What is ARP? & (How it Works)


What Is ARP (Address Resolution Protocol)

What is ARP: ARP is the Address Resolution Protocol which is used to convert IP Address into Mac Address. ARP packets are intercepted to send the data to the attacker’s machine. An attacker can exploit ARP poisoning in order to intercept or perform sniffing attack in a network. When the switch is flooded using mac flooding the ARP tables can be spoofed, due to flooding the switch is in the forward mode so that sniffing can be performed easily.

 

ARP POISONING STEPS

 

  • 1. User A will sends Arp request to the switch asking about the IP address.
    The query of IP address is processed by a switch. Forex. The IP address is 42.45.56.45

 

  • 2. Now user Bi Paving the same IP address will reply to the switch with its mac address.
    Forex. mac address is x:y:Z:a:b. Now here is the role of the attacker.

 

What is ARP

 

  • 3. The attacker will eavesdrop on the arp request and will spoof the mac address of the target
    and sends its mac address to the user A which is a:b:c:y:z.

 

  • 4. now all the information or the queries of the IP address 42.45.56.45 will send to the attacker
    machine.

 

Passive Sniffing:

In the passive sniffing, The sniffing is done through HUB. An attacker directly gets connected to the hub and starts sniffing. As the attacker is directly connected to the hub, it is difficult to detect the sniffing and there are less chances of being caught, Passive sniffing is quite easy as compared to the active sniffing.
In the passive sniffing, hub acts as an intermediate The packets, are intercepted easily and analysis process became Smooth.

MAC Flooding:

Mac flooding is the technique used for flooding the SWITCH by sending a huge amount of requests The switch gets flooded by a huge number of mac requests A switch contains limited memory to map the,, mac address on the physical ports. By sending the numerous amount of request the limited gets over. In the process, the switch is bombed with fake mac addresses resulting in the flooding of a switch. Once the switch is getting flooded, now it acts as a hub because of the flooding switch messed up. Now, due to the behavior is shown by the switch is like a hub, packets are transferred to all the devices on the network and hence the attacker can easily perform the sniffing.

Passive Sniffing:

In the passive sniffing, sniffing is done through HUB. An attacker directly gets connected to the hub and starts sniffing. As the attacker is directly connected to the hub, it is difficult to detect the sniffing and there are fewer chances of being caught, Passive sniffing is quite easy as compared to the active sniffing.-,
In the passive sniffing, hub acts as an intermediate The packets, are intercepted easily and analysis process became Smooth.

MAC Flooding:

Mac flooding is a technique used for flooding the SWITCH by sending a huge amount of requests The switch gets flooded by the huge number of mac requests A switch contains limited memory to map the mac address on the physical ports. By sending the numerous amount of request the limited gets over. In the process, the switch is bombed with fake mac addresses resulting in the flooding of the switch. Once the switch is getting flooded, now it acts as a hub because of the flooding switch messed up. Now, due to behavior is shown by the switch is like a hub, packets are transferred to all the devices on the network and hence the attacker can easily perform the sniffing.

Macof:

Macof is one of the powerful tools used for MAC Flooding. Macof is pre-installed with Kali Linux. It simply floods the local random mac address resulting into a failure of the switch to Sniffing, Packet Analysis & Session Hijacking.

Using Macof :

  •  Open ‘the terminal into Kali Linux.
  • ‘Type “macof I?” tO open the help screen of the macof tool.
  •  Syntax for flooding is macof [-i interface] [-s source] [-d destination] [-e tha] [-x sport] [-y dport] [-n times].
  • The attacker can simply change the syntax according to his needs.

ARP Spoofing:

ARP is the Address Resolution Protocol which is used to convert IP address into mac address Arp packets are intercepted to send the data to attacker’s machine -Working of ARP is discussed in the previous chapters An attacker can exploit arp poisoning in order to intercept or perform sniffing attack in a network When the switch is flooded using mac flooding the arp tables can be spoofed, due to flooding the switch is in forwarding mode so that sniffing can be performed easily.

The tool used for ARP Poisoning

Cain and Able:

Generally Cain and able, ettercap, etc. are used for arp
poisoning in this chapter, Cain and able is discussed.
Cain and Able is a powerful password recovery tool which is also used for sniffing and various purposes.it allows passwords recovery using brute force, sniffing, dictionary attacks and by various methods.
It takes advantages of weakness to pretend in a particular protocol authentication mechanism.

Some important features of Cain & able

  • MS-CACHE hash dictionary attacker and brute force cracker.
  • Offline processing of the captured file.
  • SIP-MD5 hash dictionary attacker and brute force cracker.

 

What is ARP

 

Thank a lot for visiting Our Blog Post. You can Visit our Website for additional information Technicalhunk

You can also reach out to me at Facebook

You can also visit Wikipedia for additional information, seo.com, Techopedia.com.

Saksham Tiwari
Hello, My Name is Saksham Tiwari and I am currently Working on SEO and my Passion is in Hacking & Information Technology and also carrying out with my Studies.
loading...