23/4/12 www.visualland.net 1

ARP BasicARP tutorial with pictures -1

www.visualland.net

Watch animation to learn networking.• Visualize how ARP translates IP address into MAC. Watch interactions between ARP Request, ARP Reply, and ARP cache.• This pictured tutorial takes screenshots from ARP Basic Animation.• OK to republish this slide. Please use hyperlink to point to its source.

23/4/12 www.visualland.net 2

ARP animations

1. ARP basic - update For behinners. Observing basic ip-mac binding interactions (ARP Request, ARP reply, ARP cache, ping encapsulation, ping command.)

2. ARP basic - no update Same as above. But the node receiving ARP Request does not update its ARP cache. (It's a vendor decision whether to update ARP cache

when receiving RAP request).3. ARP hub Three hosts are connected to a hub. Run ping to observe how ARP

frames and ping packets are being flooded by hub.4. ARP switch Three hosts are connected to a switch. Run ping to observe ARP

frames are being flooded and switched by the switch.5. ARP router gateway (Lab) Visualize how ARP discovers a MAC in a different subnet when

hosts are connected to a router and the router is the default gateway.6. ARP router proxy (Lab) Visualize how ARP discovers a MAC in a different subnet when

hosts are connected to the same router but have no default gateway.7. ARP spoofing (Theory) Visualize how a hacker can listen and corrupt IP-MAC bindings in

other's ARP caches, and kidnap data. 8. ARP spoofing (Lab) Same as above. The animation data is captured from a simulation

Lab (dynamips). Timing is realistic.

23/4/12 www.visualland.net 3

Overview ： ARP Basics Animation Link

Goal: Visualize ARP activities of MAC lookup and interactions of ARP request, ARP reply, ARP cache 、 Ping command line.Topology: Two hosts H1, H2 are directly connected. There IP-MAC addresses are (IP.H1, MAC.H1), (IP.H2, MAC.H2) respectively.Steps: 1) H1 ping H2 fails due to ARP miss. H1 sends ARP Request to find out H2's MAC. 2) H2 responds ARP Reply with its MAC to H1. 3) H1 ping H2 again and succeeds.

23/4/12 www.visualland.net 4

H1 ping H2: ARP miss

H1 ping H2. Ping prints its command message in H1's command window.To create Ping packet, H1 needs to know H2's MAC. But ARP cache does not have H2's MAC. Therefore, H1 is unable to send ping out. This is called ARP miss. It's a common cause of packet loss.

23/4/12 www.visualland.net 5

H1 sends ARP request

To find H2's MAC, H1 sends ARP Request and adds an entry (IP.H2, Incomplete) in ARP cache. It says: I'm looking for H2's MAC.ARP Request header includes a few parameters: sender IP is H1's IP, sender mac is H1's MAC, target IP is H2's IP, target mac is 0. (You may click ARP Request to see its headers).

23/4/12 www.visualland.net 6

H2 responds ARP reply

After receiving ARP request, H2 adds H1's address to its ARP cache as (IP.H1, MAC.H2).Then H2 checks ARP Request's protocol header and learns that this query is for itself. H2 responds and sends ARP Reply to H1. (Click ARP Reply to see its protocol header)

23/4/12 www.visualland.net 7

H1 recevies ARP reply

When receiving ARP Reply, H1 updates its ARP cache and changes the entry (IP.H2, Incomplete) to (IP.H2, Mac.H2).

23/4/12 www.visualland.net 8

H1 ping H2 again

Now the first ping timeout. Ping prints a "." in the H1 command window to indicate a timeout.Then H1 sends next ping.No ARP miss this time. Ping does find H2's MAC in ARP cache.

23/4/12 www.visualland.net 9

H2 echo H1

When receiving ping, H2 sends an Echo to respond.H2 is able to find H1's MAC in ARP cache. No ARP miss for sending Echo.

23/4/12 www.visualland.net 10

H1 receives echo

After receiving Echo, H1 prints a "!" to indicate ping success.

23/4/12 www.visualland.net 11

FAQ1. What is ARP?

2. Why ARP?

3. What is ARP cache?

4. What are ARP commands?

5. How is ARP related to encapsulation?（ answers in the Comments box ）

23/4/12 www.visualland.net 12

What is Vlabvisualland.net

• VLAB: Virtual Lab– Theory: Visualize key points of network protocols to help

beginners grasp the basic ideas quickly.– Lab: Visualize network activities with packets and router

states captured from network simulators (dynamips, packet tracer, and ns2.

– Interactively control animation: packet headers, protocol state tables.

• Vlab usage– Self learning, teaching aids, lab book.