In my previous post on ARP, we have learned some basic about the ARP protocol. Let's look more detail into the ARP request packet in this post.
When the MAC address for a next hop device is not found in the local ARP cache, a broadcast is sent out on the network, with a special format called the ARP request. The following diagram shows an example of an ARP request packet captured using Wireshark.
As shown in the diagram, the ARP packet is contained directly in an Ethernet packet and does not have an IP header. On Ethernet networks, these packets use an EtherType of 0x0806 as indicated in the Packet Details Pane of Wireshark.
As Ethernet protocol specification only assigns a single type value to ARP, an Ethernet frame that contains an ARP request or ARP response message will have the same type indicated. As such, the receiver must examine the Opcode field in the ARP packet to determine whether it is a ARP request or ARP response message.
ARP request is sent to the destination broadcast MAC address of ff:ff:ff:ff:ff:ff asking "Who has 202.156.206.58? Tell 202.156.200.1". When the Ethernet layer sees this address, it will pass the packet up the protocol stack, even though its MAC address does not match this address. However, once it reach the network layer, computer with a different IP address will simply drop this packet, while the one that has it will identify itself and sends an ARP reply message back to the Sender host.
As shown also in the diagram, the computer at 202.156.200.1 (Sender) needs to communicate with the computer at 202.156.206.58 (Target), but does not know its MAC address. As such, in an ARP request diagram, the Sender MAC and IP addresses are indicated. The IP address for target device is also indicated. However the target MAC address is filled as 00:00:00:00:00:00 This address will be filled by the Target host and send back to the Sender as a ARP reply datagram.
No comments:
Post a Comment