bytes long.

•     Protocol Address Length: The length in bytes of a logical address (IPv4 address). IPv4 addresses have a length of 4 bytes.

•     Operation: The Operation field in the ARP message specifies the nature of the ARP message. 1 for "ARP request" and 2 for "ARP reply".

•    Sender Hardware Address: MAC addresses of the device sending the message.

•     Sender Protocol Address: IPv4 address of the device sending the message.

•     Target Hardware Address: MAC addresses of the intended receiver. This field is ignored in arp requests.

•     Target Protocol Address: IPv4 address of the receiver.
  

 

THANK YOU for reading

You Tech 56

Follow us on social medias: linktr.ee/youtech56