HP 635n Practical IPsec Deployment for Printing and Imaging Devices - Page 21

PING B Device-1 Cache (IP:MAC) B:[empty] IP Address: A Ethernet Address: 1 Device-1 Will the Device with IP Address B tell me what their Ethernet Address is? Device-2 Cache (IP:MAC) A:[empty] IP Address: B Ethernet Address: 2 All Devices on the network receive this packet Device-2 "Device-1 is asking for my Ethernet Address. I better respond. They may have something important to send me!" Device-1 Packet is sent directly to the requesting Device "Here is my Ethernet Address" Device-2 "When Device-1 asked for my Ethernet address, they were kind enough to tell me their IP address and Ethernet address. That saves me time!" Device-1 Cache B:2 IP Address: A Ethernet Address: 1 PING PROTOCOL Device-2 Cache A:1 From Device-1 to Device-2 Ethernet: TO: 2 Ethernet: FROM: 1 IP: TO: B IP: FROM: A Figure 19 - Ping Communication IP Address: B Ethernet Address: 2 Figure 19 goes through an example of what would happen if a "Ping" command was executed on a device. The top diagram shows the breakdown of IP/Ethernet addressing and also shows an empty cache on both Device-1 and Device2. When Device-1 is trying to send a ping packet to Device-2, the cache is referenced. However, the cache is empty. Device-1 sends out an Ethernet frame asking for Device-2's Ethernet address as shown in the second diagram. Device-2 receives the frame and responds as shown in the third and fourth diagrams. Once the cache is filled, communication can proceed normally. Although we've used "Ping" as an example, this process is not exclusive to "Ping" but is used in almost all types of IP communication. A MITM attack against Device-1 and Device-2 is going to target the cache and manipulate the values. Refer to Figure 20 - MITM. 21