0% found this document useful (0 votes)

2 views

Module 24_Address Resolution

Uploaded by

ballbinn50

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

2 views

Module 24_Address Resolution

Uploaded by

ballbinn50

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 19

Module 24: Address

Resolution
Networking Essentials 3.0
Module Objectives
Module Title: Address Resolution
Module Objective: Explain how ARP enables communication on a local area network.

Topic Title Topic Objective

ARP Describes the purpose of ARP.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
ARP
ARP Overview
• If your network uses the IPv4 communications protocol, you need ARP to map IPv4 addresses to MAC
addresses.

• Every IP device on an Ethernet network has a unique Ethernet MAC address.

• When a device sends an Ethernet Layer 2 frame, it contains these two addresses:
• The destination MAC address is the Ethernet MAC address of the destination device on the
same local network segment. If the destination host is on another network, then the destination
address in the frame would be that of the default gateway (i.e., router).
• The Source MAC address is the MAC address of the Ethernet NIC on the source host.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
ARP
ARP Overview (Cont.)
• To send a packet to another host on the same local IPv4 network, a host must know the IPv4 address
and the MAC address of the destination device.

• Device destination IPv4 addresses are either known or resolved by device name, but MAC addresses
must be discovered.

• A device uses ARP to determine the destination MAC address of a local device when it knows its IPv4
address, and ARP provides two primary functions:
• Resolving IPv4 addresses to MAC addresses
• Maintaining a table of IPv4 to MAC address mappings

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
ARP
ARP Functions
• When a packet is sent to the data link layer to encapsulate into an Ethernet frame, the device refers
to a table in its memory to find the MAC address mapped to the IPv4 address.

• This table is stored temporarily in RAM memory and called the ARP table or the ARP cache.

• The sending device will search its ARP table for a destination IPv4 address and a corresponding
MAC address:
• If the packet’s destination IPv4 address is on the same network as the source IPv4 address,
the device will search the ARP table for the destination IPv4 address.
• If the destination IPv4 address is on a different network than the source IPv4 address, the
device will search the ARP table for the IPv4 address of the default gateway.

• In both cases, the search is for an IPv4 address and a corresponding MAC address for the device.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
ARP
ARP Functions (Cont.)
• Each entry, or row, of the ARP table, binds an IPv4 address with a MAC address.

• We call the relationship between the two values a map.

• This means you can locate an IPv4 address in the table and discover the corresponding MAC
address.

• The ARP table temporarily saves (caches) the mapping for the devices on the LAN.

• If the device locates the IPv4 address, it uses its corresponding MAC address as the destination
MAC address in the frame.

• The device sends an ARP request if it does not find an entry.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
ARP
Video - ARP Operation - ARP Request
• When a device needs to determine the MAC address associated with an IPv4 address, it sends an ARP
request and does not have an entry for the IPv4 address in its ARP table.
• ARP messages are encapsulated directly within an Ethernet frame with no IPv4 header.
• The ARP request is encapsulated in an Ethernet frame using the following header information:
• Destination MAC address – is a broadcast address FF-FF-FF-FF-FF-FF requiring all Ethernet
NICs on the LAN to accept and process the ARP request.
• Source MAC address – The MAC address of the sender of the ARP request.
• Type - ARP messages have a type field of 0x806.
• ARP requests are broadcasts, which are flooded out of all ports by the switch (except the receiving
port).
• All Ethernet NICs on the LAN process broadcast and must deliver the ARP request to its operating
system for processing.
• Every device must process the ARP request to see if the target IPv4 address matches its own.
• Only one device on the LAN will have an IPv4 address that matches the target IPv4 address in the ARP
request, so all other devices will not reply.
• This video will cover an ARP request for a MAC address.

• Only the device with the target IPv4 address associated with the ARP request will respond with an
ARP reply.
• The ARP reply is encapsulated in an Ethernet frame using the following header information:
• Destination MAC address – The MAC address of the sender of the ARP request.
• Source MAC address – The MAC address of the sender of the ARP reply.
• Type - ARP messages have a type field of 0x806.
• Only the device that originally sent the ARP request will receive the unicast ARP reply, and it will add
the IPv4 address and the corresponding MAC address to its ARP table.
• Packets destined for that IPv4 address can now be encapsulated in frames using its corresponding
MAC address.
• It drops the packet if no device responds to the ARP request because a frame cannot be created.
• Entries in the ARP table have a time stamp, so if a device does not receive a frame from a particular
device before the time stamp expires, the ARP table removes the entry for this device.
• Additionally, static map entries can be entered in an ARP table (rarely done), but they do not expire
over time and must manually remove.
• This video will cover an ARP reply in response to an ARP request.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
ARP
Video - ARP Role in Remote Communications
• When the destination IPv4 address is not on the same network as the source IPv4 address, the
source device needs to send the frame to its default gateway (the local router's interface).
• Whenever a source device has a packet with an IPv4 address on another network, it will
encapsulate that packet in a frame using the destination MAC address of the router.
• The IPv4 configuration of the hosts stores the IPv4 address of the default gateway.
• When a host creates a packet for a destination, it compares the destination IPv4 address and its
IPv4 address to determine if the location of the two IPv4 addresses is on the same Layer 3
network.
• If the destination host is not on its same network, the source checks its ARP table for an entry with
the IPv4 address of the default gateway.
• If there is no entry, it uses the ARP process to determine the MAC address of the default gateway.
• This video will cover how an ARP request will provide a host with the MAC address of the default
gateway.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
ARP
Removing Entries from an ARP Table
• For each device not using ARPs for a specified period, an ARP cache timer removes it.

• The times differ depending on the operating system of the device.

• For example, newer Windows operating systems store ARP table entries between 15 and 45
seconds, as illustrated in the figure.

• Using commands may also manually remove

some or all entries in the ARP table.

• After removing an entry, the process for sending

an ARP request and receiving an ARP reply must
occur again to enter the map in the ARP table.

• The show ip arp command is used on a Cisco router to display the ARP table, as shown in the
figure.

• The arp- a command on a Windows 10 PC

is used to display the ARP table, as shown
in the figure.

• As a broadcast frame, every device on the local network

receives and processes an ARP request.

• On a typical business network, these broadcasts would

have minimal impact on network performance.

• Suppose several devices were to be powered up and all

start accessing network services simultaneously. In that
case, there could be some reduction in performance for a
short period, as shown in the figure.

• After the devices send out the initial ARP broadcasts and
have learned the necessary MAC addresses, any impact
on the network will be minimized.

• In some cases, using ARP can lead to a potential security risk.

• A threat actor can use ARP spoofing to perform an ARP
poisoning attack.
• It is a technique used by a threat actor to reply to an ARP
request for an IPv4 address that belongs to another device,
such as the default gateway, as shown in the figure.
• The threat actor sends an ARP reply with its own MAC
address.
• The receiver of the ARP reply will add the wrong MAC address
to its ARP table and send these packets to the threat actor.
• Enterprise-level switches include mitigation techniques known
as dynamic ARP inspection (DAI).

• Examine an ARP Request

• Examine a Switch MAC Address Table
• Examine the ARP Process in Remote Communications

• Part 1: Capture and Analyze ARP Data in Wireshark

• Part 2: View the ARP cache entries on the PC

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Address Resolution Summary
What Did I Learn in this Module?
• To send a packet to another host on the same local IPv4 network, a host must know the IPv4 address and
the MAC address of the destination device.
• A device uses ARP to determine the destination MAC address of a local device when it knows its IPv4
address.
• ARP provides two essential functions: resolving IPv4 addresses to MAC addresses and maintaining a table
of IPv4 to MAC address mappings.
• The sending device will search its ARP table for a destination IPv4 address and a corresponding MAC
address.
• If the packet’s destination IPv4 address is on the same network as the source IPv4 address, the device will
search the ARP table for the destination IPv4 address.
• If not, the device will search the ARP table for the IPv4 address of the default gateway.
• Each entry, or row, of the ARP table, binds an IPv4 address with a MAC address.
• The ARP request is encapsulated in an Ethernet frame using the following header information: destination
MAC address (broadcast address FF-FF-FF-FF-FF-FF), source MAC address (MAC address of the sender
of the ARP request), and type (0x806).
• ARP requests are broadcasts, which are flooded out of all ports by the switch (except the receiving port).
• Only the device with the target IPv4 address associated with the ARP request will respond with an ARP
reply.
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Address Resolution Summary
What Did I Learn in this Module? (Cont.)
• After receiving the ARP reply, the device will add the IPv4 address and the corresponding MAC address to
its ARP table.
• When the destination IPv4 address is not on the same network as the source IPv4 address, the source
device needs to send the frame to its default gateway (the local router's interface).
• Whenever a source device has a packet with an IPv4 address on another network, it will encapsulate that
packet in a frame using the destination MAC address of the router.
• The IPv4 configuration of the hosts stores the IPv4 address of the default gateway.
• If the destination host is not on its same network, the source checks its ARP table for an entry with the IPv4
address of the default gateway.
• If there is no entry, it uses the ARP process to determine the MAC address of the default gateway.
• For each device, an ARP cache timer removes ARP entries not using a device for a specified period.
• The show ip arp command is used on a Cisco router to display the ARP table.
• The arp- a command on a Windows 10 PC is used to display the ARP table.
• As a broadcast frame, every device on the local network receives and processes an ARP request.
• In some cases, using ARP can lead to a potential security risk because a threat actor can use ARP
spoofing to perform an ARP poisoning attack.

350 501 Spcor
33% (3)
350 501 Spcor
4 pages
Address Resolution Protocol
No ratings yet
Address Resolution Protocol
23 pages
CA_Module_8
No ratings yet
CA_Module_8
17 pages
7. Ch07 Module 9 Address Resolution
No ratings yet
7. Ch07 Module 9 Address Resolution
12 pages
5 Address Resolution
No ratings yet
5 Address Resolution
14 pages
CCNA1-CH9-Address Resolution
No ratings yet
CCNA1-CH9-Address Resolution
16 pages
Module_9_AddressResolution
No ratings yet
Module_9_AddressResolution
16 pages
ITN Module 9 Address Resolution
No ratings yet
ITN Module 9 Address Resolution
17 pages
Module 9: Address Resolution: Introduction To Networks v7.0 (ITN)
No ratings yet
Module 9: Address Resolution: Introduction To Networks v7.0 (ITN)
15 pages
Module 9
No ratings yet
Module 9
23 pages
ITN Module 9
No ratings yet
ITN Module 9
24 pages
ITN_Module_9
No ratings yet
ITN_Module_9
12 pages
ITN Module 9
No ratings yet
ITN Module 9
24 pages
ITN Module 9
No ratings yet
ITN Module 9
18 pages
Module 9: Address Resolution: Instructor Materials
No ratings yet
Module 9: Address Resolution: Instructor Materials
27 pages
Module 9: Address Resolution: Instructor Materials
No ratings yet
Module 9: Address Resolution: Instructor Materials
27 pages
ITN Module 9
No ratings yet
ITN Module 9
27 pages
Module 9: Address Resolution: Instructor Materials
No ratings yet
Module 9: Address Resolution: Instructor Materials
27 pages
ITN Module 9
No ratings yet
ITN Module 9
27 pages
ITN_Module_9
No ratings yet
ITN_Module_9
27 pages
ITN_Module_9
No ratings yet
ITN_Module_9
26 pages
Lec11 Address Resolution
No ratings yet
Lec11 Address Resolution
12 pages
Module 9: Address Resolution: Instructor Materials
No ratings yet
Module 9: Address Resolution: Instructor Materials
27 pages
L8-Module 9
No ratings yet
L8-Module 9
9 pages
All About ARP
No ratings yet
All About ARP
15 pages
ICS26014_Module09
No ratings yet
ICS26014_Module09
18 pages
ARP
No ratings yet
ARP
46 pages
ARP and RARP
No ratings yet
ARP and RARP
8 pages
Classppt Ak ARP
No ratings yet
Classppt Ak ARP
38 pages
Lecture 07 Address Resoiution
No ratings yet
Lecture 07 Address Resoiution
29 pages
ARP Mapping: in A Frame With The MAC Address of The Local Host, or Next-Hop Router
No ratings yet
ARP Mapping: in A Frame With The MAC Address of The Local Host, or Next-Hop Router
17 pages
ARPand ICMP
No ratings yet
ARPand ICMP
19 pages
Outline: TNE10006/TNE60006: Networks and Switching
No ratings yet
Outline: TNE10006/TNE60006: Networks and Switching
2 pages
Lab No. 9-Updated
No ratings yet
Lab No. 9-Updated
4 pages
Chapter 7 - Address Resolution
No ratings yet
Chapter 7 - Address Resolution
24 pages
Arp
No ratings yet
Arp
5 pages
ARP WORKING
No ratings yet
ARP WORKING
41 pages
Lab 3 Network Lab Report - Amr Ahmed, Ali Reza Zeiaei - New Version
No ratings yet
Lab 3 Network Lab Report - Amr Ahmed, Ali Reza Zeiaei - New Version
14 pages
Arp
No ratings yet
Arp
32 pages
Arp Spoofing
No ratings yet
Arp Spoofing
14 pages
Bit Logical Address) To The Physical Address (48 Bit MAC Address)
No ratings yet
Bit Logical Address) To The Physical Address (48 Bit MAC Address)
15 pages
6
No ratings yet
6
12 pages
ARP Spoofing
No ratings yet
ARP Spoofing
6 pages
Network Layer: Address Mapping
No ratings yet
Network Layer: Address Mapping
30 pages
02 - Network For Pentesters
No ratings yet
02 - Network For Pentesters
56 pages
MCSE Interview Questions Answers
No ratings yet
MCSE Interview Questions Answers
33 pages
ARP Protocol
No ratings yet
ARP Protocol
29 pages
ISIT328 Corporate Network Security: ARP Address Resolution Protocol
No ratings yet
ISIT328 Corporate Network Security: ARP Address Resolution Protocol
12 pages
Ethernet: © 2008 Cisco Systems, Inc. All Rights Reserved. Cisco Confidential Presentation - ID
No ratings yet
Ethernet: © 2008 Cisco Systems, Inc. All Rights Reserved. Cisco Confidential Presentation - ID
33 pages
PM NW CCNA Day 8 Notes
No ratings yet
PM NW CCNA Day 8 Notes
19 pages
A Solution For ARP Spoofing: Layer-2 MAC and Protocol Filtering and Arpserver
No ratings yet
A Solution For ARP Spoofing: Layer-2 MAC and Protocol Filtering and Arpserver
13 pages
ARP (Address Resolution Protocol)
No ratings yet
ARP (Address Resolution Protocol)
22 pages
Ethernet: Introduction To Networks v6.0
No ratings yet
Ethernet: Introduction To Networks v6.0
17 pages
Arp 1
No ratings yet
Arp 1
15 pages
Day+06+Slides+-+Ethernet+LAN+Switching+(Part+2)
No ratings yet
Day+06+Slides+-+Ethernet+LAN+Switching+(Part+2)
42 pages
Configure An IP Address On A Switch
No ratings yet
Configure An IP Address On A Switch
18 pages
Configuring Address Resolution Protocol Options: First Published: May 2, 2005 Last Updated: May 2, 2008
No ratings yet
Configuring Address Resolution Protocol Options: First Published: May 2, 2005 Last Updated: May 2, 2008
22 pages
ARP-Questions and Answers: Represented Using The IP Address?
No ratings yet
ARP-Questions and Answers: Represented Using The IP Address?
5 pages
Lecture No. 12-14 - Multicast MAC Address
No ratings yet
Lecture No. 12-14 - Multicast MAC Address
18 pages
CCST Cisco Certified Support Technician Study Guide: Networking Exam
From Everand
CCST Cisco Certified Support Technician Study Guide: Networking Exam
Todd Lammle
5/5 (1)
First Hop Redundancy Protocol: Network Redundancy Protocol
From Everand
First Hop Redundancy Protocol: Network Redundancy Protocol
Mulayam Singh
No ratings yet
Storage: Ratnadeep Bhattacharya
No ratings yet
Storage: Ratnadeep Bhattacharya
61 pages
XSLT PDF
No ratings yet
XSLT PDF
10 pages
Codesys Training
No ratings yet
Codesys Training
6 pages
EC1008 High Speed Networks
No ratings yet
EC1008 High Speed Networks
40 pages
IDoc Mapping To X12 and EDIFA
No ratings yet
IDoc Mapping To X12 and EDIFA
2 pages
Wlidsvctrace
No ratings yet
Wlidsvctrace
233 pages
BGP Scalling PDF
No ratings yet
BGP Scalling PDF
89 pages
VPN Security Notes
No ratings yet
VPN Security Notes
73 pages
Numerical Problems From Medium Access Control (MAC) Layer
100% (1)
Numerical Problems From Medium Access Control (MAC) Layer
1 page
RDP Se - P1N85898
No ratings yet
RDP Se - P1N85898
4 pages
Mpls NSN Training Day 3 Ospf PDF
No ratings yet
Mpls NSN Training Day 3 Ospf PDF
65 pages
Prepared By:: Central Luzon Doctors' Hospital Educational Institution San Pablo, Tarlac City
No ratings yet
Prepared By:: Central Luzon Doctors' Hospital Educational Institution San Pablo, Tarlac City
3 pages
Chapter 3 Slides PDF
No ratings yet
Chapter 3 Slides PDF
110 pages
5 Interface Configuration
No ratings yet
5 Interface Configuration
52 pages
Ethernet Crossover Cable
No ratings yet
Ethernet Crossover Cable
4 pages
Network Reference Model - ENAM
No ratings yet
Network Reference Model - ENAM
56 pages
3com Superstack 3 Switch 3200 Family: Key Benefits
No ratings yet
3com Superstack 3 Switch 3200 Family: Key Benefits
5 pages
EXFO NetHawk Reference Poster PDF
No ratings yet
EXFO NetHawk Reference Poster PDF
1 page
Lab 3.1.7 Troubleshooting A Serial Interface
No ratings yet
Lab 3.1.7 Troubleshooting A Serial Interface
6 pages
4.-Hp h3c Irf Setting
No ratings yet
4.-Hp h3c Irf Setting
9 pages
Mobile IP - Wikipedia, The Free Encyclopedia
0% (1)
Mobile IP - Wikipedia, The Free Encyclopedia
4 pages
Network Enumeration With Nmap Module Cheat Sheet
No ratings yet
Network Enumeration With Nmap Module Cheat Sheet
3 pages
Ecab - Catalogue 2022
No ratings yet
Ecab - Catalogue 2022
10 pages
IoT Unit No.4
No ratings yet
IoT Unit No.4
71 pages
K V G College of Engineering, Sullia, D.K - 574 327
No ratings yet
K V G College of Engineering, Sullia, D.K - 574 327
66 pages
USB Connector Type Guide
No ratings yet
USB Connector Type Guide
9 pages
Cisco Premium 300-115 by VCEplus 230q PDF
No ratings yet
Cisco Premium 300-115 by VCEplus 230q PDF
112 pages
F
No ratings yet
F
17 pages
DS-7600NI-Q2 Series NVR: Key Feature
No ratings yet
DS-7600NI-Q2 Series NVR: Key Feature
4 pages