BAI513 - PROTOCOLS

ARP

BAIST – Network Management

Objectives

At the end of this presentation, the student will be able to:– Describe the history of ARP– Describe the ARP Address Resolution

Process – Describe the fields contained in the ARP

header.

History of ARP

ARP is not your typical protocol– Non-routable– No network layer component

Used for resolution of MAC-layer address with a known L3 address– Also used to test for duplicate IP

addresses on a network segment• DHCP test

Types of ARP Packets

Two types– ARP request– ARP reply

Both use the same format– Differentiated by the ‘Opcode’ field

How ARP Works

Machines using ARP maintain a local cache of addresses already resolved– Cuts down on broadcasts on the network– Use command ‘arp –a’ from the

command prompt of your PC to view– Entry is removed if not used within a

certain period of time– Machine looks to local cache first before

sending ARP request on network

Sample Network

How ARP Works

Host-1 needs to talk to host-4

– No local cache entry

Therefore

– Host-1 broadcasts an ARP request to all devices on subnet 1

• A query asking what is the MAC address of the host using IP address of 172.16.1.12/24

How ARP Works

All devices on subnet 1 compare their IP address with the enclosed IP address sent by host-1

– Address not theirs, they ignore it

How ARP Works

The router will also receive the packet

– Knows that the IP address for Host-4 is on a different subnet

– Knows that it is connected to the subnet on which Host-4 resides

How ARP Works

Router will check its ARP cache

– Two possibilities

• Router knows information

– Router will respond to host-1 with an ARP reply which contains its own (the routers) MAC address

– Host-1 will then always send packets destined for Host-4 to the router, which will then send the packet on

How ARP Works

Router will check its ARP cache

– Two possibilities

• Router doesn’t know information

– Router will send its own ARP request out on host-4’s subnet asking for host-4’s MAC address

– If host-4 is up and responding, it will reply back to the router with an ARP reply

» If host-4 is not up, no reply, and we won’t get there

» But that is fairly obvious, wasn’t it?

How ARP Works

Router will update its ARP cache to include an entry from host-4

• Router will then respond to host-1’s ARP request with an ARP reply, as described above.

ARP Frame

ARP Header Fields

ARP Example

2 Byte

s

2 Bytes 1 Byte 1 Byte 2 Bytes Variable Variable Variable Variable

Hardware Type

Protocol Type

Hardware

Length

Protocol Length

Operation Source Hardware Address

Source Protocol Address

Target Hardware Address

Target Protocol Address

0001 0800 06 04 0001 00 00 c0 93 19 00 c0 99 b9 64 ff ff ff ff ff ff c0 99b9 32

0000: ff ff ff ff ff ff 00 00 c0 93 19 00 08 06 00 01 0010: 08 00 06 04 00 01 00 00 c0 93 19 00 c0 99 b9 64 0020: ff ff ff ff ff ff c0 99 b9 32 00 00 55 00 00 dc 0030: 00 6c 00 d6 00 00 00 a3 00 00 00 41

Ethernet Header – Destination (6 Bytes), Source (6 bytes ), Layer 3 Protocol (2 Bytes)

ARP Header Fields Hardware type field (16 bits)

– This field (the last 2 bytes on the first line) indicates the hardware type used in the physical layer of the network

• In the chart below (taken from RFC 1700) the hex code of 00 01 identifies this hardware type as Ethernet

Type Description Type Description 1 Ethernet (10 Mb) 9 Lanstar 2 Experimental Ethernet 10 Autonet Short Address 3 Amateur Radio AX.25 11 LocalTalk 4 Proteon ProNET Token Ring 12 LocalNet 5 Chaos 13 Ultra Link 6 IEEE 802 Networks 14 SMDS 7 ARCNET 15 Frame Relay 8 Hyperchannel 16 ATM

ARP Header Fields

ARP protocol type

This field shows the type of network protocol address that is used in the network (0x0800 = IPv4)

Uses same chart as Ethernet Protocol Type

ARP has only been implemented for IP so far

ARP Header Fields

ARP Hardware Length Identifies the number of bytes used in the

hardware address by both the source and target hosts– this field will remain constant for Ethernet

• 48 bits = 12 hex digits = 6 bytes

ARP Header Fields

ARP Protocol Length Sets the number of bytes that the two

protocols address (source and target) will contain in the ARP– Since the Protocol Type field has been set to 08 00

for IP and the current length of IP addresses is 4 bytes, this field must contain a value of 04 hex which is also 4 in decimal value.

ARP Header Fields

ARP Operation (Opcode)

Identifies the operation ARP is attempting

– ARP Request will be identified with an Operation Code of 0001

– ARP Reply will be identified with and Operation Code of 0002

• Other codes also possible – check book

– Page 56

ARP Header Fields

ARP Source Hardware Address Identical to the source hardware address field in the

Ethernet Header – repeated because the Ethernet Header is stripped from the packet

before it is sent to the Network Layer for processing

ARP Source Protocol Address contains the IP address of the station sending the message

– represents the 4-byte IP address and is sent as 8 hex characters

ARP Header Fields

ARP Target Hardware Address Filled with ones to display a 6-byte field of ff ff ff ff ff ff

– Some vendors will use all zeros as filler

– It is up to the receiver to provide the proper hardware address

ARP Target Protocol Address Field that will be used by all stations that receive this

packet to check against their own assigned IP address – If they match, the station will then update its ARP cache and provide an

ARP reply

ARP Options Field

Data (Variable)

– On Ethernet networks using TCP/IP this field is most often used for padding

– Due to the size of the Ethernet MAC and IP addresses, this field is used for about 18 bytes of padding

– Other network address schemes such as IPv6 do not require this field.

Summary

This presentation covered information that allowed the student to:– Describe the history of ARP– Describe the ARP address resolution

process – Describe the fields contained in the ARP

header.