2101 Ch10: ARP Basics and Functionality

Questions and Answers

What must occur again after an entry has been removed from the ARP table?

Send an ARP reply

Initiate a TCP handshake

Send an ARP request (correct)

Establish a UDP connection

What is a potential security risk associated with the ARP process?

UDP flooding

IP hijacking

ARP spoofing (correct)

DNS poisoning

Which ICMPv6 message is used for address resolution in the Neighbor Discovery protocol?

Router Advertisement

Router Solicitation

Redirect Message

Neighbor Advertisement (correct)

What mechanism does enterprise-grade switches use to mitigate ARP attacks?

Dynamic ARP inspection (DAI)

Which message is NOT part of the five ICMPv6 messages used in Neighbor Discovery?

ARP Request

What service does the redirect message in ICMPv6 Neighbor Discovery provide?

Better next-hop selection

What could occur if many devices are powered up simultaneously on a network?

Reduced performance temporarily

What happens after a device sends an ARP request?

Only the device with the matching IPv4 address replies.

What is a characteristic of the ARP reply?

Only the originating device receives the ARP reply.

What is ARP spoofing primarily used for?

Performing ARP poisoning attacks.

Which ICMPv6 message is NOT used by Neighbor Discovery?

Fake advertisement

Which of the following services does the Neighbor Discovery protocol provide for IPv6?

Address resolution

Which factor determines the removal of ARP table entries?

An ARP cache timer.

What do IPv6 devices use to resolve MAC addresses instead of ARP?

Neighbor Discovery protocol

What is a consequence of broadcasting an ARP request on a local network?

The network may slow down.

Which ICMPv6 message is responsible for soliciting router information?

Router solicitation

What is the purpose of the ARP type field set to 0x806?

It informs the NIC to pass data to the ARP process.

What happens to packets if no device responds to an ARP request?

The packets are dropped as a frame cannot be created.

What is a characteristic of static ARP entries?

They are manually entered and do not expire.

Which message types does ICMPv6 Neighbor Discovery rely on?

Neighbor solicitation and neighbor advertisement messages.

When a source device needs to send a frame to an IPv4 address on another network, what is used?

The MAC address of the default gateway.

What is one of the main risks associated with ARP spoofing?

Incorrect routing of packets in the network.

Why is dynamic ARP inspection recommended in networks?

It prevents unauthorized MAC address changes.

How frequently does the ARP cache timer remove inactive entries in a device?

Between 15 and 45 seconds for newer Windows OS.

What initial step does a host take when creating a packet for a destination IP address?

It compares the destination IP with its own IP.

Study Notes

ARP

• ARP is essential for mapping IPv4 addresses to MAC addresses
• Devices use ARP tables to store mappings of IPv4 addresses and corresponding MAC addresses.
• An ARP table entry has a timestamp and is removed if no traffic is received from the device before the timestamp expires.
• When a device needs to send a packet, it checks its ARP table for the destination IPv4 address and corresponding MAC address.
• If the address is in the ARP table, it uses the MAC address to create a frame.
• Otherwise, the sending device sends an ARP request, a broadcast frame, to find the MAC address associated with the destination IPv4 address.
• Devices that have the same target IPv4 address will respond with the matching MAC address.
• The reply is sent as a unicast frame to the device that sent the request.
• The device adds the mapping to its ARP table and can now send a frame to the destination.
• If no device responds to the ARP request, the packet is dropped.
• An ARP request is sent when the sender wants to determine the MAC address associated with an IPv4 address but doesn't have this mapping in its ARP table.
• Both ARP requests and replies are encapsulated in Ethernet frames—no IPv4 headers are used.

ARP Poisoning Attacks

• ARP poisoning attacks target the ARP table.
• An attacker can send a forged ARP reply that contains its MAC address rather than the legitimate device's MAC address, causing the receiving device to map the target IPv4 address to the attacker's MAC address.

IPv6 Neighbor Discovery Protocol

• IPv6 uses the Neighbor Discovery protocol (ND) to resolve IPv6 addresses to MAC addresses.
• ND is similar to ARP but uses ICMPv6 messages.
• It provides services like address resolution, router discovery, and redirection.
• ND uses five types of ICMPv6 messages: Neighbor Solicitation, Neighbor Advertisement, Router Solicitation, Router Advertisement, and Redirect.
• Neighbor Solicitation and Neighbor Advertisement messages are used for device-to-device communication.
• Router Solicitation and Router Advertisement messages are used for device-to-router communication.
• The Redirect message is used for route optimization.

Description

This quiz covers the essential functions of Address Resolution Protocol (ARP) in mapping IPv4 addresses to MAC addresses. You will learn how devices utilize ARP tables and the process involved in sending ARP requests and receiving responses. Test your understanding of ARP and its significance in network communication.