modull9-Address Resolution Protocols

Questions and Answers

What is the primary function of the Address Resolution Protocol (ARP)?

• To map a MAC address to an IP address on a remote network.
• To manage data flow within a remote IPv4 network.
• To map an IPv4 address to a MAC address on a local network. (correct)
• To directly modify the default gateway settings on a device.

What happens when an ARP table entry times out?

• The MAC address is cached indefinitely for future use.
• An ARP reply is automatically broadcasted to all devices.
• A new ARP request must be sent to re-acquire the MAC address. (correct)
• The entry is removed permanently and cannot be restored.

In which scenario would a default gateway's MAC address need to be resolved using ARP?

• When a device needs to communicate with an IP address located on a different subnet. (correct)
• When a device changes its own IP address.
• When a device receives an ARP probe from another device.
• When sending data to another device on the same local subnet.

What is one of the key differences between ARP for IPv4 and Neighbor Discovery (ND) for IPv6?

ARP uses broadcast requests, while ND utilizes multicast for solicitation. (C)

What command would you use on a Cisco Router to view the ARP table?

show ip arp (A)

Which mechanism can a malicious host use to exploit ARP?

ARP poisoning to impersonate another IP. (D)

What is the purpose of Neighbor Solicitation messages in IPv6 Neighbor Discovery?

To request the MAC address corresponding to a specific IPv6 address. (B)

What type of ARP message is sent when a device needs to find out the MAC address for an IP address not in its ARP table?

Broadcast ARP request (A)

Flashcards

ARP (Address Resolution Protocol)

A networking protocol that resolves IPv4 addresses to MAC addresses on a local network.

ARP Table

A temporary table stored in the RAM of a device that maps IPv4 addresses to corresponding MAC addresses.

ARP Request

A broadcast message sent on a local network when a device needs to find the MAC address for a specific IPv4 address.

ARP Reply

A unicast message sent by a device in response to an ARP request, containing the device's MAC address.

ARP Spoofing (ARP Poisoning)

A form of network attack where a malicious device sends fake ARP replies to manipulate the ARP table of other devices, potentially intercepting network traffic.

Neighbor Discovery (ND)

The IPv6 equivalent of ARP, used to resolve IPv6 addresses to MAC addresses using ICMPv6.

Neighbor Solicitation

A message sent over ICMPv6 to query for the MAC address of a device associated with a given IPv6 address.

Neighbor Advertisement

A message sent over ICMPv6 by a device in response to a Neighbor Solicitation, providing its MAC address.

Study Notes

Address Resolution Protocols

• Devices on Ethernet LANs need both logical (IP) and physical (MAC) addresses.
• To transmit data, a host requires the destination MAC address.

IPv4 Address Resolution Protocol (ARP)

• ARP maps IPv4 addresses to MAC addresses on a local network.
• ARP maintains a temporary ARP table (cache).
• ARP Request: A broadcast message ("Who has IP x.x.x.x? Tell me your MAC!") sent if the MAC is not in the ARP table.
• Destination MAC = FF:FF:FF:FF:FF:FF (all devices on the local LAN).
• ARP Reply: A unicast response from the device with the matching IPv4 address ("My MAC is XX:XX:XX:XX:XX:XX").
• Sender updates its ARP table with the new information.
• To send to a remote IPv4 network, the destination MAC is the default gateway's MAC.
• ARP table entries timeout (e.g., 15-45 seconds on Windows).

IPv6 Neighbor Discovery (ND)

• IPv6 uses ICMPv6 for address resolution and other tasks.
• Neighbor Solicitation: "Who has IPv6 address X?" (using multicast addresses).
• Neighbor Advertisement: "I have IPv6 address X; MAC is Y."
• ND is analogous to ARP, but uses ICMPv6 and multicast.

Data Flow Summarization (IPv4)

• Local IPv4: Check ARP table for destination IP's MAC; if not found, send a broadcast ARP request, receive a reply, update ARP cache, and send the frame.
• Remote IPv4: Destination is off-network; uses default gateway's MAC (obtained via ARP if needed) and sends frames to the router.

Data Flow Summarization (IPv6)

• Local/remote IPv6: Check Neighbor Cache for destination or gateway's MAC; if not found, send an ICMPv6 Neighbor Solicitation to a special multicast address, receive a reply, and update the neighbor cache, sending the frames.

ARP and ND Differences

• ARP uses broadcasts; ND uses special multicast addresses (with ICMPv6).
• This difference in addressing is key when troubleshooting or configuring IPv4 vs. IPv6 networks.

ARP Table Maintenance

• Entries time out to prevent stale data.
• Command examples (Windows & Cisco Router):
  • Windows: arp -a
  • Cisco Router: show ip arp

ARP Issues

• Excessive ARP broadcasts can overwhelm the network and cause brief congestion.
• Spoofing (ARP poisoning) allows malicious hosts to intercept data.