Protocol Deep Dive: Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP) is essential for computer communication across the network. This course provides the in-depth knowledge needed to understand, improve, troubleshoot, and secure ARP-related communications in your network.
Course info
Level
Intermediate
Updated
Apr 3, 2018
Duration
4h 36m
Table of contents
Description
Course info
Level
Intermediate
Updated
Apr 3, 2018
Duration
4h 36m
Description

Address Resolution Protocol (ARP) is foundational for nearly all LAN communication. Because ARP and its variations are so widely relied upon, a deep understanding of ARP is necessary to support network communications, troubleshoot interoperability issues, and improve the efficiency of networks. Furthermore, it is critically important that you understand its nature so you can reduce and prevent related cyber threats. In this course, Protocol Deep Dive: Address Resolution Protocol (ARP), you will learn ARP from the ground up, including every part of Address Resolution Protocol messages, their functions and variations, and their security risks. First, you will learn how to capture ARP and use those captures to identify ARP messaging and troubleshoot ARP-related problems. Next, you will explore the details of every major ARP variation, learning how they apply to network communications. Finally, you will examine best practices and procedures you can apply to common LAN ARP-based attacks. By the end of this course, you will be able to clearly identify how ARP communications are used, when and how they might cause problems or security risks, and which solutions are appropriate in any given scenario.

About the author
About the author

Jim Rizzo is a network engineer, security leader, and security subject matter expert with more than twenty-five years of networking, security, healthcare IT, & IT training experience.

Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Jim Rizzo, and welcome to my course, Protocol Deep Dive: Address Resolution Protocol, or ARP. I am a network engineer with over 20 years of experience in networking, network security, and I have always loved protocol analysis. Address Resolution Protocol plays a fundamental role in network connectivity and comes in a wide variety and variations and applications. Having a deep understanding of ARP will allow you to better configure and troubleshoot many LAN and WAN connectivity issues. In this course, we're going to start with our fundamental operation. You will learn how both dynamic ARP and static ARP configurations work and affect connectivity in the network. Using various Linux, Windows, and Cisco systems, we will cover when and where ARP is likely to fail and how to correct the problems. Next, you will cover all the variations on ARP, including reverse ARP, inverse ARP, duplicate IP address detection, gratuitous ARP, and proxy ARP. Along the way, I'll show you where they might cause connectivity issues, how to identify them using Wireshark captures, and how to correct each situation. A section on ARP related security issues is where you'll see how broadcast storms are caused, how Mac flooding happens, and how spoofing and man-in-the-middle attacks work, and what security techniques can be applied to reduce these ARP based cyber threats. By the end of this course, you'll know exactly how ARP and all its variations work, how to capture ARP traffic to identify problems, and how to improve both the efficiency and security of your network. Before beginning the course, you should be familiar with IP addressing and Mac addressing. As well, you should have a basic understanding of computer communication on LANs and through default gateways over routed inner networks. Lastly, a basic understanding of Wireshark use and configuration will be helpful but is not necessary. I'll hope you'll join me on this journey to learn ARP with the Protocol Deep Dive: Address Resolution Protocol course, at Pluralsight.

Troubleshooting Common ARP Issues
Hello, and welcome to this Protocol Deep Dive on ARP. In this module, we will be covering some of the common problems in networks related to ARP and how ARP can be used in troubleshooting. This module will cover what happens when a machine is not on or is unreachable in the network and how ARP reacts, this will include a loss of the default-gateway router. Although this is not a failure of ARP, it is useful to see how ARP information can be used to assess the situation. Next, I will show you the cracks in the ARP protocol and processes where stale, dynamic, and static ARP cache entries cause problems. You will see how different operating system vendors implementations handle false dynamic cache entries, some well and others very poorly, then I will give you the options for the difficult ones. You will also see how static ARP cache entries lead to problems and what would be best practices for when and when not to use static entries. We will look next at common problems surrounding proxy ARP. This will include misconfigurations which create losses of connectivity, knowing when to use it and when not, and the overhead it can create in networks and systems. Lastly, I often find myself in the situation of not having detailed enough maps to LAN systems and I want you to see how to use ARP along with some basic network tools to save your time and solve a very common problem in networking, finding stations in a complex LAN.

Addressing ARP-related Security Risks
Hello, and welcome to this Protocol Deep Dive on ARP. In this module, we will be covering address resolution protocol security related issues. We will begin with ARP based denial of service, in particular, I will show how ARP broadcast storms can occur and what you can do to prevent or reduce their effects. As well, you will see how malicious ARP poisoning is used to blackhole legitimate data. Next, I will cover a related attack called switch CAM Table Flooding where the MAC address table is filled until the switch behaves like a hub, a serious privacy concern leading to losses of confidentiality and can be the starting point for other attacks like ARP spoofing or man-in-the-middle attacks. In this section, I will deconstruct how all these issues work and cover a variety of mitigation techniques along the way. These will include broadcast rate limiting using storm control, port security, 802. 1x authentication techniques, and DHCP snooping with dynamic ARP inspection.