Posted on

Address Resolution Protocol

Communication on a network requires both physical and logical addresses.

  1. Physical Address – MAC Address
  2. Logical Address – IP Address

The physical address facilitates communication on a single network segment for devices that are connected through a layer 2 device such as a switch.

 

Figure MAC Address & Logical Address

 

Let’s look at a scenario where you want to SSH in to PC B from PC A using PC B’s IPv4 address. Let’s also assume these hosts are Linux hosts in the same network segment connected through a switch. So, at the terminal you enter the command ssh ippacket@192.168.10.2.

At this point the only missing information is the layer 2 Data Link data containing the MAC address of PC B.

 

Ok why do we need a MAC address?

We need a MAC address because switches that interconnect devices use MAC addresses to make forwarding decisions not IP addresses. Switch maintains a list of MAC addresses it learns in a table called the Content Addressable Memory (CAM). When a packet arrives on the ingress interface, it examines the destination MAC address and looks up the CAM table to determine the egress interface.

If the destination MAC address is unknown to a transmitting device, it will first check its local cache for the MAC address. If it is not there, then the target IP must be resolved to the corresponding MAC address through additional communication.

In our scenario, PC A will first look at its local ARP cache to see whether it has the corresponding MAC address for PC B’s IPv4 address 192.168.10.2. Initially, PC A will not have this information.

This is where address resolution protocol (ARP) comes to the rescue. The address resolution protocol is used to dynamically map a logical IP address (Network Layer Address) to a physical MAC Address (Data Link Layer Address). ARP is defined in RFC 826.

The ARP resolution process is as follows

  1. The transmitting computer sends out an ARP request saying my IP address is xx.xx.xx.xx and my MAC address is xx:xx:xx:xx:xx:xx. I need to send something to whoever has the IP address yy.yy.yy.yy but I don’t know it’s hardware address. Whoever has this IP address please reply back with your MAC address?
  2. This request is broadcasted to everyone on the network segment.
  3. Each TCP/IP host that receives this broadcast processes it and the packet is discarded by each host that does not own this IP address.
  4. However, the TCP/IP host that owns the IP address yy.yy.yy.yy responds back saying hey you with IP address xx.xx.xx.xx and MAC address xx:xx:xx:xx:xx:xx, I am the person you are looking for. Here is my MAC address yy:yy:yy:yy:yy:yy.
  5. Once this transmission is complete the transmitting device updates it’s ARP cache with MAC-to-IP address association and begin sending data.

 

The ARP Request

 

 

Figure The ARP Request

 

 

Let’s examine the packet capture of this process.

 

Figure Wireshark Capture of ARP Request

 

  1. ff:ff:ff:ff:ff:ff this is the Ethernet Broadcast address. Anything sent to this destination address will be sent to all TCP/IP hosts on that segment.
  2. This is the Source MAC address of this Ethernet frame, which is set to PC A’s MAC address.
  3. The packet’s opcode is set to 1 which indicates an ARP request.
  4. Inside the ARP request the Sender MAC address is set to PC A’s MAC address.
  5. Inside the ARP request the Sender IP address is set to PC A’s IPv4 address.
  6. Inside the ARP request the Target MAC address is unknown.
  7. Inside the ARP request the Target IP address is set to PC B’s IPv4 address.

 

The ARP Response

 

 

Figure The ARP Response

 

 

Let’s examine the packet capture of the ARP response process.

 

Figure Wireshark Capture of ARP Reply

 

  1. The Ethernet Destination MAC address is now set to PC A’s MAC Address.
  2. The Ethernet Source MAC Address is now set to PC B’s MAC Address.
  3. The packet’s opcode is now set to 2 indicating this is an ARP reply.
  4. The ARP Reply Sender MAC address is now set to PC B’s MAC Address.
  5. The ARP Reply Sender IP address is now set to PC B’s IP Address.
  6. The ARP Reply Target MAC address is now set to PC A’s MAC Address.
  7. The ARP Reply Target IP address is now set to PC A’s IP Address.

 

 

Posted on

Basic Cisco Router Configurations

This demonstration covers the basic Cisco router configuration steps, with demonstrations on how to configure host names; set the enable, console, and vty passwords; configure a message of the day banner; and configure each router for Telnet access. You will learn how to enable and disable DNS resolution, ensure that your console connection does not time out, and configure the console port so that console messages do not append to the command line. Finally, you will create a host file on each router to facilitate Telnet/SSH access. Continue reading Basic Cisco Router Configurations

Posted on

How To Setup GNS3 on a Windows 7 Computer

In this guide we are going to setup GNS3 on a computer running Windows 7.  GNS3 is a free network simulator that can simulate network hardware from vendors such as Cisco, Juniper and Arista etc. It is also an excellent tool for those who are studying for network certifications such as CCNA, CCNP and CCIE. Continue reading How To Setup GNS3 on a Windows 7 Computer

Posted on

Loading a Boot Image onto the Cisco ASA Firewall

I recently bought a Cisco ASA 5520 Firewall without a flash drive from eBay. I decided not to go ahead with an original Cisco flash drive and used a third party 512MB compact flash drive to load the IOS. When I powered it on it kept booting over and over again as it could not find a boot image. No surprise right? There was no boot image in the first place.

However, I had the same issue even when I had a boot image on the compact flash drive.

To fix the above issue here are the steps I had to follow to load an IOS to this third party compact flash drive in order to get the ASA to function properly. Continue reading Loading a Boot Image onto the Cisco ASA Firewall

Posted on

How to perform the Cisco tftpdnld ROMmon recovery

In this guide, we are going to look at how to load an IOS to a Cisco Router using the tftpdnld ROMmon command recovery procedure with a TFTP server at the 192.168.1.105 address, a 255.255.255.0 subnet mask, and a filename of c3845-adventerprisek9-mz.151-4.M10_2.bin. For those of you who are not familiar with the ROMmon, this is the program a Cisco device will boot in to when there is no IOS in the flash drive.

Continue reading How to perform the Cisco tftpdnld ROMmon recovery