ARP (Address Resolution Protocol) is a protocol that used by switch to be able to identified which MAC address associated with which IP address,ARP work on layer 2 protocol. Here is how ARP protocol work,
- The client computer will say ‘hello’ to the switch
- The switch will write the MAC address and IP Address down on the ARP Table
- Each time a data packet to certain IP address arrive, the switch will know to which computer it must forward the packet
ARP tables
ARP tables are located both in switch and your computer. ARP table will be updated every time new packet with IP address and MAC address arrive. You can refresh the ARP table by sending ping packet to any computer in the network or just say it to the gateway. Or the best way is by broadcasting arp packets in the network.
ARP Spoofing
If a hacker try to make fake ARP packets, then it’s called ARP Spoofing, we can imagine ARP spoofing like this,
Mr.Hacker: “Hii, Mr gateway. I am Mr Hacker”
Mr.Gateway : “Okay, I will write your name down in my phone book”
Mr.Hacker: “Hii, Mr gateway. I am also Mr John”
Mr.Gateway : “I see, I see”
Mr.Hacker: “Hii, Mr gateway. I am also Mr Smith, Mr Paul, Mrs Jane, Mrs Marie, Mr Peter”
Mr.Gateway: “Okay, let me write down your names”
And Mr.hacker do this kind of prank every 1 second
Mr.Paul: “Hii, Mr gateway, I want to browse http://google.com”
Mr.Gateway: “Sorry, but someone else named Mr.Paul has made reservation, are you trying to trick me?”
Mr.Hacker:”Ha ha haa.. I get all the bandwidth.”
In short, ARP Spoofing is a technique to make the targeted computer blinded from certain computer or even all computers. If you want to know, you can take a look to this site http://pramonotunggul.com/2009/12/15/netcut-for-linux-2/.
