Address Resolution Flashcards
What are the two primary addresses assigned to a device on an Ethernet LAN?
1) Physical address (the MAC address)– Used for NIC to-NIC communications on the same Ethernet network.
2) Logical address (the IP address)– Used to send the packet from the source device to the destination device. The destination IP address may be on the same IP network as the source or it may be on a remote network.
What’s the function of ARP?
A device uses Address Resolution Protocol to determine the destination MAC address of a local device when it knows its IPv4 address.
What are the two basic functions that ARP provides?
1) Resolving IPv4 addresses to MAC addresses
2) Maintaining a table of IPv4 to MAC address mappings
When is an ARP request sent?
When a device needs to determine the MAC address that is associated with an IPv4 address, and it does not have an entry for the IPv4 address in its ARP table.
The ARP request is encapsulated in an Ethernet frame using the following header information:
1) Destination MAC address – This is a broadcast address FF-FF-FF-FF-FF-FF requiring all Ethernet NICs on the LAN to accept and process the ARP request.
2) Source MAC address – This is MAC address of the sender of the ARP request.
3) Type
ARP requests are what?
Broadcasts, they are flooded out of all ports by the switch, except the receiving port. All Ethernet NICs on the LAN process broadcast and must deliver the ARP request to its operating system for processing. Every device must process the ARP request to see if the target IPv4 address matches its own. A router will not forward broadcasts out of other interfaces.
Only one device on the LAN will have an IPv4 address that matches the target IPv4 address in the ARP request. All other devices will not reply.
Talk about ARP reply
Only the device with the target IPv4 address associated with the ARP request will respond with an ARP reply. The ARP reply is encapsulated in an Ethernet frame using the following header information:
1) Destination MAC address: This is the MAC address of the sender of the ARP request.
2) Source MAC address: This is the MAC address of the sender of the ARP reply.
3) Type
Only the device that originally sent the ARP request will receive the unicast ARP reply. After the ARP reply is received, the device will add the IPv4 address and the corresponding MAC address to its ARP table. Packets destined for that IPv4 address can now be encapsulated in frames using its corresponding MAC address.
What happens if no device responds to the ARP request?
The packet is dropped because a frame cannot be created.
Explain this sentence “Entries in the ARP table are time stamped”.
If a device does not receive a frame from a particular device before the timestamp expires, the entry for this device is removed from the ARP table.
Talk about ARP Role in Remote Communications
When the destination IPv4 address is not on the same network as the source IPv4 address, the source device needs to send the frame to its default gateway. This is the interface of the local router. Whenever a source device has a packet with an IPv4 address on another network, it will encapsulate that packet in a frame using the destination MAC address of the router.
Talk about removing entries from an ARP Table
For each device, an ARP cache timer removes ARP entries that have not been used for a specified period of time. The times differ depending on the operating system of the device.
What are the commands used to display the ARP table?
1) On a Cisco router, the show ip arp
2) On a Windows 10 PC, the arp –a command
What are ARP issues?
1) ARP broadcasts
2) ARP spoofing
Talk about ARP broadcasts issue
As a broadcast frame, an ARP request is received and processed by every device on the local network, if a large number of devices were to be powered up and all start accessing network services at the same time, there could be some reduction in performance for a short period of time
Talk about ARP spoofing
In some cases, the use of ARP can lead to a potential security risk. A threat actor can use ARP spoofing to perform an ARP poisoning attack. This is a technique used by a threat actor to reply to an ARP request for an IPv4 address that belongs to another device, such as the default gateway. The threat actor sends an ARP reply with its own MAC address. The receiver of the ARP reply will add the wrong MAC address to its ARP table and send these packets to the threat actor.