1
00:00:00,780 --> 00:00:08,190
ARP address resolution protocol is a very important concept to understand since it can be used as an

2
00:00:08,190 --> 00:00:13,610
attack vector when an endpoint needs to send data on a network.

3
00:00:13,720 --> 00:00:21,690
It needs to have both IP address and MAC address information for its destination the destination IP

4
00:00:21,690 --> 00:00:30,060
address is always known for building IP packets but destination MAC addresses are not known by default.

5
00:00:32,970 --> 00:00:40,770
To encapsulate an IP packet and an Ethernet frame we must have MAC address information to find out what

6
00:00:40,770 --> 00:00:43,530
the MAC address is of a destination.

7
00:00:43,530 --> 00:00:51,010
Arp is used endpoints on broadcast frames onto the LAN with ARB request information.

8
00:00:51,060 --> 00:00:57,040
These broadcasts are seen by all hosts on the same LAN as the source host.

9
00:00:57,060 --> 00:01:05,500
Now our request asks for hosts with the requested IP address to respond with their MAC address.

10
00:01:05,610 --> 00:01:11,090
So if the computer in this diagram wanted to send data to the router it would first now and our requests

11
00:01:11,090 --> 00:01:18,610
saying hey whoever receives this broadcast and has that theater outs turned out $1.10 one then reply

12
00:01:18,630 --> 00:01:21,240
to my R.P. quests with your MAC address.

13
00:01:21,240 --> 00:01:28,290
So once the router gets this broadcast address it would then respond with an ARP reply with its MAC

14
00:01:28,290 --> 00:01:37,850
address information to populate the ARP table entry for the computer so you can see Arp in action.

15
00:01:37,850 --> 00:01:44,270
I'm going to run wireshark in the background with it filter to only capture RPE quests and then I'm

16
00:01:44,270 --> 00:01:51,420
going to try to ping a IP address on my land that I know I don't have an RPG for.

17
00:01:51,670 --> 00:01:55,870
You'll see as soon as they hit this ping the first thing my computer is going to do is send out on our

18
00:01:55,870 --> 00:01:58,210
request for its MAC address.

19
00:02:01,560 --> 00:02:10,230
So you can see that as soon as I hit ping we saw the ARP request go out asking for buffer has IP address

20
00:02:10,240 --> 00:02:18,300
10.0 would a loving not 22 tell my IP address 10.0 down of love and love in your addresses.

21
00:02:18,530 --> 00:02:28,060
And here's what the actual ARP data looks like for the art request it as my source mac address my source

22
00:02:28,060 --> 00:02:33,610
IP address target IP address and of course the target MAC address isn't filled out because that's what

23
00:02:33,610 --> 00:02:35,040
we're trying to figure out.

24
00:02:36,160 --> 00:02:43,960
In our reply here we see that our destination host responded inside the IP address 10.0 it of love not

25
00:02:43,960 --> 00:02:44,520
22.

26
00:02:44,520 --> 00:02:46,820
Is at this MAC address.

27
00:02:46,990 --> 00:02:52,570
So here's the ARP reply with the MAC address that we were looking for so we could finish building are

28
00:02:52,880 --> 00:02:53,830
used or not frame.