ARP and RARP Address Resolution Protocol and Reverse

ARP in TCP/IP Stack Upper-Layer Protocols Upper Transport ~ such as SNMP, telnet, FTP,

Address Resolution 1 ARP Request Broadcast Source hardware address: 00: 1 B: 23: AC:

Обнаружение дублированных IP-адресов: Gratuitous ARP • Хост отправляет ARP-запрос о своем собственном IP-адресе (Gratuitous

Address Resolution works: Send IP datagram Host to IP address ARP Do I know

Ethernet Encapsulation (RFC 894) 46 -1500 bytes Destination address Source address type 6 6

Format of ARP packets *Note: Длина полей адресов определяется соответствующими значениями полей Hardware Address

0000 0010 0020 ff ff ff 00 03 47 a 4 86 a 8

Slides: 11

Download presentation

ARP and RARP ( Address Resolution Protocol and Reverse Address Resolution Protocol ) RFC 826, 1293, 1390, 903

ARP in TCP/IP Stack Upper-Layer Protocols Upper Transport ~ such as SNMP, telnet, FTP, HTTP, POP 3, etc. ~ User Datagram Protocol (UDP) Transmission Control Protocol (ТСP) RFC 768 ~ connectionless transport ~ RFC 793 ~ connection-oriented transport ~ Internet Protocol version 4 (IPv 4) Network RFC 791 ARP Data Link Internet Control Messaging Protocol (ICMP) RARP Media Access Control (Ethernet, Token Ring, FDDI, X. 25, PPP, etc. ) RFC 792

Address Resolution 1 ARP Request Broadcast Source hardware address: 00: 1 B: 23: AC: 34 Source network address: 10. 1 Target hardware address: 00: 00: 00 Target network address: 10. 1. 0. 99 2 ARP Reply Unicast Source hardware address: 00: 1 B: 98: 93: DE Source network address: 10. 1. 0. 99 Target hardware address: 00: 1 B: 23: AC: 34 Target network address: 10. 1 Host A Hardware: 00: 1 B: 23: AC: 34 Network: 10. 1 Host B Hardware: 00: 1 B: 98: 93: DE Network: 10. 1. 0. 99

Обнаружение дублированных IP-адресов: Gratuitous ARP • Хост отправляет ARP-запрос о своем собственном IP-адресе (Gratuitous ARP ) – Reply received: В сети есть хост с таким адресом (Duplicate IP) – No reply received: Данный IP - единственный в сетевом сегменте (Unique IP) • Алгоритм обнаружения дублера: 1) нападающий хост: Gratuitous ARP 2) защищающийся хост: Unicast APR Reply 3) защищающийся хост: Gratuitous ARP Example Gratuitous ARP : Destination: ff: ff: ff (Broadcast) Source: 00: 03: 02: A 2: B 2: 02 (02: 02: 02: 02) Type: ARP (0 x 0806) Sender MAC address: 00: 03: 02: A 2: B 2: 02 (00: 03: 02: A 2: B 2: 02) Sender IP address: 192. 168. 1. 1 (192. 168. 1. 1) Target MAC address: ff: ff: ff (Broadcast) Target IP address: 192. 168. 1. 1 (192. 168. 1. 1)

Address Resolution works: Send IP datagram Host to IP address ARP Do I know hardware address? Resolve IP to MAC IP Yes ARP cache No Ethernet driver ARP request (Broadcast) Host Ethernet driver ARP Is somebody looking for my address? No Ignore request Ethernet driver Is somebody looking for my address? ARP Yes Send ARP reply (unicast)

Ethernet Encapsulation (RFC 894) 46 -1500 bytes Destination address Source address type 6 6 2 DATA 46 -1500 Type 0800 IP Datagram 2 Type 0806 2 Type 8035 2 46 -1500 ARP request/reply 28 RARP request/reply 28 PAD 18 CRC 4

Format of ARP packets *Note: Длина полей адресов определяется соответствующими значениями полей Hardware Address и Protocol address. Operation code: 1 – request ARP 2 – replay ARP 3 – request RARP 4 – replay RARP

0000 0010 0020 ff ff ff 00 03 47 a 4 86 a 8 08 06 00 01 08 00 06 04 00 01 00 03 47 a 4 86 a 8 c 3 13 cb 66 00 00 00 c 3 13 cb 68 Ethernet II: Destination: ff: ff: ff (Broadcast) Source: 00: 03: 47: a 4: 86: a 8 (Intel_a 4: 86: a 8) Type: ARP (0 x 0806) Address Resolution Protocol (request): Hardware type: Ethernet (0 x 0001) Protocol type: IP (0 x 0800) Hardware size: 6 Protocol size: 4 Opcode: request (0 x 0001) Sender MAC address: 00: 03: 47: a 4: 86: a 8 Sender IP address: 195. 19. 203. 102 (195. 19. 203. 102) Target MAC address: 00: 00: 00 Target IP address: 195. 19. 203. 104 (195. 19. 203. 104)