We know that on a Local Area Network (LAN), we use a physical address or MAC address. When a packet is delivered from a website back to you on the LAN, how does the device find you when the packet only has an Internet Protocol (IP) address as an address? That is the responsibility of the Address Resolution Protocol (ARP), which resolves an IP address to a MAC address so that your packet gets delivered.
In this chapter, we'll learn how ARP works and why it is an important protocol in ensuring the timely delivery of data. We'll then take a closer look at ARP headers and fields in Wireshark. We'll examine the different types of ARP you may encounter while doing analysis, including gratuitous, reverse, inverse, and proxy. Finally, so that you are aware that ARP may be used in a malicious way, we'll discuss ARP attacks and possible ways to defend against these types of threats.
This chapter will cover the following:
- Understanding the role and purpose of ARP
- Exploring ARP headers and fields
- Examining the different types of ARP
- Analyzing ARP attacks along with some defense methods