Logo free mcse ccna rhce linux java learning free mcse ccna rhce linux java learning
          Sharefacebook twitter google+ google bookmark yahoo bookmark delicious digg linkedin pinterest reddit stumbleupon evernote diigo blinklist blogmarks livejournal email feed


ARP (Address Resolution Protocol) Spoofing Attacks or ARP flooding or ARP poisoning

External Resources

A computer connected to an IP/Ethernet Local Area Network has two addresses. One is the MAC (Media Access Control) which is a globally unique and unchangeable address which is burned on the network card itself. MAC addresses are necessary so that the Ethernet protocol can send data back and forth, independent of whatever application protocols are used on top of it. Ethernet send and receive data based on MAC addresses. MAC address is also known as Layer2 address, physical address or Hardware address.

Other address is the IP address. IP is a protocol used by applications, independent of whatever network technology operates underneath it. Each computer on a network must have a unique IP address to communicate. Applications use IP address to communicate. IP address is also known as Layer 3 address or Logical address.

To explain it more clearly, the applications use IP address for communication and the low lying hardware use MAC address for communication. If an application running on a computer need to communicate with another computer using IP address, the first computer should resolve the MAC address of the second computer, because the lower layer Ethernet technologies use MAC addresses to deliver data. Click the following link to learn more about ARP (Address Resolution Protocol).

Operating Systems keep a cache of ARP replies to minimize the number of ARP requests. ARP is a stateless protocol and most operating systems will update their cache if a reply is received, regardless of whether they have sent out an actual request.

ARP (Address Resolution Protocol) Spoofing attacks (ARP flooding or ARP poisoning) help an attacker to sniff data frames on a local area network (LAN), modify the traffic etc. ARP Spoofing attacks are made by sending fake ARP messages to an Ethernet LAN. The purpose of this is to associate the attacker's MAC address with the IP address of another computer, generally the default gateway. Here any traffic sent to the default gateway would be mistakenly sent to the attacker instead. The attacker can then forward the traffic to the actual default gateway after sniffing or modify the data before forwarding it.

              Jajish Thomason Google+
Related Topics

No Related Topics Available

comments powered by Disqus

eXTReMe Tracker