The Magic of ARP ( Address Resolution Protocol )
Ever wondered how your data and information are exchanged in Internet ? Well there are different process involved for a single packet to be transferred from a source to the destination. Mostly we transfer these data in IPv4 format. In IPv4 format, the source address and the destination address must be clearly defined. By address I mean the IPv4 address. Every device on a computer network will be assigned a special IP address. These IP address of a device might change from time to time. In order to make sure the packets are exchanged between the authenticated devices a router needs to keep track of the device MAC address. Hence for this purpose ARP( Address Resolution Protocol ) plays a vital role.
ARP to the rescue
ARP also known as Address Resolution Protocol is the protocol used by the Internet Protocol (IP) to determine the link layer address as the Mac Address. In simple ARP hepls to map the IP address with the MAC address.
What is a MAC address ?
A MAC address is a unique address given to NIC ( Network Interface Card ) of device. Its a 48 bit address and contains information about the manufacturer and device serial number.
Why do we need to map the IP address with the MAC address?
The IPv4 ( IP version 4 ) address are 32 bits in length. But the MAC address of a device is 48 bit in length. Due to this reason a relationship between them should be maintained. Hence in order to maintain a relationship between IP and MAC address, a table called ARP cache is used. In order to see the ARP cache in Linux, all you need to do is type the following command:
arp -a
This command will show you the ARP cache in your device. In my case it was some thing like this,
Here I can see my router MAC address which is at 192.168.100.1 and also the MAC address of my mobile.
What’s the use of the ARP table?
When I want to send an IP packet to the internet, the first destination should be my router. My router after receiving these packets sends those data over the internet. So you will need ARP to at least resolve the router in order to use the internet. Next thing is that with ARP you can also find the list of devices available in LAN. ARP is used by many networking tools to effectively find the devices in your network.
How does ARP work ?
Well the basic working principle is that, a device send an ARP request message as broadcast shown as below,
who has X.X.X.X tell Y.Y.Y.Y
So any device in LAN can get this message. The targeted devices when receives these copies of message responds as below,
X.X.X.X is at hh:hh:hh:hh:hh:hh
The APR broadcast of my Samsung mobile, seen from my computer looks something like this,
The highlighted part is the reply given by my computer.
Can ARP be misused ?
Hell yeah! ARP is misused a lot and they are difficult to identify. When your device is tricked by some false ARP messages, you direct your packets to the attacker. These attacks are called ARP spoofing and are very simple to effectively monitor the data packet flow. Hence ARP is also used to perform Man in the Middle Attacks.
How to prevent from ARP spoofing ?
Here are some of the tips to prevent yourself from ARP spoofing :
- Use VPN : VPN bounds yourself in an encrypted environment so that your data exchange over the internet cannot be monitored easily
- Static ARP : Static ARP can prevent you from simple ARP attack but cannot be totally relied upon.
- Use switches that detects these attacks : ARP proof switches can also prevent yourself from these attacks. Most of the modern switches are ARP proof switches.
My thoughts
Besides everything mentioned above, there are also some other methods to prevent ARP spoofing. You can use packet filtering tools to monitor every packets to detect these attacks, but the main point is that, no matter how much we try there are always possibilities that we may be a victim of some cyber attacks. Also these points does not seem to be feasible to normal computer users. So what i think is we need to teach people not only to use computer but also to be protected from its vulnerabilities. Thank you for reading!!