When computer programs send or get messages, they usually use something called an IP address, which is like a virtual address. But underneath, the real talk happens using another type of address called a MAC address, which is like a device’s actual home address.
So, our goal is to find out the MAC address of where we want to talk to. That’s where ARP comes in handy. It helps by turning the IP address into the physical MAC address, so we can chat with other devices on the network
Most computer programs/applications use logical addresses (IP Addresses) to send/receive messages. However, the actual communication happens over the Physical Address (MAC Address) from layer 2 of the OSI model. So our mission is to get the destination MAC Address which helps communicate with other devices. This is where ARP comes into the picture; its functionality is to translate IP addresses into physical addresses.
The acronym ARP stands for Address Resolution Protocol which is one of the most important protocols of the Data link layer in the OSI model . It is responsible to find the hardware address of a host from a known IP address. There are three basic ARP terms.
Note: ARP finds the hardware address, also known as the Media Access Control (MAC) address, of a host from its known IP address.
Address Resolution Protocol
Reverse Address Resolution Protocol is a protocol that is used in local area networks (LAN) by client machines for requesting IP Address (IPv4) from Router’s ARP Table. Whenever a new machine comes, which requires an IP Address for its use. In that case, the machine sends a RARP broadcast packet containing MAC Address in the sender and receiver hardware field.
Proxy Address Resolution Protocol work to enable devices that are separated into network segments connected through the router in the same IP to resolve IP Address to MAC Address. Proxy ARP is enabled so that the ‘proxy router’ resides with its MAC address in a local network as it is the desired router to which broadcast is addressed. In case, when the sender receives the MAC Address of the Proxy Router, it is going to send the datagram to Proxy Router, which will be sent to the destination device.
Inverse Address Resolution Protocol uses MAC Address to find the IP Address, it can be simply illustrated as Inverse ARP is just the inverse of ARP. In ATM (Asynchronous Transfer Mode) Networks, Inverse ARP is used by default. Inverse ARP helps in finding Layer-3 Addresses from Layer-2 Addresses.
Imagine a device that wants to communicate with others over the internet. What does ARP do? It broadcast a packet to all the devices of the source network. The devices of the network peel the header of the data link layer from the Protocol Data Unit (PDU) called frame and transfer the packet to the network layer (layer 3 of OSI) where the network ID of the packet is validated with the destination IP’s network ID of the packet and if it’s equal then it responds to the source with the MAC address of the destination, else the packet reaches the gateway of the network and broadcasts packet to the devices it is connected with and validates their network ID. The above process continues till the second last network device in the path reaches the destination where it gets validated and ARP, in turn, responds with the destination MAC address.
Note: An ARP request is broadcast, and an ARP response is a Unicast.
Internet Schema 1
Connect two PC, say A and B with a cross cable. Now you can see the working of ARP by typing these commands:
1. A > arp -a
There will be no entry at the table because they never communicated with each other.
Blank Entry Table ARP
2. A > ping 192.168.1.2
IP address of destination is 192.168.1.2
Reply comes from destination but one
packet is lost because of ARP processing.
Packet Loss ARP
Now, entries of the ARP table can be seen by typing the command. This is what the ARP table looks like:
A communication protocol called Address Resolution Protocol (ARP) is used to determine a device’s MAC (Media Access Control) address based on its IP address. There are mainly 4 types of ARP available:
A Layer 3 device can reply to an ARP request for a target that is on a different network than the sender by using a technique called proxy ARP. In response to the ARP, the router that has been set for Proxy ARP maps its MAC address to the target IP address, deceiving the sender into believing that the message has arrived at destination.
Because the packets have the required information, the proxy router at the backend forwards them to the correct location.
The host’s ARP request known as “gratuitous ARP” aids in locating duplicate IP addresses. This is a broadcast request for the router’s IP address. All other nodes are unable to use the IP address assigned to a switch or router in the event that it sends out an ARP request to obtain its IP address and receives no ARP answers in return. However, another node uses the IP address assigned to the switch or router if it sends an ARP request for its IP address and gets an ARP response.
In a local area network ( LAN ), the client system uses this networking protocol to ask the ARP gateway router table for its IPv4 address. The network administrator creates a table in the gateway-router that is used to correlate the IP address with the MAC address.
The purpose of inverse ARP, which is the opposite of ARP, is to deduce the nodes’ IP addresses from their data link layer addresses. Frame relays and ATM networks, where Layer 2 virtual circuit addressing is frequently obtained from Layer 2 signalling, are the primary applications for them. These virtual circuits can be used with the necessary Layer 3 addresses accessible.
As was previously noted, IP addresses are dynamic by design since doing so protects users’ privacy and security. IP address changes, though, shouldn’t happen at random. An IP address should be assigned according to rules from a predetermined range of numbers that are available in a particular network. By doing this, problems like two machines getting the same IP address are avoided.
The Dynamic Host Configuration Protocol, or DHCP , is the name given to the regulations. Because IP addresses are required to do an internet search, they are significant as computer identities. Users utilise alphabetical names while searching for a domain name or Uniform Resource Locator (URL).
Computers, on the other hand, link a domain name to a server using the numeric IP address. In order to link the two, an IP address is converted from a bewildering string of digits into a more legible, intelligible domain name by use of a Domain Name System ( DNS ) server, and vice versa.
ARP Spoofing is a type of falseness of a device in order to link the attacker’s MAC Address with the IP Address of the computer or server by broadcasting false ARP messages by the hacker. Upon successful establishment of the link, it is used for transferring data to the hacker’s computer. It is simply called Spoofing. ARP can cause a greater impact on enterprises. ARP Spoofing attacks can facilitate other attacks like:
Local Area Network that uses ARP is not safe in the case of ARP Spoofing, this is simply called as ARP Cache Poisoning.
ARP was first talked about in a document called Request for Comments 826, written by David C. Plummer in November 1982. Back then, there was a problem with figuring out addresses because Ethernet, the popular network technology, needed 48-bit addresses.
But now, with IP version 6 ( IPv6 ) addresses, which are much longer at 128 bits, we use something called the Neighbor Discovery protocol instead of ARP to get configuration info. Even though IPv4 addresses are still more common, IPv6 is getting more popular, especially with the rise of Internet of Things (IoT) devices that need IP addresses. Neighbor Discovery works in a different layer of the network and uses a protocol called Internet Control Message Protocol version 6 to find nearby devices.
In conclusion, ARP helps computers find each other’s physical addresses on a network so they can communicate effectively. ARP (Address Resolution Protocol) is like a translator for computers on a network. When one computer wants to talk to another, it needs to know the other computer’s physical address (MAC address). But all it has is the other computer’s IP address (like its home address). So, ARP steps in and asks, “Hey, who has this IP address?” The computer with that IP address responds with its MAC address , and then they can chat.
A “man in the middle” assault is one in which the hacker or attacker establishes a connection with the victims in order to communicate with them or maybe intercept all of the victims’ data packets. In this instance, the victims believe they are speaking with one another, but in actuality, the communication is being controlled by the malevolent attacker or hacker; in other words, a third party is in place to oversee and manage the communication flow between the client and server.
An IP address and a Media Access Control (MAC) address for a physical computer or device on a local network are linked by use of an Address Resolution Protocol cache (ARP cache), which is a data repository. The ARP cache aids in directing packets to the appropriate endpoint and can store information for both Ethernet and wireless routing.
Network hosts maintain the Address Resolution Protocol (ARP) table, which retains ARP entries for a few hours.
Spoofing is a kind of attack where hackers infiltrate the target user’s system and utilise their trust to propagate dangerous malware and steal data, including PINs and passwords, that is saved on the system.In spoofing, the hacker’s primary goal is to psychologically influence the victim.
