Friday, July 1, 2011

What is ARP? [Information]

 Since I've explained now how to get Backtrack 5, if you're still not on Linux then go install it now before all the fun stuff starts!
As for today's post I'll be explaining an important part about netsec: Address Resolution Protocol.

Understanding ARP, or Address Resolution Protocol, is a key part in understanding how networks communicate.

You can think of ARP as a phonebook for computers on a network.
Say the computer "Bob-PC" wants to send a message to "Meg-Laptop" but only has its local IP address. Computers require the "physical" address or MAC (Media Access Control) address to send messages, so Bob's computer needs to find out Meg's MAC. How would it do this?
Well, what Bob's computer does is checks its own "ARP cache" which is a list of computers it has stored with their IPs (such as and MAC address (such as 00:1C:F2:D2:55), and if it finds the corresponding physical (MAC) address to the IP address it has for Meg's laptop, its all good to go!

But what if Bob's PC's ARP cache doesn't have Meg's laptop listed?
Well, ARP has this sorted out. It sends out a "broadcast ARP message" to the network saying "hey, who is (Megs-Laptop)?" and receives a response from Meg's laptop saying "hey, that's me! My MAC address is 00:1C:F2:D2:55!"
Bob's PC then stores that information in its ARP cache for later use.

How hackers can use this to infiltrate systems is doing something called "ARP poisoning" and can be explained using this image from Wikipedia:
The malicious user, or hacker, listens in on the network and changes the ARP cache of the receiving "LAN user" to send messages to the malicious user FIRST, then back out to the corresponding target (in this case, the LAN Gateway.
This way, the hacker can view all the network traffic between the User and Gateway and change certain inquires, whether it be to an HTTPS (secure connection) site or any site in general.
We will be using this in the near future to sniff passwords from any site (HTTP and HTTPS) and show how dangerous an unwanted user on your network really is.

You can view your computer's ARP cache by typing "arp -a" into the command line on Windows or Linux and view the IP addresses and corresponding MAC addresses of each node your computer has saved.

Many users think that if they have a simple encryption on their network, it can't be broken. Some think that even if someone gains access into their network, it doesn't even matter! But this is FAR from the truth.
You will see how much damage a single user can cause on an unprotected network, whether it be through DNS spoofing (changing sites what certain IP addresses go to), password sniffing (Facebook, Google, Paypal, and Myspace passwords in clear text!), or DoS (denial of service) attacks.

This was a quick writeup and I'll be updating it frequently as I do with all my posts, but I wanted to get a quick post out to explain what ARP and ARP poisoning is, as it is vital in our path to learning network and computer security.


  1. True, you need to know about ARP in order to learn about computer security and networking.

  2. Yeah, this security flaws are amazing.

  3. Extremely informative. I'm not particularly knowledgeable about this stuff, glad I followed you!

  4. Great info.. Your blog seems really interesting i followd

  5. I dont know a lot about this kind of stuff, but interesting nonetheless. followed and looking forward to learn a bit here

  6. Thanks for the feedback guys!

  7. +Follower
    New to Linux and interested in networking technologies, good info man!

  8. As a total newbie to Linux and networking, I have to say I found this very well written and informative, and simple enough so dolts like me can understand what you're saying. Needless to say, I'm following from now on.

  9. You have excellent writing style. Simple, coherent, and short.

  10. how to send a malicious ARP to my router???plz help!!!

  11. What's up everyone, it's mу first visіt at
    this websіte, anԁ article iѕ in faсt fruitful in faνor of me, keер up ρoѕtіng ѕuсh poѕts.

    My web blоg :: pikavippi
    Feel free to surf my weblog ;

  12. Its such as уοu rеad my
    thoughts! Υοu ѕеem to grаsρ ѕo
    much apprοxіmately this, ѕuсh as you
    wrote the ebook in іt oг sοmеthing.

    I feel that you just cοuld do with sοme p.
    c. to force the mеssаgе home
    а little bit, but otheг than that, thаt is fаntastic blog.
    A great гead. Ӏ ωill ceгtainlу bе bаck.

    Ηеre is my homeрagе
    Here is my website ;

  13. Pleaѕe let me κnow if you're looking for a article author for your weblog. You have some really great articles and I think I would be a good asset. If you ever want to take some of the load off, I'd гeаlly
    liκe to wrіte some аrticles foг your blog in exchangе for a link baсk to mine.
    Ρlease blаst me an е-mail іf іnterestеd.

    Ηeге is my ѕіtе ::
    Half up half down hairstyles With braids
    My page - samsung galaxy note 2

  14. Excellent and very informative. I am glad that there is at least one literate poster who is willing to share information in such an easily read format.

  15. Thanks for sharing this post, it was great reading this article! would like to know more! keep in touch and stay connected
    Lucky Patcher
    whatsapp plus

  16. Concerning financial and business news you can buy in to a RSS channel. This gets you email alarms on the most recent breaking news in the business and hold division. Driving news channels and reporting work environments have overwhelmed the web. medios independientes

  17. Thank you so much for this post , I have never seen such a post like this before.
    pinoy tv tambayan replay

  18. Thank you so much for this post , I always wanted to see Post Like this
    pinoy teleserye replay hd

  19. Thank you so much for this post , I always wanted to see Post Like this

  20. Thank you so much for this post , I have never seen such a post like this before.

  21. This comment has been removed by the author.