142
◾
Ethical Hacking and Penetration Testing Guide
Once an attacker successfully
becomes the man in the middle, he can perform many attacks
on the target network such as capturing all the traffic, denial of service attacks,
dns spoofing, and
session hijacking, to name a few.
ARP Protocol Basics
ARP stands for address resolution protocol. It runs upon the link layer (Layer 2) of the OSI model.
Its purpose is to
resolve an IP address to a MAC address
. Any piece of hardware
that connects to the
Internet has a unique MAC address associated with it.
How ARP Works
192.168.1.2
192.168.1.3
Host B
Host A
Printer
So let’s imagine the scenario shown in the image, where on a switch-based network, “Host A” with
an IP 192.168.1.2 would like to communicate with “Host B” with an IP 192.168.1.3.
In order to
communicate on a local area, Host A would need to have the MAC address of Host B.
Host A will look inside its ARP cache and see if the entry for Host B’s IP address is present
inside the ARP table. If it’s not present, Host A will send an ARP broadcast
packet to every device
on the network asking “Who has Host B’s IP address?”
Once Host B receives the ARP request, it will send an ARP reply telling Host A “I am
Host B and here is my MAC address.” The MAC address would be then saved inside the ARP
table. An ARP cache contains a list of the IP and MAC addresses of every host we have com-
municated with.
