ARP-DHCP

ARP -Address Resolution Protocol-:

a. ARP (Address Resolution Protocol)

b. RARP (Reverse Address Resolution Protocol).

c. Internet and IP Addresses:

i. The Internet primarily relies on IP addresses (32-bit) for communication and routing.
ii. However, the physical layer uses MAC (Media Access Control) addresses, which are 48-bit
identifiers unique to network hardware.
iii. The NIC is the resposible for traslating the data from the data link layer to the physical
layer .

d. Address Translation:

i. ARP and RARP are protocols designed to map or translate between the two types of addresses:
1. ARP translates an IP address into a MAC address.
2. RARP translates a MAC address into an IP address.

e. Types of Ethernet Networks:

i. LAN (Local Area Network):

1. Used for connecting devices within a single location, like an office or home.
2. Example: Devices in your home network connected to a router.

ii. WAN
iii. Wireless Ethernet

f. How Ethernet Networks Work:

i. Communication:
1. When one device wants to communicate with another, it uses the ARP protocol to discover
the MAC address of the destination device.
2. Data is sent to the switch, which forwards it to the appropriate device.

ii. Collision Management:

1. In traditional Ethernet networks, devices shared a single channel, leading to data
collisions. Modern Ethernet uses switching to avoid collisions and provide full-duplex
communication.

g. Address Translation with ARP :

i. Step 1: ARP Request

1. What Happens?

1. A device (Argon) needs to communicate with another device (Router137) on the same
local network.
 2. Argon knows the IP address of Router137 (128.143.137.1) but not its MAC address.
3. Argon broadcasts an ARP Request to all devices on the network, essentially asking:
1. "Who has the IP address 128.143.137.1? Tell me your MAC address."

4. Details in ARP Request:

1. Source hardware address: 00:a0:24:71:e4:44 (Argon's MAC address).

2. Source protocol address: 128.143.137.144 (Argon's IP address).
3. Target hardware address: 00:00:00:00:00:00 (unknown, as Argon doesn't know
Router137's MAC address).
4. Target protocol address: 128.143.137.1 (Router137's IP address, the one Argon is
asking about).

ii. Step 2: ARP Reply

1. What Happens?

1. Router137 receives the ARP Request because it matches the requested IP address
( 128.143.137.1 ).
2. Router137 responds directly to Argon with an ARP Reply, providing its MAC address.

2. Details in ARP Reply:

1. Source hardware address: 00:e0:19:23:a8:20 (Router137's MAC address).

2. Source protocol address: 128.143.137.1 (Router137's IP address).
3. Target hardware address: 00:a0:24:71:e4:44 (Argon's MAC address, as provided in the ARP
Request).
4. Target protocol address: 128.143.137.144 (Argon's IP address).

h. ARP Cache :
i. What is an ARP Cache?

1. An ARP Cache is a temporary table maintained by a device (host or router) that stores
mappings of IP addresses to MAC addresses.
2. Whenever an ARP request is resolved, the result (IP-to-MAC mapping) is stored in the
cache to avoid sending repeated ARP requests for the same device.

ii. Key Features of ARP Cache:

1. Efficiency:
1. By caching ARP results, devices can directly retrieve the MAC address for an IP from
the cache instead of broadcasting ARP requests each time, reducing network traffic and
latency.

2. Expiration:
1. ARP cache entries are not permanent.
2. Each entry expires after a certain time (typically 20 minutes) to ensure that the
cache does not contain stale mappings (e.g., if a device disconnects or changes its
MAC address).

3. Scope:
 1. Each entry in the ARP cache is specific to a network interface (e.g., eth0 , eth1 )
because devices may have multiple network interfaces.

iii. Structure of an ARP Cache Entry

Each entry in the ARP cache consists of:

1. IP Address: The device's network-layer identifier (e.g., 128.143.71.37 ).

2. MAC Address: The physical-layer identifier (e.g., 00:10:4B:C5:D1:15 ).

3. Network Interface: The physical interface (e.g., eth0 , eth1 ) the device is connected to.
4. [ether]: Indicates that the hardware type is Ethernet.

iv. Contents of the ARP Cache

IP Address MAC Address Interface Notes

128.143.71.37 00:10:4B:C5:D1:15 eth0 Mapping for a device connected via eth0 .

128.143.71.36 00:B0:D0:E1:17:D5 eth0 Another device on eth0 .

128.143.71.35 00:B0:D0:DE:70:E6 eth0 Mapping for a third device on eth0 .

128.143.136.90 00:05:3C:06:27:35 eth1 Mapping for a device on a different interface, eth1 .

128.143.71.34 00:B0:D0:E1:17:DB eth0 Device connected via eth0 .

128.143.71.33 00:B0:D0:E1:17:DF eth0 Another device on eth0 .

What is Proxy ARP?

a. Purpose: Proxy ARP is used to enable communication between devices on different subnets
without requiring the configuration of a gateway or routing table on the hosts.
b. How It Works: When a device sends an ARP request for a host that is not in the same local
subnet, the router connected to both subnets responds to the ARP request with its own MAC
address. This makes the requesting host believe the router is the destination. The router then
forwards the traffic to the actual destination host.

c. The Example Scenario

This example involves three subnets:

i. 128.143.137.0/16 (Subnet A)
ii. 128.143.71.0/24 (Subnet B)
iii. 128.143.0.0/16 (Supernet encompassing both A and B)

i. Devices and Configuration:

1. Argon:
1. IP: 128.143.137.144 (part of Subnet A)

2. Router137:
1. Interface 1:
1. IP: 128.143.137.1 (part of Subnet A)
2. MAC: 00:e0:19:23:38:20

2. Interface 2:
1. IP: 128.143.71.1 (part of Subnet B)
2. MAC: 00:20:af:03:98:28

3. Neon:
 1. IP: 128.143.71.21 (part of Subnet B)

ii. Communication Scenario:

1. ARP Request:
1. Argon sends an ARP request: "What is the MAC address of 128.143.71.21 ?"

2. Argon and Neon are on different subnets, and Argon does not have a direct route to
Neon. Without Proxy ARP, Argon would be unable to send data to Neon without additional
routing configurations.

2. Proxy ARP Response:

1. Router137 detects the ARP request.
2. Since Router137 is connected to both Subnet A and Subnet B, it recognizes that the
destination IP ( 128.143.71.21 ) is in Subnet B, which it is responsible for.
3. Router137 replies to Argon with its own MAC address ( 00:e0:19:23:38:20 ), essentially
saying:
"The MAC address of 128.143.71.21 is 00:e0:19:23:38:20 ."

3. Routing the Traffic:

1. Argon sends the data to Router137, believing it is the destination.
2. Router137 receives the data, realizes it is meant for Neon, and forwards it to Neon
over Subnet B.

Things to know about ARP

ARP Vulnerabilities
Dynamic Assignment of IP addresses:
a. Reverse Address Resolution Protocol (RARP) :
i. Is a network protocol used to map a MAC address to an IP address.
ii. How RARP Works :

1. Client Sends a RARP Request

1. A device (e.g., a diskless workstation) knows its own MAC address but does not have an
IP address.
2. During startup, the device broadcasts a RARP request to all hosts on the local
network.
1. The RARP request contains the device's MAC address.
2. This broadcast essentially asks: "What is my IP address? My MAC address is
xx:xx:xx:xx:xx:xx ."

2. RARP Server Responds

1. A server on the network (usually a RARP server or a router configured for RARP)
listens for RARP requests.
2. The RARP server maintains a mapping of MAC addresses to IP addresses.
3. When the server receives the RARP request, it looks up the MAC address in its table
and identifies the corresponding IP address.

3. Server Sends a RARP Reply

1. The server sends a RARP reply directly to the requesting device.

 2. The reply contains the IP address mapped to the provided MAC address.

4. Client Configures Itself

1. Upon receiving the RARP reply, the client configures itself with the provided IP
address.
2. The device can now communicate on the network using its newly assigned IP address.

iii. Limitations of RARP

Limited Functionality:

1. RARP can only provide an IP address. It does not provide other configuration details
like subnet masks, default gateways, or DNS settings.
2. Modern networks often require these additional configurations, which RARP cannot handle.

Server Dependency:

1. A dedicated RARP server must exist on the local network to respond to requests. If the
server is unavailable, RARP fails.

Broadcast Traffic:

1. RARP requests are broadcasted, which can increase network traffic.

BOOTstrap Protocol (BOOTP) :

BOOTP
The Bootstrap Protocol (BOOTP) is a network protocol used for configuring devices on a
network. BOOTP assigns devices an IP address and provides additional configuration
parameters such as the default gateway, subnet mask, and the name of a boot file. It is
particularly useful for diskless devices, which require instructions to load their
operating system or configuration files during startup.

How BOOTP Works :

a. 1. Purpose of BOOTP

BOOTP allows a device to:

i. Obtain its IP address.
ii. Learn other network settings like the subnet mask, default router, and the location of a
boot file (if required).
iii. Communicate with a BOOTP server via the network even if the device has no pre-configured IP
address.

b. 2. BOOTP Request and Response Process

i. BOOTP Request:
1. A device (client) that needs configuration sends a BOOTP Request message to the network.
2. The device does not know its own IP address, so it uses a source IP address of 0.0.0.0.
3. The request is sent as a UDP packet (User Datagram Protocol) to the BOOTP server, using:
1. Source Port: 68 (client port)
 2. Destination Port: 67 (server port).

4. The packet is broadcasted to the limited broadcast address: 255.255.255.255 .

1. This ensures that all devices in the local network receive the request.

ii. BOOTP Response:

1. A BOOTP server listening on port 67 receives the request.
2. It responds with a BOOTP Response containing:
1. The assigned IP address for the client.
2. The server's own IP address.
3. The location of the boot file (if any) to be downloaded via TFTP (Trivial File
Transfer Protocol).

3. The response is sent to the client using the limited broadcast address if the client’s
IP is still not configured.

Features of BOOTP
a. Static Address Assignment:
i. IP addresses are manually configured on the BOOTP server and mapped to specific MAC
addresses.
ii. This is less dynamic and requires administrative effort compared to newer protocols like
DHCP.

b. No Address Renewal:
i. Once a device is assigned an IP, it keeps it until reboot, unlike DHCP where IP leases
expire and can be dynamically reassigned.

c. File Downloading via TFTP:

i. BOOTP allows the client to download a boot file, making it ideal for diskless workstations
that load their OS over the network.

Limitations of BOOTP
a. Static Assignment: The administrator must manually configure IP addresses and MAC mappings on
the BOOTP server, making it less scalable.
b. No Lease Management: BOOTP cannot dynamically assign or reclaim IP addresses as DHCP does.
c. Limited Options: BOOTP lacks some advanced features of DHCP, such as support for temporary IP
leasing or additional configuration parameters.

What is 255.255.255.255? and What is 0.0.0.0?

255.255.255.255 is a special broadcast address used in IPv4 networks.

It indicates that a message should be sent to all devices on the same local network
(subnet).
It ensures that the packet is not forwarded to other networks (it’s restricted to the
local subnet).
0.0.0.0 is not a broadcast address.
a. It is used to indicate:
i. Default routes in routing tables.
ii. A device without an assigned IP.
 iii. Applications or services binding to all available interfaces. (e.g A web server
configured to listen on 0.0.0.0:80 will accept connections on port 80 from any
network interface (LAN, Wi-Fi, etc.).)

Dynamic Host Configuration Protocol (DHCP) :

a. What is DHCP?
DHCP is a protocol used to automatically assign IP addresses and other network configuration
settings to devices in a network. This eliminates the need for manual configuration of IP
addresses on every device.
b. How DHCP Works
The DHCP process involves four main steps: Discover, Offer, Request, Acknowledge (commonly
abbreviated as DORA).
i. 1. DHCPDISCOVER (Client to Network Broadcast)
1. When a device (e.g., a laptop or smartphone) connects to a network, it doesn't have an
IP address.
2. The device broadcasts a DHCPDISCOVER message on the network, looking for a DHCP server.
3. This message contains the client's MAC address (unique hardware identifier).
Example:
A new device on a network sends this message:
“I need an IP address. Is there a DHCP server available?”

ii. 2. DHCPOFFER (Server to Client Broadcast)

1. A DHCP server on the network listens for DHCPDISCOVER messages.
2. It responds with a DHCPOFFER, proposing an available IP address and other network
configurations such as the subnet mask, gateway, and DNS server.
Example:
The DHCP server responds:
“I can offer you the IP address 192.168.1.10 with subnet mask 255.255.255.0 and gateway
192.168.1.1 .”

iii. 3. DHCPREQUEST (Client to Server Unicast/Broadcast)

1. The client chooses one of the offers (if multiple servers respond) and sends a
DHCPREQUEST to confirm its choice.
2. This request is sent to the specific server whose offer the client has accepted.
Example:
The device confirms:
“I accept the IP address 192.168.1.10 and associated settings offered by you.”

iv. 4. DHCPACK (Server to Client Unicast) -Acknowledgment-

1. The DHCP server responds with a DHCPACK, which finalizes the lease of the IP address and
sends any additional configuration details.
2. At this stage, the client can use the assigned IP address.
Example:
The DHCP server confirms:
“IP address 192.168.1.10 is now assigned to you for 24 hours. You can use it to
communicate on the network.”

v. Other DHCP Message Types

1. DHCPNAK (Negative Acknowledgment):
1. Sent by the server if the requested IP address is invalid or unavailable.
2. Example:
“I cannot assign you this IP address. Please request a different one.”
 2. DHCPDECLINE:
1. Sent by the client if the offered IP address is already in use or conflicts with
another device.
2. Example:
“The IP address 192.168.1.10 is already in use. I cannot accept it.”

3. DHCPRELEASE:
1. Sent by the client to the server to release the IP address when it no longer needs it.
2. Example:
“I no longer need the IP address 192.168.1.10 . You can assign it to another device.”

4. DHCPINFORM:
1. Sent by the client to request additional information (e.g., DNS server) without
changing the IP address.
2. Example:
“Can you tell me the DNS server address?”

c. Structure of a DHCP Message

A DHCP message consists of several fields, such as:
i. Operation Code (OpCode): Indicates whether the message is a request (1) or reply (2).
ii. Hardware Type: Specifies the network hardware (e.g., Ethernet).
iii. Client IP Address (ciaddr): Used when the client already has an IP address.
iv. Your IP Address (yiaddr): The IP address being assigned to the client.
v. Server IP Address (siaddr): The DHCP server's IP address.
vi. Client Hardware Address (chaddr): The MAC address of the client.
vii. Options Field: Additional configurations like lease time, DNS server, etc.
i. Example Scenarios
1. Home Network Example:
1. You connect your phone to a Wi-Fi router. The router acts as the DHCP server and
assigns your phone an IP address automatically.
2. IP Assigned: 192.168.0.101

3. Subnet Mask: 255.255.255.0

4. Gateway: 192.168.0.1

5. Lease Time: 24 hours

2. Enterprise Network Example:

1. A company network with a centralized DHCP server assigns IP addresses to hundreds of
devices. The server ensures there are no IP conflicts.
2. IP Pool: 10.0.0.1 to 10.0.0.255

3. Example Device: A printer is assigned 10.0.0.45 dynamically.

d. Why Use DHCP?

i. Simplifies Network Management: No need to manually assign IP addresses.
ii. Prevents IP Conflicts: DHCP ensures unique IPs in the network.
iii. Scalability: Automatically manages IP addresses in large networks.

e. What is a DHCP Lease?

In the context of DHCP (Dynamic Host Configuration Protocol), a lease refers to the temporary
assignment of an IP address from a DHCP server to a client device (like a computer, phone, or
printer). The lease is valid for a specified duration, known as the lease time.
 When the lease expires, the client must either renew the lease or request a new IP address.
This ensures efficient use of the available IP address pool by preventing unused IP addresses
from remaining permanently assigned.
i. Key Components of a DHCP Lease
1. Lease Time:
The duration for which the IP address is assigned to a client. This is defined by the
DHCP server and can range from a few minutes to several days, depending on the network's
needs.
2. Renewal Process:
Before the lease expires, the client attempts to renew it:
1. At 50% of the lease time: The client sends a DHCPREQUEST directly to the DHCP server
to renew the lease.
2. If renewal fails, the client retries at 87.5% of the lease time by broadcasting the
request.
3. If no renewal is possible before the lease expires, the client must stop using the IP
address and restart the DHCP process to request a new one.

ii. Why is the Lease Concept Important?

1. Efficient IP Management: Prevents IP addresses from being "hoarded" by devices no longer
using them.
2. Flexibility: Temporary users (e.g., visitors in a network) get IP addresses for a
limited time, freeing them up after use.
3. Adaptability: Networks with limited IP ranges can reuse IPs efficiently for devices that
join and leave the network.

iii. Example to Illustrate a DHCP Lease

1. Scenario:
Imagine a small office network with a DHCP server that manages the IP address pool
192.168.1.1 to 192.168.1.100 . Each lease has a duration of 24 hours.

i. Steps in the Lease Process:

1. Day 1 (Lease Assignment):
1. A laptop joins the network and requests an IP address via DHCP.
2. The DHCP server assigns 192.168.1.10 to the laptop with a lease time of 24 hours.
3. The lease timer starts counting down.

2. Day 2 (Renewal at 50% Time):

1. After 12 hours, the laptop sends a DHCPREQUEST to the server to renew the lease.
2. If the server is available and responds with a DHCPACK, the lease is renewed for
another 24 hours.

3. Day 2 (Renewal Fails):

1. If the DHCP server is temporarily unavailable, the laptop retries the renewal at 87.5%
of the lease time (21 hours).
2. If the server responds at this point, the lease is extended.

4. Day 3 (Lease Expiry):

1. If the server does not respond, and the lease fully expires, the laptop must stop
using the IP address 192.168.1.10 .
2. The laptop broadcasts a DHCPDISCOVER to request a new lease.
3. The DHCP server may reassign the same IP address or a different one from the pool

Address Reservation
 Address reservation in DHCP is a feature that allows the DHCP server to assign a specific IP
address to a specific device (identified by its MAC address) every time it connects to the
network.

Why Use Address Reservation?

Consistency: Ensures critical devices (e.g., printers, servers) always have the same IP address.
Network Management: Makes it easier to manage and access devices without manually assigning
static IPs on each device.
Stability

Example
A printer with the MAC address 00:1A:2B:3C:4D:5E is reserved the IP address 192.168.1.50 . Whenever
this printer connects to the network, the DHCP server always assigns it 192.168.1.50 .
This ensures users can reliably access the printer at that IP address without the risk of it
changing.