Tag Archives: address resolution protocol

Hacking ARP(Address Resolution Protocol)

What is ARP?

ARP i.e Address Resolution Protocol is a lower level(in TCP/IP stack)protocol which is used to convert IP address to MAC(Media Access Control) address.IP addresses are dynamic(In general) but mac addresses ,a link layer address, are almost static as they are allocated by the NIC(Network Interface Card) manufacturer.Hence ARP is used to associates a relation between these IP addresses with static hardware address(MAC).

How The ARP works?

Whenever a router or switch or computer recieves a data packet with the destination IP address,then the device uses its ARP table to to look up the corresponding MAC address.Suppose,if the packet’s IP address does not have a corresponding MAC address in the ARP table,then the device will send an ARP broadcast request on that local network to find out the MAC address for the IP address.At this point,the computer which owns the IP address will take an appropriate response(or simply ARP reply) to the arp broadcast request packets.When the device,that sent the arp broadcast request request,gets the responsse then it stores that mac address to IP address in its cache memory.Now if the another packets arrives there for the same IP then it sends it to the mac address(just cached),without repeating the arp broadcast request and arp-replay process again.

How to hack ARP/Abuse ARP/Poison ARP

In this process the main critical point is that there is no authantication mechanism used here to verify that whether the ARP reply is coming fr-o-m the same computer that owns the IP address, or not.Using this loophole in the arp mechanism,it can be hacked easily if attacker sends fake request to abuse the device.Another problem is that suppose a computer sends an ARP reply without any broadcast request then it caches this mac to IP address for the future use.Hence arp can be hacked or attacked or abused in two ways –
1.First Method : In this method the hacker first listen for the arp broadcast requests and takes appropriate responses with their MAC address.This method is not so usefull and efficient due to the reason that the hacker has not only to wait for the victims arp broadcast request but also to send the replay before the true host reply.
2.Second Method : The second method to poison the network is to send arp reply to target device,so the target device will update its IP-MAC table in cache memory with the recieved mac address.Hence this method is simple and more effective than the first one.