ARP&Proxy ARP协议基本原理

Posted by: luke 2013-12-30 评论

定义

ARP and proxy ARP define methods for a host to learn another host’s MAC address
ARP和代理ARP定义一台主机学习令一台主机MAC地址的方法

ARP过程:

Fred follows a normal ARP process, broadcasting an ARP request, with R1’s E1 IP address as the target. The ARP message has a Target field of all 0s for the MAC address that needs to be learned, and a target IP address of the IP address whose MAC address it is searching, namely 10.1.1.1 in this case. The ARP reply lists the MAC address associated with the IP address, in this case, the
MAC address of R1’s E1 interface.
fred开始一个正常的ARP过程,广播一个ARP请求,以R1的E1口ip地址为目的;ARP数据包内包含一个全0的字段用来存放学习到的MAC地址,此例中目标ip地址为10.1.1.1;ARP应答包中包含一个对应此IP地址的MAC地址,此例中为R1的E1接口的物理地址

arp和proxy ARP区别

Proxy ARP uses the exact same ARP message as ARP, but the ARP request is actually requesting a MAC address that is not on the local subnet. Because the ARP request is broadcast on the local subnet
代理ARP和ARP使用相同的协议类型,但是在代理ARP中ARP请求的MAC和本主机不在同一个子网内,而ARP请求是基于本地子网进行广播的

ARP的安全分析:

ARP协议通过广播解析到对应的ARP地址后,就会将解析到的MAC和IP放入主机的缓存中,
如windows中的arp缓存信息:
C:Usersjianglixi>arp -a
接口: 172.16.6.57 — 0xc
  Internet 地址 物理地址 类型
  172.16.7.254 00-00-0c-07-ac-0c 动态
  172.16.7.255 ff-ff-ff-ff-ff-ff 静态
  224.0.0.22 01-00-5e-00-00-16 静态
下次通讯时,主机直接从缓存中取出ARP地址即可,无需重复广播的过程,隐患在于,黑客可以修改主机中的ARP缓存,从而达到破坏主机的正常通讯

发表评论

电子邮件地址不会被公开。 必填项已用*标注