Join the Webinar | Strong Protection Against Cyber Threats
Join Webinar
Join Webinar

What is ARP? Network Protocol and what does it consist of?

Contents Hide
1 What is ARP? Network Protocol and what does it consist of?
2 There are several protocols on the network
3 What is ARP?
3.1 Purpose of ARPs
3.2 Advantages of the Protocol
3.3 Disadvantages of the Protocol
4 ARP tables: What are they used for?
5 ARP cache
6 How to use this protocol?
6.1 Protocol example 1.
6.2 Protocol example 2.
7 Reverse ARP or RARP: How to use it?
8 Inverse Direction Resolution Protocol (InARP)
9 What is ARP Proxy?
9.1 How can Proxy ARP help?
9.2 The following will happen
10 About Proxy ARP in case of restriction
10.1 Advantages and disadvantages of proxy
11 ARP pinging

What is ARP? Network Protocol and what does it consist of?

Network protocols are a set of rules that control communication between elements connected to the same network. These rules are created by a set of instructions that make it easier for devices to recognize and connect with each other, as well as applying formatting rules to ensure messages are delivered appropriately from start to finish.

What formatting rules do is to question whether information is distributed in an orderly manner, whether it is accepted, or whether there is no violation of data transfer.

When communicating between computers connected to the same network, data is divided into smaller data packets. They usually have a range of 1500 bytes, this is because they are of the MTU (Maximum Transfer Unit) type, which is the most common in networks.

However, professional local networks utilize Jumbo Frames (MTU 9000 bytes) to improve information exchange, transfer smaller amounts of headers and save space.

After converting the information into smaller data, it needs to return to its original properties to be introduced in the application layer when it reaches its destination.

There are several protocols on the network

  • TCP/IP (Transmission Control Protocol / Internet Protocol) is a set of protocols whose main function is the connection between computers in a network.
  • FTP (File Transfer Protocol) is one of the best-known protocols created in 1971, its main function is to share files.
  • SSH (Secure Shell) provides access to a remote server through an encryption security system.
  • DNS (Domain Name System) is a server whose function is the translation of numbers that identify an IP.
  • HTTP (Hypertext Transfer Protocol), a hypertext and HTTPS transmission method that implements a secure system for transmitting information.

What is ARP?

ARP (Address Resolution Protocol), which means “Address Resolution Protocol” in Spanish, is used in the internal workings of a network and has the responsibility of converting the locations of higher-level methods (IP) into concrete addresses.

ARP is used in IEEE 802 networks, they are uniform so developer innovations can run simultaneously. ARP plays an important role among such protocols that depend on TCP/IP.

Purpose of ARPs

The function of ARP focuses on knowing the physical address (MAC) of an interface element, which is related to an IP (Internet Protocol) address.

This is where its name comes from. ARP is used in all broadcast LANs (Local Area Network) and is designed to support any network protocol, not just IP.

ARP is implemented when two hosts use the same network to send data between them and two of these entities must use a router as an intermediary.

Also, when a router needs to transmit data to a host with another similar device and when a router needs data to reach a host on the same network. Every computer has a registry to protect IP addresses, especially those with known MACs.

It should not be forgotten that in computing, the address is the address that allows the computer to find something among many things or records.

Advantages of the Protocol

The advantage of using the ARP protocol is that it is easy to use and can be extended throughout the network without notifying exit routers.

It reduces operating costs for Internet service providers, plus it creates no additional load on the network and there is no exchange of information between routers.

Disadvantages of the Protocol

The disadvantages of using the ARP protocol are that when the connection drops, the ARP tables will not be updated automatically, if there is any change in the network, the ARP tables must be reconfigured.

On the other hand, it has little capacity to change its size or configure itself to adapt to possible changes occurring in the network.

ARP tables: What are they used for?

These tables are responsible for connections between protocol layers and establishing connections between IP and MAC addresses within the local network.

In order for the correct data to arrive, each host needs to know the physical address of the other host so it can send packets to the correct recipients. These addresses will be stored in the ARP cache.

There are commands that allow you to automatically delete entries in the ARP table, either entirely or individually. To re-enter the ARP table, creation of a request must occur once again to obtain such a response.

ARP cache

The purpose is to store ARP entries showing IP and MAC addresses, there are two ways to store these addresses: Static and Dynamic.

This memory consumes a lot of resources and can cause problems with continuous communication via IP. A lot of time is spent on CPU requests from the host due to analysis performed on the requested packets.

How to use this protocol?

Protocol example 1.

If Host “A” does not know the Ethernet address that Host “B” has, which requires an IP packet to be sent to Host “B”, what it does is make an ARP request via broadcast.

Host “B”, which, if it has its own IP address, proceeds to register the requester’s IP address and then responds to the request. When the request reaches Host “B”, what is done is to store the request in the local table called ARP cache.

Protocol example 2.

If you have two hosts named “1” and “2” in different networks, if “1” needs to send packets to “3”, this element must be taken from network “1”.

In other words, it forwards what it wants to the physical address of the router in the output of '1' in a different network. This physical address can be obtained from the device's IP as long as the ARP table is used.

What if the entry is not found in the Table because a packet is forwarded to everyone? Meanwhile, the router looks for where to send the packet in its table and sends it over the appropriate interface.

It is repeated with all intermediate nodes until it reaches the router of the network where “C” is located.

Reverse ARP or RARP: How to use it?

Reverse ARP is a network protocol used by client computers on a local network to request an Internet Protocol (IPv4) address from a gateway router's ARP table.

A network administrator creates a table containing the routers used to generate the MAC address for the IP address respectively.

A specially configured host within the local area network called a RARP server will be responsible for such a broadcast packet.

This server tries to find the entry in the MAC address mapping table from the IP. If any entry in the table matches, the RARP server sends the response packet along with its IP address to the requesting device.

LAN technologies such as Ethernet, Ethernet II, Token Ring, and Fiber Distributed Data Interface (FDDI) support address resolution protocols.

RARP is not used in today's networks as there are much more specific protocols such as BOOTP (Bootstrap Protocol) and DHCP (Dynamic Host Configuration Protocol).

Inverse Direction Resolution Protocol (InARP)

For this protocol, instead of using or using Layer 3 addresses (IP addresses) to find MAC addresses, the opposite of ARP uses MAC addresses to find IP addresses.

As the name suggests, InARP is the opposite of ARP. Reverse ARP has now been replaced by BOOTP and later DHCP, but reverse ARP is used only for device configuration.

Reverse ARP is configured by default on ATM (asynchronous transfer mode) networks. InARP is used to find a Layer 2 address from a Layer 3 address (DLCI for Frame Relay).

Reverse ARP dynamically maps local DLCIs to remote IP addresses when configuring Frame Relay.

When we use reverse ARP, the DLCI of the remote router is known but its IP address is not. InARP sends a request to obtain this IP address and assign it to the Layer 2 Frame Relay DLCI.

What is ARP Proxy?

The mid-1027 RFC was created in 1987, it is basically an effective tool that allows configuration on most network elements, even Layer 3 devices.

Allowing one of these devices programmed to proxy ARP to participate in ARP requests that do not belong to it, allowing its MAC address to serve as a routing method for others.

How can Proxy ARP help?

The company will move all its personnel and structure to the new headquarters, but this move will be in parts. The migration is carried out separately for each division of the company.

The company has to work every day, so we can't stop working just because we're moving. Likewise, IP addresses must remain the same regardless of location, at the discretion of company representatives.

On this occasion, it is the responsibility of the department responsible for the technical and computer aspects of the organization to provide a rapid solution that ensures the fluidity and continuity of referrals.

At this point, PROXY ARP will be used to solve the situation. The company's address is 152.135.10 / 22, but these were omitted due to errors when designing the addresses (152.135.1.10, 152.135.1.21, 152.38.1.50, etc.).

The move is almost complete, but in order to guarantee the correct functioning of labor operations, it was decided to order the PROXY ARP.

It works with private networks where a third party is on a service provider's network and establishes a connection between them. Proxy ARP is already configured and connection is established between both networks.

The location to which the main servers are transferred (Center A) is responsible for specifying the company's IPs in a /32 format, and the previous workplace (Center B) indicates /25.

The following will happen

One or more users of a site must establish a connection with the other site to function properly; It should be noted that these networks share addressing and gateway. Will it be possible to establish such a connection between both places?

A related user asks ARP to find the MAC address of IP 152.135.1.10. If no proxy was used, knowing this data would not be a real possibility.

However, since Proxy ARP is used, the request is answered by the tool in question while it is programmed on the server.

What happens is that the tool will replace the main address with the required MAC address. Thanks to the tables containing the addresses, the Proxy will know that the address is detected by the connection (WAN).

According to PROXY ARP and Mac, data can be exchanged between both places in this way. Also, this is not one-sided, it can occur in both directions.

As you may have noticed, Proxy ARP is a valuable tool not only to solve such situations, but also to bring stability to a company's networks by avoiding inconveniences associated with transfers or other situations such as

About Proxy ARP in case of restriction

Thin ARP allows routers or switches to respond to ARP requests when the source and destination physical networks are different. All this is accomplished by counting the router as the switch with an active route to the destination address in the ARP request.

If the original address is in the same subnet and interface to which the user or entity requiring ARP belongs, the router will not give any response.

With unrestricted ARP Proxy, it is easy for the router or switch to respond to any ARP request.

The only thing is that this happens provided the router has an active route to the destination address of the ARP request. However, this route is not limited to just the interface receiving the request and does not need to be direct.

Advantages and disadvantages of proxy

Speaking of advantages, Proxy ARP has the advantage of having the ability to interoperate with a single router without altering or blocking the addressing tables of other connected devices on the same network.

The ideal types of networks for these tools are networks whose hosts do not perform pre-programmed gateway functions or contain any type of intelligence.

Among the disadvantages of proxy ARP is that the constant growth of the business is handled in a fluid manner, causing the presence of ARP in interconnected elements to be necessary. Security is another weak point as it doesn't really have a protection system.

Hosts should use higher capacity tables for IP-MAC address translation as well as address management and administration.

ARP pinging

If you choose to trigger a traditional ping command from a router, you can see right next to its output that its original address is the IP of the interface used by the router.

But by using a more comprehensive ping element, we will be able to change the initial location for any IP data belonging to the router.

This blanket ping is mostly implemented to gain exclusive management over the computer's scope and network connectivity. To use the command, extended ping is used on the privileged exec command line.

If you want to continue learning more about this type of topic, we invite you to visit our article. Types of internet How many are there really? Today you will know everything about this very necessary technology.

Categories Articles

Established in 2017 to provide consultancy, service and support services on information security, InfinitumIT carries out studies within the framework of cyber incident response services, secure code development/analysis, penetration tests, and blue/red teamwork.

Services

Products

Company

Resources

Copyright © 2023 InfinitumIT– All Rights Reserved.