D-Link DES-3828 Product Manual - Page 445
ARP Packet Content ACL, Appendix B
UPC - 790069276811
View all D-Link DES-3828 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 445 highlights
xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual Appendix B ARP Packet Content ACL Address Resolution Protocol (ARP) is the standard method for finding a host's hardware address (MAC address) when only its IP address is known. This protocol is vulnerable that crackers can spoof the IP and MAC information in the ARP packets to attack a LAN (known as ARP spoofing). This document is intended to introduce ARP protocol, ARP spoofing attacks, and the countermeasure brought by D-Link's switches to throttle the ARP spoofing attack. How Address Resolution Protocol works In the process of ARP, PC A will, firstly, issue an ARP request to query PC B's MAC address. The network structure is shown in Figure-1. C A 00-20-5C-01-33-33 Port 3 10.10.10.3 Port 4 Sender D Port 2 Port 1 00-20-5C-01-11-11 10.10.10.1 B Target 00-20-5C-01-44-44 10.10.10.4 Figure-1 00-20-5C-01-22-22 10.10.10.2 At the mean time, PC A's MAC address will be written into the "Sender H/W Address" and its IP address will be written into the "Sender Protocol Address" in ARP payload. As PC B's MAC address is unknown, the "Target H/W Address" will be "00-00-00-0000-00" while PC B's IP address will be written into the "Target Protocol Address", shown in Table-1. H/W Protocol H/W Protocol Operation type type address address length length ARP request Table -1 (ARP Payload) Sender H/W address 00-20-5C-01-11-11 Sender protocol address 10.10.10.1 Target H/W address 00-00-00-00-00-00 Target protocol address 10.10.10.2 The ARP request will be encapsulated into Ethernet frame and sent out. As can be seen in Table-2, the "Source Address" in the Ethernet frame will be PC A's MAC address. Since ARP request is sent via broadcast, the "Destination address" is in a format of Ethernet broadcast (FF-FF-FF-FF-FF-FF). Table-2 (Ethernet frame format) Destination address FF-FF-FF-FF-FF-FF Source address 00-20-5C-01-11-11 Ether-type ARP FCS 441