ARP process:
-> Address Resolution Protocol.
-> Request is broadcast, reply is unicast.
[host A]—————-[Router A]——–[B]———[C]———[Host B]
10.1.1.1/24 10.1.1.2/24 10.2.2.1/24
-> Host A creates an IP Packet with Source Address as itself and Destination Address as the IP address of Host B. The payload contains the actual data.
-> Host A then sends the IP packet to the data-link layer where it puts the Source and Destination MAC addresses.
-> Based on the IP Address and Subnet Mask of Host B, Host A will realize that Host B is not connected to the same local network. It realises it needs to forward the packet to Router-A as it is the default-gateway.
-> Host A sends an ARP Request broadcast frame for 10.1.1.2- its default-gateway. The ARP Request is encapsulated in Ethernet Frame with Source MAC address as Host’s MAC address and Destination MAC address as FF:FF:FF:FF:FF:FF. The actual ARP Request contains Source Address as its IP address, Source MAC address as its own MAC address, Target IP Address as the Default-Gateway IP address (Router-A) and Target MAC address as 00:00:00:00:00:00
-> Router-A will respond with an ARP Reply to ARP query by sending its own MAC address of the interface connected to Host A network, encapsulated in an Ethernet frame. it is unicast.
-> Host A caches this entry in its ARP Cache and uses this MAC address for every new IP destination prefix.
-> Host A sends the frame to Router-A.
-> Router-A receives the frame with Destination MAC address for it. Router-A decapsulates the frame and figures out the Destination IP address. It realises that the packet is suppose to be routed.
-> Router-A checks its routing table for the closest match to find out the outgoing interface for the packet.
-> Router-A creates a new data-link frame addressed for the packet’s next-hop. Router-A will use the appropriate data-link addresses depending on the type of connection.
-> The same process continues until the last-hop to the destination. Router-C receives the packet.
-> Router-C will realise that the packet is meant for Host B directly connected to its local network.
-> If Router-C is not aware of the MAC address of Host-B, it will send out ARP request for Host-B’s MAC address.
-> Once Host-B replies with the MAC address, Router-C forwards the frame to Host B.
-> ARP is stateless: ARP Replies can be sent without a corresponding ARP Request.
-> a node receiving an ARP packet (Request or Reply) must update its local ARP cache with the information in the source fields.
-> if an ARP Request is made for a non-existing host, Several ARP requests are made with increasing time intervals between requests. Eventually, ARP gives up.
ARP cache:
-> Since sending an ARP request/reply for each IP datagram is inefficient, hosts maintain a cache (ARP Cache) of current entries. The entries expire after 20 minutes.
-> Contents of the ARP Cache:
(128.143.71.37) at 00:10:4B:C5:D1:15 [ether] on eth0
(128.143.71.36) at 00:B0:D0:E1:17:D5 [ether] on eth0
(128.143.136.90) at 00:05:3C:06:27:35 [ether] on eth1
ARP Poisoning:
-> A forged ARP Request or Reply can be used to update the ARP cache of a remote system with a forged entry (ARP Poisoning).
Gratuitous ARP:
-> to check no other node is using the same IP address
-> Use of this is common when an interface is first configured.
RARP:
-> Reverse Address Resolution Protocol.
-> The IP address of a machine is usually read from its configuration file stored on a disk file. diskless machine is usually booted from ROM, which has minimum booting information. The ROM is installed by the manufacturer. It cannot include the IP address.
-> by reading its NIC, machine will get MAC address.
-> finds the logical address (IP addr) for a machine that knows only its physical address (MAC addr) by using the RARP protocol.
-> A RARP request is created and broadcast on the local network.
vijayababuj 