Security – About ARP .

By | 30/07/2018

The Address Resolution Protocol (ARP) is a key TCP/IP protocol that is used to determine the physical address of the network card that corresponds to an IP address.
The ARP is a protocol used in the TCP/IP protocol suite at the internet layer.
The ARP finds the MAC address of destination computer by using the IP address of destination computer.
ARP spoofing forces the destination computer to send packets to the attacker instead of source. Attacker
can tap into the communication by forcing source and destination computers to send packets to itself at the
same time. When it comes to this situation it is called MITM ( this attack is classified as the “man in the middle” known as MITM).
The arp command:

The ARP cache is a collection of ARP entries store by your PC and it will stay there until the ARP cache entry timeout expires.
To flush the entire arp cache use the following command:

All possible issues and errors that result cache update for ARP :

  • Solicited entries: A host sends an ARP request and gets the reply.
  • Unsolicited entries: A host can receive an ARP request that is not destined for it, because ARP packets are
    broadcast.
  • Static entries: These entries are entered manually and they have no lifetime. They live until next reboot.
  • Gratuitous ARP: A gratuitous ARP is a message sent by a host requesting the MAC address for its own IP
    address.

NOTE: ARP Spoofing is an ARP reply, an attacker may easily change the IP and MAC association contained in a host ARP cache.
Read about ARP guard to learn more about ARP.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.