ARP(Address Resolution Protocol),ARP的基本功能就是通過目標設備的IP位址,查詢目標設備的MAC地址,以保證通信的順利進行。IPv6中已不再適用,並被ICMPv6取代。
在每台安裝有TCP/IP協議的電腦或路由器裡都有一個ARP緩存表,表裡的IP位址與MAC地址是一對應的,如下表所示。
| 主機名稱 | IP位址 | MAC地址 |
|---|---|---|
| A | 192.168.38.10 | 00-AA-00-62-D2-02 |
| B | 192.168.38.11 | 00-BB-00-62-C2-02 |
| C | 192.168.38.12 | 00-CC-00-62-C2-02 |
| D | 192.168.38.13 | 00-DD-00-62-C2-02 |
| E | 192.168.38.14 | 00-EE-00-62-C2-02 |
| ... | ... | ... |
以主機A(192.168.38.10)向主機B(192.168.38.11)發送數據為例。
當發送數據時,主機A會在自己的ARP緩存表中尋找是否有目標IP位址。如果找到了,也就知道了目標MAC地址為(00-BB-00-62-C2-02),直接把目標MAC地址寫入幀裡面發送就可以了;如果在ARP緩存表中沒有找到相對應的IP位址,主機A就會在網路上發送一個廣播(ARP request),目標MAC地址是「FF.FF.FF.FF.FF.FF」,這表示向同一網段內的所有主機發出這樣的詢 問:「192.168.38.11的MAC地址是什麼?」網路上其他主機並不響應ARP詢問,只有主機B接收到這個幀時,才向主機A做出這樣的回應(ARP response):「192.168.38.11的MAC地址是(00-BB-00-62-C2-02)」。 這樣,主機A就知道了主機B的MAC地址,它就可以向主機B發送信息了。同時它還更新了自己的ARP緩存表,下次再向主機B發送信息時,直接從ARP緩存表裡查找就可以了。
查詢ARP Table方法:
windows: 開始→運行→cmd→arp -a
linux: 終端→arp
The above fig shows the ARP format used , below is the explanation of each field:
Hardware type
Each data link layer protocol is assigned a number used in this field. For Ethernet it is 1.
Protocol type
Each protocol is assigned a number used in this field. For example, IPv4 is 0x0800.
Hardware length
Length in bytes of a hardware address. Ethernet addresses are 6 bytes long.
Protocol length
Length in bytes of a logical address. IPv4 addresses are 4 bytes long.
Operation
Specifies the operation the sender is performing: 1 for request, and 2 for reply.
There are actually four types of ARP messages that may be sent by the ARP protocol. These are identified by four values in the "operation" field of an ARP message. The types of message are:
1.ARP request
2.ARP reply
3.RARP request
4.RARP reply
Sender hardware address
Hardware address of the sender.
Sender protocol address
Protocol address of the sender.
Target hardware address
Hardware address of the intended receiver. This field is zero on request.
Target protocol address
Protocol address of the intended receiver.
更詳細的封包資訊可以查看http://www.ipv6.com/articles/general/Address-Resolution-Protocol.htm
下篇文章將介紹 ARP spoofing (ARP 欺騙攻擊)
一些參資料:
ARP 協定位址解析通訊協定(ARP)
沒有留言:
張貼留言
俗話說
凡走過必留下痕跡,凡住過必留下鄰居
凡爬過必留下樓梯,凡來過必留下IP
看過文章之後歡迎留下您寶貴的意見喔!