Introduction

Do you ever wonder how pieces of information are shared over the internet? Any piece of information is exchanged from one source to another via messages or signals over the internet. Computer software and applications mostly use IP addresses to send these messages. IP addresses are the logical address to send the messages. But the actual communication between the systems happens over physical addresses that are generally known as Media Access Control addresses (MAC addresses).

These physical addresses are established over the Local Area Network(LAN). The MAC address is the second layer of the Open Systems Interconnection model (OSI model). This is the place where the role of the ARP applies. ARP is the abbreviation for Address Resolution Protocol that maps the IP address to the MAC address. Read on more to get the full information on how it works.

In this article let us look at:

  1. What is Address Resolution Protocol?
  2. How does ARP Work?
  3. Types of ARP
  4. Why is ARP needed?
  5. Address Resolution Protocol Spoofing

1. What is Address Resolution Protocol?

It is a communication protocol used to find the MAC Address of a device from the available IP address. According to the definition of RFC 826, it is a protocol used to uncover the 2nd layered information associated with the internet layer addresses. 

The answer to the question, what is Address Resolution Protocol, is that it is a request and response protocol, where one device requests a piece of information and another device provides it over a LAN network.

It essentially translates the 32-bit addresses used by IP addresses to 48-bit addresses generally used by MAC addresses and vice versa for the information exchange. It has two features, mapping of the addresses and aiding in sending and receiving messages.  

2. How does ARP Work?

The following points will help you understand the working of ARP.

  • When a source device needs to connect with another device, the source Device checks its Address Resolution Protocol store to find the MAC address of the destination device. The purpose of ARP here is to search for the MAC address when the mac address is available and is transferred, the transfer of packets of information takes place. 
  • When the Mac address of the destination device is not present, the source device broadcasts ARP requests to all the network devices present in the LAN. Each device, in turn, compares the target protocol address, i.e, the IPv4 Address of the destination device with its own protocol address. 
  • If any of the devices find a match to their Ipv4 address to the targeted address, it generates a reply message to the source. The device then uses the sender’s main IP and hardware address from the request message processes it and uses the values to the targeted IP and hardware address to reply to messages.
  • The destination device then updates its Address Resolution Protocol cache and sends the unicast message reply to the source device. The Source device, on receiving the reply, process the reply and saves the destination’s Hardware address as the layer 2 address for it.   
  • The Source device then updates the sender device’s hardware address and protocol address received in the reply in its own(source device) ARP cache. This is how the packets are sent by the source as it knows the destination’s MAC address.

3. Types of ARP

There are four types of ARP.

  • Proxy ARP
  • Reverse ARP (RARP)
  • Gratuitous ARP
  • Inverse ARP

The same is being discussed in detail as below:

1) Proxy ARP: It is a system that answers the ARP requests on the behalf of another system. When the request is sent by a system outside of the host’s network, the router acts as a gateway to send the packets outside the networks to their destinations. 

2) Reverse ARP (RARP): It is a convention utilized by the customer framework in LAN to demand its IPv4 address from the gateway-router table. A table is made by the organization manager in the gateway-router that is utilized to discover the MAC address to the relating IP address.

3) Gratuitous ARP: It is a request from the broadcast to get the router’s IP address. It is used when an end system has an IP address but wishes to defend its MAC address from the LAN or to check if the IP address is not used by any other node or system.

4) Inverse ARP: It is used to find the Ip addresses of the systems over LAN from its MAC addresses. It is mostly used in ATM networks, or in frame relays, where level 3 data are acquired from the level 2 data.

4. Why is ARP needed?

Devices in a Local Area Network(LAN) communicate with the ethernet addresses and not IP addresses. The devices are not configured to allow destination devices within the same network to connect with the IP address. Any device will not have an IP address when it is not connected to the internet. In that case, the network has to use MAC addresses for communication.

When any system needs to communicate with any other device in the same network, it has to know the MAC address of the network interface of the destination device. If the source device knows the MAC address of the destination device, the communication between them can be unicast. The purpose and need of the Address Resolution Protocol are to get the MAC address of the device.

5. Address Resolution Protocol Spoofing

The LAN must be aware of Address Resolution Protocol spoofing, where a hacker provides a false protocol message and hacks the IP address of the devices within the network. It can lead to a serious loss of information and financial loss to the enterprises. It can be avoided using some prevention techniques like Packet filtering, Use spoofing detection software, Use cryptographic network protocols, etc.

Conclusion

So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give you an edge in this competitive world.

ALSO READ

SHARE