Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

MODULE 8 - Address Resolution Protocol CERTIFICATION CYBER OPS ASSOCIATE > MODULE 8 - CERTIFICATION CYBER OPS ASSOCIATE > Flashcards

MODULE 8 - CERTIFICATION CYBER OPS ASSOCIATE Flashcards

1
Q

MAC and IP Destination on Same Network There are two primary addresses assigned to a device on an Ethernet LAN:

– Physical address (the MAC address)

– Logical address (the IP address)

A

Physical address (the MAC address) :

This is used for Ethernet NIC to Ethernet NIC communications on the same network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

MAC and IP Destination on Same Network There are two primary addresses assigned to a device on an Ethernet LAN:

– Physical address (the MAC address)

– Logical address (the IP address)

A

Logical address (the IP address) :

This is used to send the packet from the original source to the final destination. IP addresses are used to identify the address of the original source device and the final destination device.

The destination IP address may be on the same IP network as the source or may be on a remote network.

Note: Most applications use DNS (Domain Name System) to determine the IP address when given a domain name such as www.cisco.com. DNS is discussed in a later module.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Logical address (the IP address) :

This is used to send the packet from the original source to the final destination. IP addresses are used to identify the address of the original source device and the final destination device.

The destination IP address may be on the same IP network as the source or may be on a remote network.

Note: Most applications use DNS (Domain Name System) to determine the IP address when given a domain name such as www.cisco.com. DNS is discussed in a later module.

A

Ethernet MAC addresses, have a different purpose.

These addresses are used to deliver the data link frame with the encapsulated IP packet from one NIC to another NIC on the same network.

If the destination IP address is on the same network, the destination MAC address will be that of the destination device.

The figure shows the Ethernet MAC addresses and IP address for PC-A sending an IP packet to the file server on the same network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Ethernet MAC addresses, have a different purpose.

These addresses are used to deliver the data link frame with the encapsulated IP packet from one NIC to another NIC on the same network.

If the destination IP address is on the same network, the destination MAC address will be that of the destination device.

The figure shows the Ethernet MAC addresses and IP address for PC-A sending an IP packet to the file server on the same network.

A

The Layer 2 Ethernet frame contains:

– Destination MAC address

– Source MAC address

The Layer 3 IP packet contains:

– Source IP address

– Destination IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The Layer 2 Ethernet frame contains:

– Destination MAC address

– Source MAC address

The Layer 3 IP packet contains:

– Source IP address

– Destination IP address

A

The Layer 2 Ethernet frame contains:

– Destination MAC address

This is the MAC address of the file server’s Ethernet NIC.

– Source MAC address

This is the MAC address of PC-A’s Ethernet NIC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The Layer 2 Ethernet frame contains:

– Destination MAC address

– Source MAC address

The Layer 3 IP packet contains:

– Source IP address

– Destination IP address

A

The Layer 3 IP packet contains:

– Source IP address

This is the IP address of the original source, PC-A.

– Destination IP address

This is the IP address of the final destination, the file server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The Layer 3 IP packet contains:

– Source IP address

This is the IP address of the original source, PC-A.

– Destination IP address

This is the IP address of the final destination, the file server.

Communicating on a Local Network

https://snipboard.io/UwENei.jpg

A

The Layer 3 IP packet contains:

– Source IP address

This is the IP address of the original source, PC-A.

– Destination IP address

This is the IP address of the final destination, the file server.

Communicating on a Local Network

https://snipboard.io/UwENei.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Destination on Remote Network : When the destination IP address is on a remote network, the destination MAC address will be the address of the host’s default gateway.

The default gateway address is the address of the router’s NIC, as shown in the figure. Using a postal analogy, this would be similar to a person taking a letter to their local post office. They only need to leave the letter at the post office.

It then becomes the responsibility of the post office to forward the letter on towards its final destination. The figure shows the Ethernet MAC addresses and IPv4 addresses for PC-A.

It is sending an IP packet to a file server on a remote network. Routers examine the destination IPv4 address to determine the best path to forward the IPv4 packet. This is similar to how the postal service forwards mail based on the address of the recipient.

A

When the router receives the Ethernet frame, it de-encapsulates the Layer 2 information. Using the destination IP address, it determines the next-hop device, and then encapsulates the IP packet in a new data link frame for the outgoing interface.

Along each link in a path, an IP packet is encapsulated in a frame specific to the particular data link technology associated with that link, such as Ethernet.

If the next-hop device is the final destination, the destination MAC address will be that of the device’s Ethernet NIC.

How are the IPv4 addresses of the IPv4 packets in a data flow associated with the MAC addresses on each link along the path to the destination? This is done through a process called Address Resolution Protocol (ARP).

Communicating to a Remote Network :

https://snipboard.io/R5z8cp.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ARP ARP Overview

If your network is using the IPv4 communications protocol, the Address Resolution Protocol, or ARP, is what you need to map IPv4 addresses to MAC addresses.

This topic explains how ARP works. Every IP device on an Ethernet network has a unique Ethernet MAC address.

When a device sends an Ethernet Layer 2 frame, it contains these two addresses:

– Destination MAC address

– Source MAC address

A

Destination MAC address :

The Ethernet MAC address of the destination device on the same local network segment.

If the destination host is on another network, then the destination address in the frame would be that of the default gateway (i.e., router). Source MAC address :

The MAC address of the Ethernet NIC on the source host. The figure illustrates the problem when sending a frame to another host on the same segment on an IPv4 network.

https://snipboard.io/2mEyRT.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Destination MAC address :

The Ethernet MAC address of the destination device on the same local network segment.

If the destination host is on another network, then the destination address in the frame would be that of the default gateway (i.e., router).

Source MAC address : The MAC address of the Ethernet NIC on the source host. The figure illustrates the problem when sending a frame to another host on the same segment on an IPv4 network.

https://snipboard.io/2mEyRT.jpg

A

To send a packet to another host on the same local IPv4 network, a host must know the IPv4 address and the MAC address of the destination device.

Device destination IPv4 addresses are either known or resolved by device name. However, MAC addresses must be discovered.

A device uses Address Resolution Protocol (ARP) to determine the destination MAC address of a local device when it knows its IPv4 address.

ARP provides two basic functions: Resolving IPv4 addresses to MAC addresses Maintaining a table of IPv4 to MAC address mappings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ARP Functions

When a packet is sent to the data link layer to be encapsulated into an Ethernet frame, the device refers to a table in its memory to find the MAC address that is mapped to the IPv4 address.

This table is stored temporarily in RAM memory and called the ARP table or the ARP cache.

A

The sending device will search its ARP table for a destination IPv4 address and a corresponding MAC address.

If the packet’s destination IPv4 address is on the same network as the source IPv4 address, the device will search the ARP table for the destination IPv4 address.

If the destination IPv4 address is on a different network than the source IPv4 address, the device will search the ARP table for the IPv4 address of the default gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The sending device will search its ARP table for a destination IPv4 address and a corresponding MAC address.

If the packet’s destination IPv4 address is on the same network as the source IPv4 address, the device will search the ARP table for the destination IPv4 address.

If the destination IPv4 address is on a different network than the source IPv4 address, the device will search the ARP table for the IPv4 address of the default gateway.

A

In both cases, the search is for an IPv4 address and a corresponding MAC address for the device.

Each entry, or row, of the ARP table binds an IPv4 address with a MAC address.

We call the relationship between the two values a map. This simply means that you can locate an IPv4 address in the table and discover the corresponding MAC address.

The ARP table temporarily saves (caches) the mapping for the devices on the LAN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In both cases, the search is for an IPv4 address and a corresponding MAC address for the device.

Each entry, or row, of the ARP table binds an IPv4 address with a MAC address.

We call the relationship between the two values a map. This simply means that you can locate an IPv4 address in the table and discover the corresponding MAC address.

The ARP table temporarily saves (caches) the mapping for the devices on the LAN.

A

If the device locates the IPv4 address, its corresponding MAC address is used as the destination MAC address in the frame.

If there is no entry is found, then the device sends an ARP request. watch a video on the ARP function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ARP Operation -

ARP Request An ARP request is sent when a device needs to determine the MAC address that is associated with an IPv4 address, and it does not have an entry for the IPv4 address in its ARP table.

ARP messages are encapsulated directly within an Ethernet frame. There is no IPv4 header. The ARP request is encapsulated in an Ethernet frame using the following header information:

A

Destination MAC address –

This is a broadcast address FF-FF-FF-FF-FF-FF requiring all Ethernet NICs on the LAN to accept and process the ARP request.

Source MAC address –

This is MAC address of the sender of the ARP request.

Type - ARP messages have a type field of 0x806. This informs the receiving NIC that the data portion of the frame needs to be passed to the ARP process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Destination MAC address –

This is a broadcast address FF-FF-FF-FF-FF-FF requiring all Ethernet NICs on the LAN to accept and process the ARP request.

Source MAC address –

This is MAC address of the sender of the ARP request.

Type - ARP messages have a type field of 0x806. This informs the receiving NIC that the data portion of the frame needs to be passed to the ARP process.

A

Because ARP requests are broadcasts, they are flooded out all ports by the switch, except the receiving port.

All Ethernet NICs on the LAN process broadcasts and must deliver the ARP request to its operating system for processing.

Every device must process the ARP request to see if the target IPv4 address matches its own.

A router will not forward broadcasts out other interfaces. Only one device on the LAN will have an IPv4 address that matches the target IPv4 address in the ARP request.

All other devices will not reply.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ARP Operation - ARP Reply Only the device with the target IPv4 address associated with the ARP request will respond with an ARP reply.

The ARP reply is encapsulated in an Ethernet frame using the following header information:

A

Destination MAC address – This is the MAC address of the sender of the ARP request.

Source MAC address – This is the MAC address of the sender of the ARP reply.

Type - ARP messages have a type field of 0x806.

This informs the receiving NIC that the data portion of the frame needs to be passed to the ARP process.

17
Q

Destination MAC address – This is the MAC address of the sender of the ARP request.

Source MAC address – This is the MAC address of the sender of the ARP reply.

Type - ARP messages have a type field of 0x806.

This informs the receiving NIC that the data portion of the frame needs to be passed to the ARP process.

A

Only the device that originally sent the ARP request will receive the unicast ARP reply.

After the ARP reply is received, the device will add the IPv4 address and the corresponding MAC address to its ARP table.

Packets destined for that IPv4 address can now be encapsulated in frames using its corresponding MAC address.

If no device responds to the ARP request, the packet is dropped because a frame cannot be created. Entries in the ARP table are time stamped.

If a device does not receive a frame from a particular device before the timestamp expires, the entry for this device is removed from the ARP table.

18
Q

Only the device that originally sent the ARP request will receive the unicast ARP reply. After the ARP reply is received, the device will add the IPv4 address and the corresponding MAC address to its ARP table.

Packets destined for that IPv4 address can now be encapsulated in frames using its corresponding MAC address. If no device responds to the ARP request, the packet is dropped because a frame cannot be created.

Entries in the ARP table are time stamped. If a device does not receive a frame from a particular device before the timestamp expires, the entry for this device is removed from the ARP table.

A

Additionally, static map entries can be entered in an ARP table, but this is rarely done.

Static ARP table entries do not expire over time and must be manually removed.

Note: IPv6 uses a similar process to ARP for IPv4, known as ICMPv6 Neighbor Discovery (ND).

IPv6 uses neighbor solicitation and neighbor advertisement messages, similar to IPv4 ARP requests and ARP replies.

19
Q

ARP Role in Remote Communication :

When the destination IPv4 address is not on the same network as the source IPv4 address, the source device needs to send the frame to its default gateway.

This is the interface of the local router.

Whenever a source device has a packet with an IPv4 address on another network, it will encapsulate that packet in a frame using the destination MAC address of the router.

A

The IPv4 address of the default gateway is stored in the IPv4 configuration of the hosts.

When a host creates a packet for a destination, it compares the destination IPv4 address and its own IPv4 address to determine if the two IPv4 addresses are located on the same Layer 3 network.

If the destination host is not on its same network, the source checks its ARP table for an entry with the IPv4 address of the default gateway. If there is not an entry, it uses the ARP process to determine a MAC address of the default gateway.

20
Q

Removing Entries from an ARP Table For each device, an ARP cache timer removes ARP entries that have not been used for a specified period of time.

The times differ depending on the operating system of the device.

For example, newer Windows operating systems store ARP table entries between 15 and 45 seconds, as illustrated in the figure.

https://snipboard.io/sbChyQ.jpg

Commands may also be used to manually remove some or all of the entries in the ARP table. After an entry has been removed, the process for sending an ARP request and receiving an ARP reply must occur again to enter the map in the ARP table.

A

Removing Entries from an ARP Table For each device, an ARP cache timer removes ARP entries that have not been used for a specified period of time.

The times differ depending on the operating system of the device.

For example, newer Windows operating systems store ARP table entries between 15 and 45 seconds, as illustrated in the figure.

https://snipboard.io/sbChyQ.jpg

Commands may also be used to manually remove some or all of the entries in the ARP table. After an entry has been removed, the process for sending an ARP request and receiving an ARP reply must occur again to enter the map in the ARP table.

21
Q

ARP Tables on Networking Devices On a Cisco router, the show ip arp command is used to display the ARP table, as shown in the figure.

https://snipboard.io/o71ZiT.jpg

A

On a Windows 10 PC,

the arp –a command is used to display the ARP table, as shown in the figure. :

https://snipboard.io/0TGCYH.jpg

22
Q

ARP Issues :

ARP Issues - ARP Broadcasts and ARP Spoofing

As a broadcast frame, an ARP request is received and processed by every device on the local network.

On a typical business network, these broadcasts would probably have minimal impact on network performance.

A

However, if a large number of devices were to be powered up and all start accessing network services at the same time, there could be some reduction in performance for a short period of time, as shown in the figure.

After the devices send out the initial ARP broadcasts and have learned the necessary MAC addresses, any impact on the network will be minimized.

https://snipboard.io/nY2qeL.jpg

23
Q

However, if a large number of devices were to be powered up and all start accessing network services at the same time, there could be some reduction in performance for a short period of time, as shown in the figure.

After the devices send out the initial ARP broadcasts and have learned the necessary MAC addresses, any impact on the network will be minimized.

https://snipboard.io/nY2qeL.jpg

A

In some cases, the use of ARP can lead to a potential security risk. A threat actor can use ARP spoofing to perform an ARP poisoning attack.

This is a technique used by a threat actor to reply to an ARP request for an IPv4 address that belongs to another device, such as the default gateway, as shown in the figure.

The threat actor sends an ARP reply with its own MAC address. The receiver of the ARP reply will add the wrong MAC address to its ARP table and send these packets to the threat actor.

Enterprise level switches include mitigation techniques known as dynamic ARP inspection (DAI). DAI is beyond the scope of this course.

https://snipboard.io/FJR0Hs.jpg

24
Q

ARP Spoofing watch a youtube video on ARP spoofing attack.

A

ARP Spoofing watch a youtube video on ARP spoofing attack.

MODULE 8 - Address Resolution Protocol CERTIFICATION CYBER OPS ASSOCIATE (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions