Breaking down the ARP header fields

Within an ARP header, there are several values that provide information on the ARP transaction, as outlined in the following list:

  • Hardware type: This lists the type of connection for the session. In frame 1, the hardware type is listed as Ethernet (1), which is common in today's networks. However, there are other types, such as IPsec tunnel (31) and Fiber Channel (18), as shown in the list found at https://www.iana.org/assignments/arp-parameters/arp-parameters.xhtml#arp-parameters-2.
  • Protocol type: This lists the internetworking protocol in use for the session. In frame 1, the protocol type is listed as IPv4 0x0800, which is standard on today's networks.
  • Hardware size: The number of bytes of a hardware address. Frame 1: ARP request lists Hardware size: 6. A MAC address is 6 bytes or 48 bits, which is a standard MAC address length.
  • Protocol size: This lists the bytes in the IP address. Frame 1 lists Protocol size: 4. An IPv4 address is 4 bytes or 32 bits, which is the length of an IPv4 address.
  • Opcode: This lists what operation the sender is executing. Although there are many, as listed at https://www.iana.org/assignments/arp-parameters/arp-parameters.xhtml#arp-parameters-1, the opcode is most likely request (1), as shown in the Frame 1: ARP request screenshot, or reply (2), as shown in the Frame 2: ARP reply screenshot.
  • Sender MAC address: Frame 1 lists the sender MAC address as 00:15:5d:0f:49:18, which is the MAC address of the host sending the request.
  • Sender IP address: This is the network address of the sender. Frame 1 lists 172.16.2.3 as the sender's IP address.
  • Target MAC address: This is the MAC address of the target. In frame 1, which is an ARP request, the target MAC is listed as all zeros, or 00:00:00:00:00:00. There is no MAC address listed because the target MAC address is unknown.
  • Target IP address: This is the network address of the target. Frame 1 lists Target IP address: 172.16.2.27.

Now that we can see the header and fields in a standard ARP header, let's take a look at some other types of ARP you might encounter during an analysis.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.117.137.64