Joke Collection Website - Talk about mood - What exactly is ARP? What is the principle? Simply put.

What exactly is ARP? What is the principle? Simply put.

1. First of all, let me tell you what ARP (Address Resolution Protocol) is, which is a protocol to convert IP addresses into physical addresses. There are two ways to map IP addresses to physical addresses: list and non-list. Specifically, ARP is to resolve the address of the network layer (IP layer, equivalent to the third layer of OSI) into the MAC address of the data connection layer (MAC layer, equivalent to the second layer of OSI). ARP principle: When a machine A wants to send a message to the host B, it will query the local ARP cache table and find the MAC address corresponding to B's IP address, then it will transmit data. If it is not found, broadcast an ARP request message of A (carrying the IP address IA- physical address Pa of host A), and request host B with IP address Ib to reply to the physical address Pb. All hosts (including B) on the Internet have received ARP requests, but only host B can recognize its IP address, so it sends back an ARP response message to host A ... which contains B's MAC address. After A receives B's reply, it will update the local ARP cache. Then use this MAC address to send data (MAC address is attached to the network card). Therefore, this ARP table of local cache is the basis of local network circulation, and this cache is dynamic. The ARP protocol does not just send an ARP request before receiving an ARP reply. When the computer receives the ARP reply packet, it will update the local ARP cache and store the IP and MAC addresses in the reply in the ARP cache. Therefore, when a machine B in the local area network sends a forged ARP reply to A, and if this reply is forged by B pretending to be C, that is, the IP address is C and the MAC address is forged, then when A receives B's forged ARP reply, it will update the local ARP cache, so that in A's view, C's IP address has not changed, and its MAC address is not the original one. Because the network flow of LAN is not based on IP address, but on MAC address. Therefore, the forged MAC address is changed to a non-existent MAC address on A, which will cause network congestion and make A unable to Ping C! This is a simple ARP spoofing. 2. This principle is used by network law enforcement personnel! In the network law enforcement personnel, if you want to restrict a machine from surfing the Internet, just click Permission in the "Network Card" menu, select the specified network card number or click the line where the network card is located in the user list, and select Permission in the right-click menu in the pop-up dialog box to restrict the user's permission. For unregistered network cards, Internet access can be restricted in this way: as long as all known users are set (registered), the default permission of network cards can be changed to prohibit Internet access to prevent all unknown network cards from accessing the Internet. Using these two functions can restrict users from surfing the Internet. The principle is to send a MAC corresponding to a fake gateway IP address to the attacked computer through ARP spoofing, so that it can't find the real MAC address of the gateway, thus prohibiting it from surfing the Internet. 3. Modify the MAC address to break through the blockade of network law enforcement personnel. In addition, the principle of network law enforcement officers is to send the MAC address corresponding to the fake gateway IP address to a computer through ARP deception, so that it cannot find the real MAC address of the gateway. Therefore, as long as we modify the mapping from IP to MAC, the ARP deception of network law enforcement personnel can be invalid, which breaks through its limitations. You can Ping the gateway in advance, then use ARP -a command to get the MAC address of the gateway, and finally use ARP -s IP network card MAC address command to map the IP address of the gateway with its MAC address. 4. Find someone who keeps you from surfing the Internet. After the blockade of network law enforcement personnel is lifted, we can scan the entire LAN IP segment with Arpkiller's "Sniffer Black Boy", and then find the computer in "mixed" mode, and then we can find the other party. The specific method is: run Arpkiller (Figure 2), then click "Sniffer Monitoring Tool", enter the start and end IP of detection in the "Sniffer Black Boy" window that appears (Figure 3), and click "Start Detection". After testing, if the corresponding IP is a green hat icon, it means that the IP is in normal mode; if it is a red hat, it means that the network card is in promiscuous mode. This is our goal. This guy is using the internet police to make trouble. I was in promiscuous mode when scanning, so I can't count myself in it! How to deal with each other after finding them is your business, for example, you can use network law enforcement officers to block each other! References:

/new/Publicforum/Content.asp? idWriter = 0 & ampKey = 0 & ampit & ampidArticle = 277484。 Sign =