1 / 6

Understanding ARP: Address Resolution Protocol Overview

Learn about ARP, a crucial network protocol mapping data link layer to network layer addresses. Discover ARP frame formats, process variations, security risks, and proactive measures to safeguard your network. Enhance your knowledge on ARP tables and cache maintenance.

melina
Télécharger la présentation

Understanding ARP: Address Resolution Protocol Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Network Protocols • Address Resolution Protocol (ARP)

  2. ARP overview • Datalink to network layer address mapping • e.g. 0000.1234.abcd <---> 192.0.2.1 • Hosts and routers build ARP table/cache • ARP entries associated with a local interface • Timers used to age old table entries • Potential security problems with ARP • No authentication, can lead to impersonation

  3. ARP frame format

  4. Receiver Fill in missing fields Learn sender's IP/MAC Reply directly to sender Typical ARP process... Sender • Send L2 broadcast • Fill in known target IP

  5. Variations on typical ARP theme • Inverse ARP - get your MAC when your IP is known • Reverse ARP - request an IP address • DHCP ARP - Used to validate a DHCP lease • Gratutious ARP - update others of your IP/MAC • UnARP - notify others to flush your IP/MAC

  6. ARP security • Impersonation is probably the biggest risk • forge ARP replies • send bogus gratiutious ARPs • Use LAN switch w/ port security and 1 host per port • Use port-level authentication (e.g. 802.1x) • Monitor for ARP table changes and for overflows • Maintain router/host ARP table history

More Related