Working of ARP

The majority of computer programmes and applications send and receive messages using logical addresses (IP addresses), but the actual communication takes place over physical addresses (MAC addresses), which is found in layer 2 of the OSI model.

Our objective is to find the destination MAC address so that we can communicate with other devices. Because ARP transforms IP addresses into Mac addresses or physical addresses, which is helpful in this situation.

A new computer that joins a LAN is specified by a special IP address that is used for identification and communication. The ARP program will be asked to locate a MAC address that matches the IP address when a packet is incoming from a host computer on a particular LAN reaches the gateway.

A host first determines whether the IP to Mac address translation is present or not in the ARP cache when it requests a MAC address to send a packet to another host in the LAN. If it exists, a new ARP request is not required and if the translation is not exist a request for network addresses is sent before an ARP operation.

ARP sends a request packet to every device on the LAN if any LAN machine use the particular IP address.

The ARP Request message will be broadcast throughout the local network by the source computer. Every device connected to the LAN network receives the broadcast message.

Instead of being broadcast, the ARP Reply message is unicast. This is so because the device from which the ARP Reply message is being sent is aware of the MAC address of the device from which the message is being received.

The destination's MAC address will be updated by the source in the ARP cache. The sender can now communicate with the receiver directly.

Network devices transfer the packet to the network layer after removing the frame's protocol data unit (PDU) called the data link layer's header (layer 3 of OSI).

If the network IDs of the source and destination IPs match, the destination's MAC address is returned to the source, otherwise, the packet reaches the network gateway, which broadcasts it to the connected devices and verifies their network IDs.

The above-said procedure continues up until the second last network device in the path arrives at the destination, at which point it is validated and ARP replies with the destination MAC address.

The request message or field in ARP contains many important terms like:

1. Hardware Type: It describes the type of hardware that is used to send the ARP message.The most popular kind of hardware is Ethernet.

2. Protocol Type: It describes the protocol type (hex, decimal, etc.) Each protocol is specified as a number. And in this case, the IPv4 protocol is a hex type protocol which is commonly used.

3. Protocol Size: It describes the length or size of the protocol. Here the size of the IPv4 address is 4 bytes.

4. Opcode: It describes the ARP message's code or nature. For Example, 1 represents an ARP request, and 2 represents an ARP response.

5. Source IP Address: It contains source IP address like 10.10.10.2

6. Destination(Target) IP Address: It contains a destination IP address like 10.10.10.1

7. Source MAC Address: It contains Source Mac Address like 00:1a:6b:6c:0c:cc

Advantages Of ARP

  • The main benefit of a proxy ARP is that it can communicate with every machine on the network with the help of one router.
  • If we are aware of the device's IP address, we can quickly determine the MAC address of that device by using ARP.
  • It is not necessary to set the end nodes addresses for the MAC address. If necessary, we can locate it.

Disadvantages of ARP

  • The main drawback is that hosts on a network build up more information in their ARP tables because they believe that all other machines are reachable via an ARP request.
  • It boosts ARP traffic in your segment.
  • Larger ARP tables are required by hosts to manage IP-to-MAC address mappings.
  • Security threats are possible.
  • Networks without ARP-based address resolution are not supported by it.
  • It does not apply to every network topology.

Why is ARP important?

ARP is required because it converts the host software address into a hardware address (MAC address). A host is unable to determine the hardware address of another host without the use of ARP. The local area network (LAN) maintains a table or directory that converts IP addresses to MAC addresses for various devices, including routers and endpoints.

Users or even IT administrators are not responsible for maintaining this table or directory. Instead, the ARP protocol generates entries when required.

ARP Spoofing

ARP spoofing is also known as ARP poison routing and ARP cache poisoning. In this malicious attack, a hacker sends phony ARP messages to a target LAN in an effort to associate their MAC address with the IP address of a reliable server or device on the network.

Data from the victim's computer can be sent through the link to the attacker's machine instead of the original destination. Attacks using ARP spoofing can be risky because sensitive data may be transferred between computers without the victim's knowledge.

Conclusion

Our objective is to find the destination MAC address so that we can communicate with other devices. Because ARP transforms IP addresses into Mac addresses or physical addresses, which is helpful in this situation.



ADVERTISEMENT
ADVERTISEMENT