What is Address Resolution Protocol (ARP) , Gratuitous ARP AND HOW THEY WORKS [ IN DETAILED] ?
Welcome friends in new article , this article will talk about what is the difference between Address Resolution Protocol (ARP) and Gratuitous ARP , How they work and can we use in bad way ??
Fist let’s talk about small problem
When a computer firstly connects to a network (by plugging in the ethernet cable or connecting throw WiFi network), it knows nothing. It doesn’t know where the router or other computers is let alone , Ok we can statically configured IP (you put the router IP address of the router manually) !
Well now it does know where the router is, but has no idea how to get there.
This is where ARP comes into play , To know how to send packets to the router or the outside world (which is through the router), the computer needs to know the hardware address (MAC address). So the computer can connect to other computers and asking whether they’re the router or not. Then the router will answer reply to the computer, with its MAC address. The computer then knows how to send packets to the router. Everytime it sends a packet to the router IP address, it will send the packet to the router’s MAC address.
But what is the difference between Mac address and IP address and if i have only one address of them can i connect to the internet ?
Let’s say your name is ‘A’. Obviously some other people in the world might also have the same name ‘A’. This is not unique. Now let’s add your father’s name (say father’s name is ‘B’) along with your name, it becomes ‘B.A’. Now people with this same name will be in less number as compared to your earlier original name ‘A’. But still it is not unique. Let’s say we keep on adding the names of your forefathers to your name — ‘A’, ‘B.A’, ‘C.B.A’, ‘D.C.B.A’, ‘E.D.C.B.A’, ‘F.E.D.C.B.A’, …………… a time will come when the name will become unique. This is like a MAC address which will never change once assigned to a device, as your father’s & your forefather’s name also won’t change and will be a unique combination.
This means you can now be uniquely identified in the world with your name. Now let’s say someone needs to send you a parcel (in computer terms a packet). He\She can simply write down your new name on it (and nothing else) and that should do the work — right? Yes, it may work. But just imagine the burden on the post office to deliver it to you without any address on the parcel. The post office will have to keep track of all the people in the world. (Similar burden will be incurred by a router — It will be impossible for the router to build a routing table other than a complete map that lists EVERY single MAC address ever seen). Now here comes the use and necessity of an address to be associated with your name and hence, use of an IP address to be associated with a device.
Let’s say you stay in Building number “#4”. Obviously there can be several areas/city which have Building number “#4”. So this address is not unique to you. Now let’s add some more details to it — Area code “0055” and it becomes — “0055.#4”. Still not unique to you. Let’s add some more details like street, state, city, country. It becomes — US.Chicago.MaryStreet62.0055.#4. Now, this is a unique address from which you can be uniquely identified. If anyone willing to send you a parcel can just address the parcel with this and the parcel will reach to you with ease. This is like having an IP address.
Obviously your address will keep on changing if you keep travelling from one place to another but your name won’t. Same is the case with MAC and IP address. MAC address won’t change once assigned to a device. However, IP will keep changing by Pankaj Kedia .
Now we understand that we need ARP protocol and why we need it
Let’s jump about how ARP works
Let’s assume that Fred want to send message to Barney
First Fred know the Barney IP because they are in the same LAN (Local Network Area) , Fred is missing Barney MAC address to send his message , So Fred PC will send a ARP broadcasts request packet to all the machines on the LAN and asks if any of the machines are using Barney IP address
But what are the contents of this packet ?
Hardware Type : This field specifies the type of the hardware used for LAN way to transmit the ARP message
Protocol Type : This field is the complement of the Hardware Type field, specifying the type of layer three addresses used in the message. For IPv4 addresses, this value is 2048 (0800 hex), which corresponds to the EtherType code for the Internet Protocol.
Hardware Address Length : Specifies how long hardware addresses are in this message. For Ethernet or other networks using IEEE 802 MAC addresses, the value is 6.
Protocol Address Length : Again, the complement of the preceding field; specifies how long protocol (layer three) addresses are in this message. For IP(v4) addresses this value is of course 4.
Opcode : Specifies the types of ARP packet contained. Opcode 1 is the Request packet, opcode 2 is the Replay , …
Sender Hardware Address : Hardware address (MAC) of the device sending the message.
Sender Protocol Address : The IP address of the device sending this message (Fred IP) .
Target Hardware Address : The hardware (layer two) address of the device this message is being sent to. This is the IP datagram destination device on a request, and the IP datagram source on a reply)
Target Protocol Address : The IP address of the device this message is being sent to (Barney) .
Let’s capture the packet with wireshark
Note : what is 00:00:00:00:00:00 or FF:FF:FF:FF:FF:FF is a broadcast MAC address forward to the router to flood it to the all network
Once Barney Get the ARP replay message it will send a unicast message to Fred with it’s MAC address
It is the same as request packet but with the sender MAC (Barney)
Let’s capture it with wireshark too
Pingo Barney Mac is 40:00:00:00:00:00 Now they can send message to each other
Now we understand what is ARP and how it works , So what is Gratuitous ARP ?
First let’s talk about small problem
Let’s assume that you have a router and you changed it’s MAC manually or you have 2 path to another LAN One is active and another is backup and the active one is down for reason , So in all scenarios all nodes can’t reach you because they have the old MAC address
This is where Gratuitous ARP comes into play , That do not need any request to be sent. This message is sent as Broadcast message to all the nodes in the network to ask the other systems to update their ARP cache with the new information.
What is Arp cashe ?
ARP caching is the method of storing network addresses and the associated data-link addresses in memory for a period of time as the addresses are learned. This minimizes the use of valuable network resources to broadcast for the same address each time a datagram is sent. The cache entries must be maintained because the information could become outdated, so it is critical that the cache entries are set to expire periodically. Every device on a network updates its tables as addresses are broadcast.
There are static ARP cache entries and dynamic ARP cache entries. Static entries are manually configured and kept in the cache table on a permanent basis. Static entries are best for devices that have to communicate with other devices usually in the same network on a regular basis.
Let’s assume you are Host_1 and you change your Mac address , Gratuitous ARP provide to inform other nodes about the new MAC address and the IP to MAC Mapping
But what are the contents of this packet ?
The Gratuitous ARP is like ARP replay packet
pingo we inform all nodes that we change our Mac address
But what happen if any Host can change his Mac address to another Host ?!
By logic he will receive the his messages , he can also forward this message to him after change it content or just monitoring the packets and get sensitive data , This is what called ARP spoofing , ARP poisoing and MITM ( man in the middle attacks ) that what i will explaind how to do and prevent in the next articles stay tuned my friend
Last updated