1
00:00:00,240 --> 00:00:07,440
‫Address resolution protocol, AAP is a network layer protocol used for mapping a network address, such

2
00:00:07,440 --> 00:00:12,060
‫as an IPv4 address to a physical address, such as a Mac address.

3
00:00:13,100 --> 00:00:20,750
‫To simulate how the AARP mechanism works, we have a small network in the slide, a switch on top and

4
00:00:20,750 --> 00:00:25,100
‫three computers connected to it Computer A wants to talk to computers see.

5
00:00:26,730 --> 00:00:30,690
‫It puts an AAP request onto the wire, which happens to be broadcast.

6
00:00:31,590 --> 00:00:35,880
‫Essentially, what it's saying is who has computer seized Mac address?

7
00:00:37,080 --> 00:00:41,250
‫Of course, because it's a broadcast, every system on the network hears it.

8
00:00:42,230 --> 00:00:43,400
‫Does everybody respond?

9
00:00:44,120 --> 00:00:49,670
‫Well, what happens is that be here is that a is looking for the Mac address of computers, see?

10
00:00:51,020 --> 00:00:56,690
‫B knows that it's not Computer C and therefore does not respond to the broadcast.

11
00:00:57,820 --> 00:01:05,380
‫The broadcast, the AAP request goes out to every system, but the only system that will reply is computer

12
00:01:05,380 --> 00:01:07,480
‫see with an AAP reply.

13
00:01:08,520 --> 00:01:14,670
‫In other words, Computer says who has the Mac address of computer C. And although all the workstations

14
00:01:14,670 --> 00:01:20,250
‫here, the question only C replies and says, I've got the Mac address of Computer C..

15
00:01:20,550 --> 00:01:22,050
‫And this is what it is.

16
00:01:22,770 --> 00:01:23,310
‫So they are.

17
00:01:23,370 --> 00:01:26,370
‫Reply sends back the Mac, address the computer a.

18
00:01:27,270 --> 00:01:31,170
‫And each of these machines start building and our table.

19
00:01:31,680 --> 00:01:33,090
‫So what is the ARP table?

20
00:01:34,230 --> 00:01:39,000
‫Since computers cannot send broadcast messages every time they need to connect with another network

21
00:01:39,000 --> 00:01:44,790
‫device, they store the IP addresses and the corresponding Mac addresses of systems they frequently

22
00:01:44,790 --> 00:01:48,090
‫communicate with in a table called Arp Table.

23
00:01:48,480 --> 00:01:50,760
‫All the systems in the LAN maintain this table.

24
00:01:51,880 --> 00:01:57,340
‫The entries in the ARB cash table are generally short lived and are updated every 15 to 20 minutes.

25
00:01:58,100 --> 00:01:59,230
‫Now let's get back to our topic.

26
00:01:59,500 --> 00:02:05,680
‫Can we say that one of the passive scan methods is just looking into the ARP table of a system, which

27
00:02:05,680 --> 00:02:07,240
‫is a network that we are scanning?

28
00:02:07,630 --> 00:02:08,740
‫Well, sure we can.

29
00:02:09,580 --> 00:02:16,360
‫Inside an RV table, we see the IP addresses of some of the systems of the network and their corresponding

30
00:02:16,360 --> 00:02:17,260
‫Mac addresses.

31
00:02:18,070 --> 00:02:20,860
‫Let's see the ARP tables in three different platforms.

32
00:02:21,460 --> 00:02:24,730
‫Mac OS, Windows and Debian Linux.

33
00:02:25,720 --> 00:02:32,470
‫We are in a Mac OS operating system, first open the terminal first type terminal in the search box

34
00:02:32,470 --> 00:02:36,220
‫of the applications window, which brings you the terminal application.

35
00:02:36,670 --> 00:02:41,920
‫Typing Arp and hitting enter shows a small help for ARP command.

36
00:02:43,170 --> 00:02:50,670
‫If you want to see detailed help about the AAP command, you can use man command type M.E.N: R.P. and

37
00:02:50,670 --> 00:02:51,210
‫hit enter.

38
00:02:51,450 --> 00:02:52,560
‫You'll get detailed help.

39
00:02:54,130 --> 00:02:59,320
‫A parameter is used to display all current ARP table entries, but hold on.

40
00:02:59,560 --> 00:03:02,950
‫It says A is used to delete all entries as well.

41
00:03:03,220 --> 00:03:04,210
‫How can that be?

42
00:03:04,780 --> 00:03:09,520
‫Well, to delete an ARP table entry, you use D parameter.

43
00:03:10,330 --> 00:03:16,090
‫If you use this parameter with a parameter, you are able to delete all entries of ARP tables.

44
00:03:16,660 --> 00:03:20,050
‫I parameter is used to see the entries of a single interface.

45
00:03:20,890 --> 00:03:26,050
‫By default, ARP Command tries to show the display addresses symbolically.

46
00:03:27,150 --> 00:03:33,000
‫To see the IP addresses instead of display names of the systems you have to use and parameter.

47
00:03:34,030 --> 00:03:36,430
‫Which means do not resolve names.

48
00:03:37,650 --> 00:03:37,950
‫OK.

49
00:03:37,980 --> 00:03:45,930
‫Press cue to quit the man page of the art command now type LP Dash and to see all the entries of the

50
00:03:45,930 --> 00:03:46,530
‫ARP table.

51
00:03:47,610 --> 00:03:54,150
‫Since macOS is a BSD based operating system, the results of the ARP command is displayed in BSD style.

52
00:03:55,230 --> 00:03:57,990
‫Saga Machine is a Microsoft Windows eight.

53
00:03:59,110 --> 00:04:00,880
‫Let's open a command prompt first.

54
00:04:01,330 --> 00:04:04,870
‫I have a shortcut on my status bar, so I click it to start a command prompt.

55
00:04:05,950 --> 00:04:10,510
‫Alternatively, press windows plus are buttons open the dialog box.

56
00:04:10,780 --> 00:04:12,670
‫Run Command and hit enter.

57
00:04:13,860 --> 00:04:18,360
‫If you type in a Windows system, the help page of ARP command is displayed.

58
00:04:19,540 --> 00:04:27,400
‫Type AAP Dash A to see the entries of the ARP table, in my opinion, this display is more, I don't

59
00:04:27,400 --> 00:04:30,490
‫know, human readable than BSD style.

60
00:04:31,430 --> 00:04:35,540
‫Now, although we're not interested in these at the moment, I would like to talk a little about the

61
00:04:35,540 --> 00:04:40,010
‫IP addresses that start with 224 to calm your curiosity.

62
00:04:41,210 --> 00:04:49,220
‫Two two four zero zero two two is the multicast address for Internet Group Management Protocol two two

63
00:04:49,250 --> 00:04:58,070
‫four zero zero two five two is used by recent versions of Windows for Link Local Multicast Name Resolution

64
00:04:58,700 --> 00:05:02,900
‫L-l and are searching for local network computers.

65
00:05:03,830 --> 00:05:08,630
‫The third machine is Our Colleague, which is a Debian based Linux operating system.

66
00:05:09,470 --> 00:05:13,940
‫Open the terminal window if you type ERP and hit.

67
00:05:13,940 --> 00:05:15,620
‫Enter the ARP table.

68
00:05:15,620 --> 00:05:19,130
‫Entries are displayed in a human readable format.

69
00:05:19,850 --> 00:05:28,730
‫As you see, systems are listed with a known domain name such as UWW Dot, OWASP, BW, Wacom by default.

70
00:05:29,610 --> 00:05:37,890
‫AARP Dash H brings you a small help page if you want a detailed help page type men space.

71
00:05:38,310 --> 00:05:38,700
‫AAP.

72
00:05:41,310 --> 00:05:48,390
‫In a Debian based Linux system, Dash eight parameter of Arp command is used to see the entries in BSD

73
00:05:48,390 --> 00:05:50,420
‫format, which we saw in Mac OS.

74
00:05:51,030 --> 00:05:54,630
‫Dash is again to see the entries of a single interface.

75
00:05:55,350 --> 00:05:57,540
‫OK, press Q to quit the man page.

76
00:05:58,230 --> 00:06:07,710
‫AARP Dash A displays are table entries in BSD format and use any parameter to see the IP addresses instead

77
00:06:07,710 --> 00:06:09,240
‫of domain names of the system's.