When a machine wants to send a packet on an Ethernet network, it has the IP address but not the MAC address of the receiving machine, but for the data to be transmitted to the destination the MAC address is needed.
The protocol that determines the MAC address from the IP address is called ARP.
Address Resolution Protocol (ARP) is a tool that allows devices to communicate when they do not have all the information they need about the device they want to communicate with. Hackers use ARP to find legitimate users MAC and IPs by using a method called “gratuitous ARP”. Immediately after he finds these addresses, he can use them to access the confidential data of those network users.
ARP is used to convert the Internet Protocol (IP) address into its physical correspondence called MAC.
Once the physical address is found, it is included in a table in the RAM memory of the source computer.
Each network computer has its own ARP table in which it records the gateway’s MAC and IP addresses as well as its own MAC and IP addresses. When they want to transmit something on the network, each computer uses this information.
How ARP works:
1. When a device tries to send something to another network device via Ethernet, the first thing you need to do is determine the target MAC address. IP-to-MAC mappings are derived from the ARP cache within each device.
2. If the IP address does not appear in the device cache, it can not send a message to its target. He must first send an ARP request to the local subnet.
3. The IP host will send an ARP response in response to the request, allowing the device that wants to send the message to update the cache and start broadcasting the message effectively.
We have seen that the address resolution protocol is based on data link broadcasts. Routers, on the other hand, do not propagate the data link layer packets outside their network.
There are two ways that stations in different networks can communicate: default gateway and ARP proxy.
Proxy ARP is an extension of the address resolution protocol. Starting from the fact that the router will not transfer the streaming packets, Proxy ARP will cause the router to respond to all ARP requests for out-of-network addresses with its own MAC address.
For a given default machine, the gateway of an IP address is the address of the router that connects the network to which that station belongs. Once a default gateway has been specified, on the network level, the station will get a new assignment, determining whether or not the destination is accessing the network. If it is not, then it will not be initiated but will use the destination IP address and its’ MAC address.