- What are MAC addresses?<\/a><\/li>
- What is ARP?<\/a><\/li>
- How does it work?<\/a><\/li>
- Types of ARP<\/a><\/li>
- The vulnerability of ARP<\/a><\/li>
- To wrap it up\u2026<\/a><\/li><\/ul><\/div><\/div><\/div>\n\n\n
What are MAC addresses?<\/h3>\n\n\n\n
Apps and software connected to the internet will communicate with each other via IP addresses. This leaves us with the question, \u2018how do machines communicate with each other?\u2019 <\/p>\n\n\n\n
Well, they use something called a physical address, also known as a MAC (Media Access Control) address. Naturally, software and machines do need to communicate with each other and exchange information, so it\u2019s important to associate the IP address with its corresponding MAC address.<\/p>\n\n\n\n
However, IP and MAC addresses are not compatible with each other by default, so they need a protocol that helps \u201ctranslate\u201d these addresses in order to facilitate information exchange. And this is where ARP comes into play.<\/p>\n\n\n\n
![\"ARP](\"https:\/\/www.pubconcierge.com\/blog\/wp-content\/uploads\/2022\/10\/Pubconcierge-IPv4-vs-MAC-ARP.png\")
<\/figure>\n\n\n\nWhat is ARP?<\/h3>\n\n\n\n
Address Resolution Protocol (ARP) helps the communication of the devices connected to the network. It basically translates the software address (IP address) to the physical address (MAC address) of the host connected to the network.<\/p>\n\n\n\n
ARP is necessary for translation because IPv4 addresses are 32-bit, whereas MAC addresses are 48-bit. Without ARP, software and devices would not be able to send data to each other.<\/p>\n\n\n\n
ARP is part of the Open System Interconnection (OSI) model, more specifically being the link layer protocol in this model. \u2018Oh, what\u2019s OSI?\u2019 you might wonder. In essence, OSI is a reference model designed to help you understand how applications communicate over a network. <\/p>\n\n\n\n
OSI was created to offer a visual representation of how each communication layer (think of it as a part of something more complex) is built on top of the other with the goal of \u2018giving life\u2019 to the whole system: starting with the physical elements and then going layer by layer all the way to the application that’s trying to communicate with other devices on a network. Here are the seven layers in the OSI model in their respective stack-like order:<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.pubconcierge.com\/blog\/wp-content\/uploads\/2022\/10\/Pubconcierge-OSI-Model-ARP.png\")
<\/figure>\n\n\n\nIn this system, MAC addresses are a sublayer<\/strong> within the DATA LINK layer<\/strong>. The data link layer is responsible for maintaining the connection between two physically connected devices and allows them to transfer data between each other. <\/p>\n\n\n\n
On the other hand, IP addresses belong to the network layer<\/strong>, which forwards data with the help of different routers. It is important to understand that IP addresses do not have the final word when it comes to what destination the data has. That\u2019s because on the same network, an IP address needs to map the MAC address of another computer. <\/p>\n\n\n\n
So here comes ARP. Without it, a host would not be able to figure out the hardware address (the MAC address) of another host.<\/p>\n\n\n\n
How does it work?<\/h3>\n\n\n\n
The entire process can be broken down into two parts. It all starts when a source device wants to send an IPv4 packet to another device. First, the ARP program will try to find a MAC address that matches the IP address. This is done through something called ARP cache table<\/a>, which contains a record of each IP address and its corresponding MAC address, meaning a list of already translated addresses.<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.pubconcierge.com\/blog\/wp-content\/uploads\/2022\/10\/Pubconcierge-ARP-table-check.png\")
<\/figure>\n\n\n\nIf the verification process does not find an already existing translation, then the source server will form an ARP message to request the network address and send it over the Local Area Network (LAN). This is the second part of the entire lookup process, and the part in which the ARP request is performed. <\/p>\n\n\n\n
The ARP protocol sends a request packet to all the machines on the LAN and asks if any of the machines are using that particular IP address. When a machine recognizes the IP address as its own, it will send back an ARP message. In doing so, the cache table is updated with the new information and the two devices can then communicate with each other.<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.pubconcierge.com\/blog\/wp-content\/uploads\/2022\/10\/Pubconcierge-ARP-request.png\")
<\/figure>\n\n\n\n\u2018But what if a host machine does not know its own IP?\u2019 Well, it can make use of the Reverse ARP protocol for discovery.\u00a0<\/p>\n\n\n\n
As of the ARP cache table, it is important to know that it has a small size. That\u2019s why the cache periodically cleanses itself to free space for new entries, as addresses usually stay in the cache for only a few minutes. Frequent updates enable other devices in the network to see when a physical host changes their requested IP addresses. In the cleaning process, unused entries are deleted along with any failed attempts to communicate with computers that are not currently powered on. <\/p>\n\n\n\n
This is why ARP is so important for this process. The protocol is responsible for translating MAC and IPv4 addresses into a \u2018language\u2019 that devices can use to better communicate with each other.<\/p>\n\n\n\n
Types of ARP<\/h3>\n\n\n\n
There are four different types of Address Resolution Protocols. These are proxy, gratuitous, reverse and inverse. Let\u2019s discuss each of these a little more.<\/p>\n\n\n\n
- Proxy ARP <\/strong><\/li><\/ol>\n\n\n\n
Such protocol is responsible for handling requests coming from IP addresses that are not part of the local area network. As a result, it is the job of the protocol configured router to respond to request packets that come from a system that\u2019s not part of the host\u2019s network. <\/p>\n\n\n\n
Normally, after what we\u2019ve discussed, you would think the router will provide a MAC address of the target host. That\u2019s not the case here. What the router will do, instead, is present its own MAC address by acting as the gateway, the closest destination the packet can efficiently reach.\u00a0 That\u2019s the magic of proxy ARPs. They allow packets to be successfully transferred from one subnetwork to another.<\/p>\n\n\n\n
- Gratuitous ARP<\/strong><\/li><\/ol>\n\n\n\n
This one works as an ARP response that is not generated by an ARP request. What it essentially does is help hosts announce or update their IP-to-MAC associations to the whole network.<\/p>\n\n\n\n
- Reverse ARP<\/strong><\/li><\/ol>\n\n\n\n
That\u2019s the trick we talked about earlier when you hypothetically wondered about how host machines find out their own IPs. A Reverse Address Resolution Protocol requests IPv4 addresses from the ARP gateway router table.<\/p>\n\n\n\n
The device that wants to know its own IP will send an RARP packet with its own MAC address in the address field of both the sender and the receiver hardware. Then, the RARP server installed in the local network will respond to the request.<\/p>\n\n\n\n
Afterwards, this server will locate a mapping table entry that specifies what\u2019s the corresponding IP address of that particular MAC address. If there\u2019s a match, the server will send the response packet with the IP address of the requesting device.<\/p>\n\n\n\n
- Inverse ARP (InARP)<\/strong><\/li><\/ol>\n\n\n\n
As the name implies, it\u2019s the exact opposite of the traditional ARP. The inverse protocol maps IP addresses using the associated hardware (MAC) addresses. This is useful when a device knows the Data Link Connection Identifier (DLCI) of a remote router but does not know its own IP address.<\/p>\n\n\n\n
The vulnerability of ARP<\/h3>\n\n\n\n
Although Address Resolution Protocol is an outstanding translator which helps devices exchange information, it is not entirely safe from cyber attacks, which in turn puts the network at risk. Such attacks are usually called ARP spoofing, also known as cache poisoning or poison routing. This is done by sending fake ARP requests to the computers on a target LAN.<\/p>\n\n\n\n
This lets an attacker link their MAC address with the IP address of a device within the specific network. If the spoofing process is successful, the attacker\u2019s system receives data from the victim\u2019s computer.<\/p>\n\n\n\n
Obviously enough, this can lead to severe data breaches. What is more, this spoofing can make it easier to launch other types of attacks, such as:<\/p>\n\n\n\n
- Denial-of-Service (DoS) attacks<\/strong> – Overwhelming servers, computer systems and networks;<\/li>
- Man-in-the-Middle (MTM) attack<\/strong>s – Intercepting the information transmitted between two parties and compromising\/stealing it;<\/li>
- Session hijacking<\/strong> – Taking over a user\u2019s web session after stealing their session ID.<\/li><\/ul>\n\n\n\n
To wrap it up\u2026<\/h3>\n\n\n\n
ARP is every foreign language teacher\u2019s dream translator. It makes it easier for devices both on the same network and different networks to communicate with each other. Without it, software and devices would not be able to send data to each other, especially since the ARP table entries are only temporary.<\/p>\n\n\n\n
Address Resolution Protocol is part of the backbone that aids devices and applications communicate into a network. Literally, as it stands between the Layers 2 and 3 of the Open Systems Interconnection model.<\/p>\n\n\n\n
Whenever it\u2019s time for MAC and IP addresses to meet up, ARP is there to map them and ensure things are working properly and smoothly. This is thanks to the four different ARP types that take care of different communication situations within or without the network. <\/p>\n\n\n\n
Unfortunately, ARP is still security-sensitive, meaning it almost always risks becoming a target for cyber attacks designed to steal information. Not only that, but a compromised ARP also gives room for even more attack types that can seriously harm devices and networks.<\/p>\n","protected":false},"excerpt":{"rendered":"
If you thought classes in which you had to switch from English to a foreign language were difficult, wait until you hear how complex networks and computers really are when it comes to exchanging information. Sometimes, using only IP addresses to communicate across the Internet is simply not enough. Every application sending data across the… Continue reading Every Network needs a good Translator, and that\u2019s ARP – Here\u2019s why and how it is used<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":216,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ub_ctt_via":"","footnotes":""},"categories":[1,40],"tags":[30,7],"class_list":["post-211","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-network-protocols","category-what-is","tag-arp","tag-ipv4","entry"],"featured_image_src":"https:\/\/www.pubconcierge.com\/blog\/wp-content\/uploads\/2022\/10\/ARP-Pubconcierge.png","author_info":{"display_name":"Carol Zafiriadi","author_link":"https:\/\/www.pubconcierge.com\/blog\/author\/carol-editor\/"},"authors":[],"_links":{"self":[{"href":"https:\/\/www.pubconcierge.com\/blog\/wp-json\/wp\/v2\/posts\/211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pubconcierge.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pubconcierge.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pubconcierge.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pubconcierge.com\/blog\/wp-json\/wp\/v2\/comments?post=211"}],"version-history":[{"count":4,"href":"https:\/\/www.pubconcierge.com\/blog\/wp-json\/wp\/v2\/posts\/211\/revisions"}],"predecessor-version":[{"id":220,"href":"https:\/\/www.pubconcierge.com\/blog\/wp-json\/wp\/v2\/posts\/211\/revisions\/220"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pubconcierge.com\/blog\/wp-json\/wp\/v2\/media\/216"}],"wp:attachment":[{"href":"https:\/\/www.pubconcierge.com\/blog\/wp-json\/wp\/v2\/media?parent=211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pubconcierge.com\/blog\/wp-json\/wp\/v2\/categories?post=211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pubconcierge.com\/blog\/wp-json\/wp\/v2\/tags?post=211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Man-in-the-Middle (MTM) attack<\/strong>s – Intercepting the information transmitted between two parties and compromising\/stealing it;<\/li>
- Denial-of-Service (DoS) attacks<\/strong> – Overwhelming servers, computer systems and networks;<\/li>
- Inverse ARP (InARP)<\/strong><\/li><\/ol>\n\n\n\n
- Reverse ARP<\/strong><\/li><\/ol>\n\n\n\n
- Gratuitous ARP<\/strong><\/li><\/ol>\n\n\n\n
- What is ARP?<\/a><\/li>