Internet Protocol Analysis/Address Resolution Protocol

From Wikiversity
Jump to navigation Jump to search

This lesson continues the Link layer and looks at the Address Resolution Protocol (ARP). Activities include viewing and modifying the ARP cache and using Wireshark to examine ARP network traffic.

Readings[edit | edit source]

  1. Wikipedia: Address Resolution Protocol
  2. Wikipedia: Broadcast address

Multimedia[edit | edit source]

  1. YouTube: Basics of ipconfig, ping, tracert, nslookup and netstat
  2. YouTube: An Overview of ARP - CompTIA Network+ N10-005: 4.3
  3. YouTube: ARP Basics for the Cisco CCNA
  4. YouTube: Address Resolution Protocol (ARP) Explained

Activities[edit | edit source]

  1. View the ARP Cache.
  2. Modify the ARP Cache.
  3. Review Wireshark: Address Resolution Protocol (ARP).
  4. Use Wireshark to capture and analyze Address Resolution Protocol (ARP) traffic.
  5. Consider situations in which a packet analyzer might be used to troubleshoot ARP traffic.

Lesson Summary[edit | edit source]

  • Address Resolution Protocol (ARP) is a telecommunications protocol used for resolution of network (Internet) layer addresses into link layer addresses.[1]
  • ARP is the name of the program for manipulating Address Resolution Protocol caches in most operating systems.[2]
  • In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP).[3]
  • ARP is a request and reply protocol that runs encapsulated by the line protocol.[4]
  • ARP is an Internet Protocol Suite Link layer protocol.[5]
  • ARP packets include the sender hardware address, the sender protocol address, the target hardware address, and the target protocol address.[6] The hardware address is typically the MAC address and the protocol address is typically the IP address.
  • The ARP cache is a memory-cached table of IP addresses and corresponding hardware addresses.[7]
  • An ARP probe is an ARP request for one's own IP address, sent just before a network interface begins to use that address. This is done to ensure that the IP address is not already in use on the network.[8]
  • A gratuitous ARP request is similar to an ARP probe in that an ARP request for one's own IP address is sent just before a network interface begins to sue the address. The difference is that an ARP probe involves conflict detection, while a gratuitous ARP request is simply an announcement of intent to use the given address.[9]
  • ARP mediation supports the transparent use of ARP requests across a circuit-based virtual private wire service (circuit-based VPN).[10]
  • Inverse ARP is used to resolve link layer addresses into network (Internet) layer addresses.[11]
  • Reverse ARP is similar to Inverse ARP in that it was used to resolve a link layer address into a network layer address. The difference is that Reverse ARP was used to resolve one's own link layer address rather than another node. Reverse ARP has been replaced by the Bootstrap Protocol (BOOTP) and the Dynamic Host Configuration Protocol (DHCP).[12]
  • Proxy ARP is a technique by which a device on a given network answers the ARP queries for a network address that is not on that network.[13]
  • ARP spoofing is a technique whereby an attacker sends fake Address Resolution Protocol (ARP) messages onto a Local Area Network to associate the attacker's MAC address with the IP address of another host.[14]
  • The IPv4 broadcast address is 255.255.255.255.[15]
  • IPv6 does not define broadcast addresses. IPv6 uses multicast addressing.[16]
  • The Ethernet broadcast address is FF:FF:FF:FF:FF:FF.[17]

Key Terms[edit | edit source]

Asynchronous Transfer Mode (ATM)
A telecommunications protocol defined by ANSI and ITU standards to carry voice, data, and video using asynchronous time-division multiplexing and small, fixed-sized cells.[18]
Customer Edge (CE)
The router at the customer premises that is connected to the provider edge of a service provider network.[19]
denial-of-service attack (DoS attack)
An attempt to make a machine or network resource unavailable to its intended users.[20]
Fiber Distributed Data Interface (FDDI)
Provides a 100 Mbit/s optical standard for data transmission in a local area network that can extend in range up to 200 kilometers (120 mi).[21]
Frame Relay
A standardized wide area network technology that specifies the physical and logical link layers of digital telecommunications channels using a packet switching methodology. Originally designed for transport across Integrated Services Digital Network (ISDN) infrastructure, it is less expensive than leased lines.[22]
man-in-the-middle attack
A form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them.[23]
Provider Edge (PE)
A router between one network service provider's area and areas administered by other network providers.[24]
telecommunication
The science and practice of transmitting information by electromagnetic means.[25]
Virtual Private Wire Service (VPWS)
A circuit-based Virtual Private Network (VPN).[26]
X.25
An ITU-T standard protocol suite for packet switched wide area network (WAN) communication using leased lines, plain old telephone service connections or ISDN connections as physical links.[27]

Review Questions[edit | edit source]

Enable JavaScript to hide answers.

Click on a question to see the answer.

  1. Address Resolution Protocol (ARP) is a telecommunications protocol used for _____.
    Address Resolution Protocol (ARP) is a telecommunications protocol used for resolution of network (Internet) layer addresses into link layer addresses.
  2. ARP is the name of the program for manipulating Address Resolution Protocol _____ in most operating systems.
    ARP is the name of the program for manipulating Address Resolution Protocol caches in most operating systems.
  3. In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by _____.
    In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP).
  4. ARP is a request and reply protocol that runs encapsulated by the _____ protocol.
    ARP is a request and reply protocol that runs encapsulated by the line protocol.
  5. ARP is an Internet Protocol Suite _____ layer protocol.
    ARP is an Internet Protocol Suite Link layer protocol.
  6. ARP packets include _____.
    ARP packets include the sender hardware address, the sender protocol address, the target hardware address, and the target protocol address.
  7. The ARP cache is _____.
    The ARP cache is a memory-cached table of IP addresses and corresponding hardware addresses.
  8. An ARP probe is _____.
    An ARP probe is an ARP request for one's own IP address, sent just before a network interface begins to use that address.
  9. A gratuitous ARP request is _____.
    A gratuitous ARP request is simply an announcement of intent to use the given address.
  10. ARP mediation supports the transparent use of ARP requests across _____.
    ARP mediation supports the transparent use of ARP requests across a circuit-based virtual private wire service (circuit-based VPN).
  11. Inverse ARP is used to _____.
    Inverse ARP is used to resolve link layer addresses into network (Internet) layer addresses.
  12. Reverse ARP is similar to Inverse ARP in that it was used to resolve a link layer address into a network layer address. The difference is that _____.
    Reverse ARP is similar to Inverse ARP in that it was used to resolve a link layer address into a network layer address. The difference is that Reverse ARP was used to resolve one's own link layer address rather than another node.
  13. Proxy ARP is a technique by which a device on a given network _____.
    Proxy ARP is a technique by which a device on a given network answers the ARP queries for a network address that is not on that network.
  14. ARP spoofing is a technique whereby an attacker _____.
    ARP spoofing is a technique whereby an attacker sends fake Address Resolution Protocol (ARP) messages onto a Local Area Network to associate the attacker's MAC address with the IP address of another host.
  15. The IPv4 broadcast address is _____.
    The IPv4 broadcast address is 255.255.255.255.
  16. IPv6 does not define broadcast addresses. IPv6 uses _____ addressing.
    IPv6 does not define broadcast addresses. IPv6 uses multicast addressing.
  17. The Ethernet broadcast address is _____.
    The Ethernet broadcast address is FF:FF:FF:FF:FF:FF.

Assessments[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

Type classification: this is a lesson resource.
Completion status: this resource is considered to be complete.