csee w4140 networking laboratory
DESCRIPTION
CSEE W4140 Networking Laboratory. Lecture 2: ARP Jong Yul Kim 02.01.2010. Lab schedule. Lab access. You should have access by now. Please try the CRF door today and let me know if it doesn’t work. Lab door code. Any question?. About the homework About the lab. Hubs. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/1.jpg)
CSEE W4140Networking Laboratory
Lecture 2: ARP
Jong Yul Kim02.01.2010
![Page 2: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/2.jpg)
Lab scheduleTue 10 am Tue 4:10 pm Wed 6:10 pm
Varun Kyung Wha Aylin
Enlin Fan Dan
Sumeet Edward Alfredo
Sean Xiaotian Shashank
Mike Jack Monal
Marouane Yufei Tarun
Hung-Sheng Hao Zicong
Shafee Xu Cheng-Han
Chung-Ying Chao Xiao
Mandar Zhi An Abhishek
Xin Akash
![Page 3: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/3.jpg)
Lab access
You should have access by now. Please try the CRF door today and let me
know if it doesn’t work.
Lab door code
![Page 4: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/4.jpg)
Any question?
About the homework
About the lab
![Page 5: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/5.jpg)
In the lab, PCs are connected to a hub Hubs are simple repeaters
Hubs
Hub
![Page 6: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/6.jpg)
Bus Topology
Ethernet
Connecting PCs to hubs leads to a bus topology (logically)
Frame sent from one PC is sent to all PCs that share the bus
But only the PC that matches destination MAC address will process that frame
00:00:00:00:00 11:11:11:11:11:11 22:22:22:22:22:22
![Page 7: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/7.jpg)
Ethernet Encapsulation00:00:00:00:00:00
11:11:11:11:11:11
![Page 8: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/8.jpg)
What is ARP?
What does it stand for? Address Resolution Protocol
What does it do? Finds the MAC address of the owner of
an IP address
Ethernet MAC address (48 bit)ARP
IP address(32 bit)
Why do we need to find the MAC address?
![Page 9: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/9.jpg)
ARP Demo
http://www.osischool.com/protocol/arp/basic/index.php
Request is broadcast at layer 2 Reply is unicast at layer 2
ARP is plug-and-play. Administrators love plug-and-play.
![Page 10: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/10.jpg)
ARP Players ARP module
Processes ARP packets ARP cache
Stores <MAC addr, IP addr> in memory Deletes entry after timeout
(Typically 20 minutes) ARP protocol
Specifies the behavior of senders and receivers Defines the format of ARP packet Implemented in ARP module
![Page 11: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/11.jpg)
ARP Packet FormatDestination
address
6
ARP Request or ARP Reply
28
Sourceaddress
6 2
CRC
4
Type0x8060
Padding
10
Ethernet II header
Hardware type (2 bytes)
Hardware address length (1 byte)
Protocol address length (1 byte)
Operation code (2 bytes)
Target hardware address (tha)*
Protocol type (2 bytes)
Source hardware address (sha)*
Source protocol address (spa)*
Target protocol address (tpa)*
* Note: The length of the address fields is determined by the corresponding address length fields
![Page 12: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/12.jpg)
Transmitting within a LAN(Flow diagram for Linux)
Figure 26-5 from “Understanding Linux Network Internals” (O’Reilly)
![Page 13: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/13.jpg)
ARP Reception Algorithm in Ethernet and IP networks
Do I have Ethernet?
Do I speak IP?
Merge_flag = false?
Is the sender IP address already in my table?
Am I the target IP address?
Is this a Request?
Yes
Yes
Yes
Yes No
No
No
Yes
discard
No discard
No discard
No discard
Set merge_flag = false
Add sender’s <IP addr, MAC addr>
to table
Swap MAC/IP addr fields. Put local IP/MAC
addr in sender field.Set Opcode to Reply.Send packet to new
target MAC addr. end
YesUpdate the table with
sender MAC addr.Set merge_flag = true
![Page 14: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/14.jpg)
Reverse ARP (RFC 903)
Used before DHCP was invented
How would a host without an IP address request it reusing the ARP packet format?
How would a server reply?
![Page 15: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/15.jpg)
IPv4 Address Conflict Detection (RFC5227)
ARP can be modified slightly to detect IPv4 address conflicts
Two types Precaution before setting my IP address
ARP Probe Detection while using my IP address
ARP Announcement
![Page 16: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/16.jpg)
Do I speak Ethernet / IP?
Is the sender IP address mine?
Merge_flag = false?
Is the sender IP address already in my table?
Am I the target IP address?
Is this a Request?
Yes
No
Yes
Yes No
No
No
Yes
discard
Yes CONFLICT!(Stop using or defend.)
No discard
No discard
Set merge_flag = false
Add sender’s <IP addr, MAC addr>
to table
Swap MAC/IP addr fields. Put local IP/MAC
addr in sender field.Set Opcode to Reply.Send packet to new
target MAC addr. end
YesUpdate the table with
sender MAC addr.Set merge_flag = true
Modified ARP Reception Algorithm in Ethernet and IP networks
![Page 17: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/17.jpg)
ARP Probes “Is anyone using this address? If not, I’d like
to use it.” Sent when there is any change in
connectivity Should not send periodically Don’t use address if:
you see an ARP request or reply with same address I probed for in sender IP address field
you see another ARP probe looking for the same IP address
![Page 18: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/18.jpg)
ARP Probes
ARP Request packet Sender IP all zero (avoid polluting ARP
caches) Sender HW filled with my own Target IP Address I’m trying to probe Target HW ignored. (recommended:
all zero) Broadcast
![Page 19: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/19.jpg)
ARP Announcements
“I’m using this address.”
Sent when probe was successful(No other hosts using the address)
Purpose: update stale cache entries in other hosts
![Page 20: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/20.jpg)
ARP Announcements
ARP Request packet Sender IP Address I’m currently using Sender HW filled with my own Target IP Address I’m currently using Target HW ignored. (recommended:
all zero) Broadcast
![Page 21: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/21.jpg)
Ongoing Conflict Detection If ARP request or reply has my IP address
inside sender IP address field, there is an ongoing conflict.
Options: Cease using your IP address Defend your address
(awesome.. but what are the consequences?)
Ignoring is worst than ceasing. Why?
![Page 22: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/22.jpg)
ARP Spoofing
Malicious host sends unsolicited ARP replies to take over another host’s IP address
To do what? Passive sniffing Modifying packets Denial-of-service attack
![Page 23: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/23.jpg)
Proxy ARP
Host or router responds to ARP Request that arrives from one of its connected networks for a host that is on another of its connected networks.
128.143.137.1/1600:e0:f9:23:a8:20
128.143.71.1/24
128.143.0.0/16Subnet
128.143.71.0/24Subnet
Router137
ARP Request: What is the MAC address of 128.143.71.21?
128.143.137.144/16128.143.71.21/24
00:20:af:03:98:28
Argon Neon
ARP Reply: The MAC address of 128.143.71.21 is 00:e0:f9:23:a8:20
![Page 24: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/24.jpg)
Additional Questions Why not broadcast ARP replies?
When does it make sense to broadcast ARP replies?(Hint: detection of address conflict)
Why do we even have MAC addresses? (This is more related to Ethernet than ARP)
![Page 25: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/25.jpg)
Other topics
ARPING Software tool to ‘ping’ another host using
ARP
Inverse ARP (InARP) Layer 2 layer 3
“What IP address are you using?” Used in frame relay and ATM networks
![Page 26: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/26.jpg)
Main Points of Lab 2 Network tools
tcpdump wireshark netstat ifconfig
ARP and netmasks
Security of network applications
![Page 27: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/27.jpg)
Homework
Prelab 3 due on Friday (02.05.2010)
Lab report 1 due this week
Lab report 2 due by next week
Read Textbook Introduction Pages 25 ~ 34 (tcpdump, wireshark) – lab 2 pages 34 ~ 43 (Cisco IOS) – lab 3
![Page 28: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/28.jpg)
ARP in the network stack
Figure from TCP/IP Tutorial and Technical Overview
![Page 29: CSEE W4140 Networking Laboratory](https://reader030.vdocuments.site/reader030/viewer/2022020722/56813c08550346895da56c57/html5/thumbnails/29.jpg)
Processing of IP packets by network drivers
loopbackDriver
IP Input
Put on IPinput queue
ARPdemultiplex
Ethernet Frame
Ethernet
IP destination of packet= local IP address ?
IP destination = multicastor broadcast ?
IP Output
Put on IPinput queue
No: get MACaddress withARP
ARPPacket
IP datagram
No
Yes
YesEthernet
Driver