{"id":780,"date":"2008-05-05T11:43:00","date_gmt":"2008-05-05T03:43:00","guid":{"rendered":"http:\/\/note.systw.net\/note\/?p=780"},"modified":"2023-11-05T11:54:37","modified_gmt":"2023-11-05T03:54:37","slug":"arp-rarp","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/780","title":{"rendered":"ARP\/RARP"},"content":{"rendered":"\n

ARP(Address Resolution Protocol,\u4f4d\u7f6e\u89e3\u6790\u5354\u5b9a)
\u53ef\u53c3\u8003RFC-826,RFC-814,RFC-1166
TCP\/IP\u8a2d\u8a08\u8005\u7528\u4e59\u592a\u7db2\u5ee3\u64ad\u6027\u8cea\ufe50\u8a2d\u8a08\u51fa\u4f86\u7684\u4f4d\u5740\u89e3\u91cb\u5354\u5b9a
\u5728ethernet frame\u7684type\u6b04\u7684\u503c\u70ba0x0806\u8868arp
\u7528\u9014:\u7528ip\u4f4d\u5740\u627e\u76f8\u5c0d\u61c9\u7684mac\u4f4d\u5740<\/p>\n\n\n\n

\u505a\u6cd5:<\/strong>
\u4ee5\u67e5\u8a62\u65b9\u5f0f\u7372\u5f97IP\u4f4d\u5740\u548c\u5be6\u9ad4\u4f4d\u5740\u7684\u52d5\u614b\u5c0d\u61c9
\u5982\u4e0b
1\u6bcf\u53f0\u4e3b\u6a5f\u5728ARP Cache(\u5feb\u53d6\u7de9\u885d\u5340)\u5efa\u7acbARP\u8868\u8a18\u9304\u52d5\u614b\u5c0d\u61c9(\u8cc7\u6599\u6703\u6839\u64da\u81ea\u8eab\u5b58\u6d3b\u6642\u9593\u905e\u6e1b\u800c\u6d88\u5931)
2\u9001\u5c01\u5305\u6642\u6aa2\u67e5ARP\u8868\u6709\u7121\u5c0d\u61c9,\u6709\u5247\u4ee5\u6b64mac\u4f4d\u5740\u50b3,\u7121\u5247\u7528ARP Request\u5ee3\u64ad\u5c01\u5305(\u767c\u9001\u7aefIP\u4f4d\u5740\u548c\u5be6\u9ad4\u4f4d\u5740)\u67e5\u76ee\u7684\u4e3b\u6a5f\u5be6\u9ad4\u4f4d\u5740
ps:\u82e5\u5febtimeout\u6642\u53ef\u80fd\u6703\u4ee5unicast\u50b3\u9001
3\u5168\u7db2\u4e3b\u6a5f\u6536\u5230\u5c01\u5305\u5f8c\u6aa2\u67e5IP\u6b04\u662f\u5426\u548c\u81ea\u5df1\u540c,\u662f\u5247\u66f4\u65b0ARP\u8868(\u767c\u9001\u7aef\u5be6\u9ad4\u4f4d\u5740\u548cIP\u8cc7\u6599),\u4e26\u56de\u542b\u81ea\u5df1\u5be6\u9ad4\u4f4d\u5740\u7684ARP Reply\u5c01\u5305
4\u767c\u9001\u7aef\u63a5\u5230ARP Reply\u5f8c\u66f4\u65b0\u81ea\u5df1ARP\u8868,\u82e5\u7121\u5247\u5931\u6557
ps:\u8cc7\u6599\u5728\u5012\u6578\u6642\u9593\u5230\u9054\u524d\u88ab\u7528\u904e,\u5247\u8a08\u6642\u503c\u88ab\u91cd\u65b0\u8ce6\u4e88

ARP table <\/strong>
\u5305\u542b\u9023\u63a5\u81f3\u76f8\u540clan\u4e0a\u5176\u4ed6\u88dd\u7f6e\u7684mac\u4f4d\u5740\u8207ip\u4f4d\u5740
\u6703\u5c07ip\u4f4d\u5740\u5c0d\u61c9\u5230\u76f8\u5c0d\u61c9\u7684mac\u4f4d\u5740
\u5132\u5b58\u5728ram\u4e2d,\u4e26\u53ef\u81ea\u52d5\u7dad\u8b77
\u7db2\u8def\u4e0a\u7684\u6bcf\u53f0\u96fb\u8166\u90fd\u6709\u81ea\u5df1\u7684arp\u8868
\u7576\u7db2\u8def\u88dd\u7f6e\u900f\u904e\u7db2\u8def\u50b3\u905e\u8cc7\u6599\u6642,\u4fbf\u662f\u4f7f\u7528arp\u8868\u4e2d\u6240\u63d0\u4f9b\u7684\u8cc7\u6599<\/p>\n\n\n\n

… <\/p>\n\n\n\n

RARP(\u53cd\u5411\u4f4d\u7f6e\u89e3\u6790\u5354\u5b9a)<\/strong>
\u53ef\u53c3\u8003RFC-903,RFC-906,RFC-1293
\u7528\u9014:\u85c9\u7531mac\u4f4d\u7f6e\u627e\u81ea\u5df1IP
\u505a\u6cd5
1\u67e5\u8a62\u4e3b\u6a5f\u5411\u7db2\u8def\u9001\u51faRARP Request\u5ee3\u64ad\u5c01\u5305\ufe50\u5411\u5176\u4ed6\u4e3b\u6a5f\u67e5\u8a62\u81ea\u5df1\u7684 IP
2RARP\u4f3a\u670d\u5668(\u53ef\u80fd\u591a\u53f0)\u7528RARP Reply\u5c01\u5305\u56de\u61c9\u7d66\u67e5\u8a62(\u767c\u9001\u7aef\u7684IP\u4f4d\u5740)
RARP\u56de\u61c9\u554f\u984c
\u65b9\u6cd51
\u6bcf\u500b\u505aRARP\u8acb\u6c42\u7684\u4e3b\u6a5f\u914d1\u4e3b\u4f3a\u670d\u5668(\u505a\u56de\u61c9\u7528)
\u82e5\u4e3b\u4f3a\u670d\u5668\u7121\u6cd5\u56de\u61c9,\u5247\u975e\u4e3b\u4f3a\u670d\u5668\u77ed\u6642\u9593\u6536\u52302\u6b21\u76f8\u540c\u8acb\u6c42\u5247\u56de\u61c9
\u65b9\u6cd52
\u907f\u514d\u540c\u6642\u50b3\u56deRARP\u56de\u61c9,\u975e\u4e3b\u4f3a\u670d\u5668\u96a8\u6a5f\u7b49\u5f85\u4e00\u6bb5\u6642\u9593\u518d\u56de\u61c9
\u82e5\u4e3b\u4f3a\u670d\u5668\u7121\u6cd5\u56de\u61c9,\u67e5\u8a62\u4e3b\u6a5f\u5ef6\u9072\u4e00\u6bb5\u6642\u9593\u7b49\u975e\u4e3b\u4f3a\u670d\u5668\u7684\u56de\u61c9,\u82e5\u7121\u5728\u7b2c\u4e8c\u6b21\u8acb\u6c42

PROXY ARP<\/strong>
\u5728\u8def\u7531\u5668\u4e0a\u4ee3\u70ba\u56de\u7b54\u5b83\u67d0\u7db2\u8def\u4e3b\u6a5fARP\u8acb\u6c42
\u975e\u5354\u5b9a\u800c\u662f\u4e00\u7a2e\u670d\u52d9
\u539f\u56e0\uff1a\u672c\u5730\u4e3b\u6a5f\u5ee3\u64ad\u5c01\u5305\u7121\u6cd5\u5230\u9054\u9060\u7aef
\u505a\u6cd5\uff1a\u672c\u5730\u4e3b\u6a5f\u5c07\u5c01\u5305\u9001\u7d66\u64a5\u63a5\u4f3a\u670d\u5668\ufe50\u4f3a\u670d\u5668\u5c07\u5c01\u5305\u50b3\u7d66\u9060\u7aef\u4e3b\u6a5f
\u7f3a\u9ede\uff1a\u589e\u52a0\u7db2\u6bb5\u4e0a\u7684\u4ea4\u901a\u91cf,\u4e14arp\u8868\u6703\u6bd4\u5e73\u5e38\u7684\u5927\u4ee5\u8655\u7406\u6240\u6709\u7684ip-mac\u4f4d\u5740\u8f49\u63db
\u5176\u4ed6\u529f\u80fd\uff1a\u5c07\u8def\u7531\u5668\u6240\u9023\u5169\u7aef\u5be6\u9ad4\u7db2\u8def\u76f8\u4e92\u96b1\u85cf,\u8b93\u5169\u7db2\u8def\u80fd\u7528\u540c\u4e00\u500b\u7db2\u8def\u8b58\u5225\u78bc<\/p>\n\n\n\n



ARP \u548c RARP \u4e4b\u5c01\u5305\u683c\u5f0f
<\/strong>size=28byte
HARDWARE TYPE(\u7db2\u5361\u7a2e\u985e)2byte,1\u8868\u4e59\u592a\u7db2
PROTOCOL TYPE(\u9ad8\u968e\u7db2\u8def\u5354\u5b9a\u4f4d\u5740\u7a2e\u985e)2byte,0x0800\u8868IP\u683c\u5f0f,0x8137\u8868IPX,0x0600\u8868XNS
HLEN(\u786c\u9ad4\u4f4d\u5740\u9577\u5ea6)1byte ,\u4e59\u592a\u7db2\u70ba6byte,
PLEN(\u7db2\u8def\u5354\u5b9a\u4f4d\u5740\u9577\u5ea6)1byte,IP\u5354\u5b9a\u4f4d\u5740\u70ba4byte
OPERATION(\u5c01\u5305\u985e\u5225)2byte,\u6578\u503c\u5982\u4e0b:
\u30001,ARP Request
\u30002,ARP Reply
\u30003,RARP Request
\u30004,RARP Reply
\u30005,\u52d5\u614bRARP request
\u30006,\u52d5\u614bRARP reply
\u30007,\u52d5\u614bRARP error
\u30008,lnARP request
\u30009,lnARP reply
SENDER HA(\u767c\u9001\u7aef\u786c\u9ad4\u4f4d\u5740)\u4e59\u592a\u7db2\u662f6byte
SENDER IP(\u767c\u9001\u7aefIP\u4f4d\u5740)IP\u4f4d\u5740\u662f4byte
TARGET HA(\u76ee\u7684\u7aef\u786c\u9ad4\u4f4d\u5740)6byte
TARGET IP(\u76ee\u7684\u7aefIP\u4f4d\u5740)4byte<\/p>\n\n\n\n

…………………<\/p>\n\n\n\n

ARP spoofing(\u6b3a\u9a19)<\/strong>
\u6216\u7a31arp\u653b\u64ca
\u539f\u7406:\u85c9\u7531\u767c\u51faarp request\u6216arp reply\u4f86\u64fe\u4e82\u6216\u7ac4\u6539\u67d0\u8a2d\u5099\u5167ARP\u8868,\u800c\u5c0e\u81f4\u8a72\u8a2d\u5099\u767c\u51fa\u7684\u8cc7\u6599\u5305\u8aa4\u50b3\u76ee\u7684\u5730
ex:\u67093\u53f0\u6a5f\u5668\u5206\u70ba\u5225pc1,pc2,pc3,\u4e14ip\/mac\u5206\u5225\u70baip1\/mac1,ip2\/mac2,ip3\/mac3,
\u5176\u4e2dpc3\u662f\u653b\u64ca\u8005,\u653b\u64ca\u65b9\u5f0f\u5982\u4e0b
1,pc3\u9001\u51faarp reply\u7d66pc1,\u4f46\u8a0a\u606f\u4f86\u6e90\u88ab\u8a2d\u5b9a\u6210ip2\/mac3(\u6b63\u5e38\u60c5\u6cc1\u4e0b\u61c9\u70baip3\/mac3)
2,pc1\u76f8\u4fe1\u6b64arp reply\u4e26\u66f4\u65b0arp table,\u56e0\u6b64\u5f80pc2\u7684mac\u8b8a\u70bamac3
3,pc1\u6b64\u6642\u8981\u9001\u8cc7\u6599\u5230pc2,\u9019\u6642\u8cc7\u6599\u5c31\u6703\u9001\u5230mac3
4,pc3\u6536\u5230pc1\u8981\u7d66pc2\u7684\u8cc7\u6599,\u653b\u64ca\u6210\u529f<\/p>\n\n\n\n

\u5229\u7528arp\u7684\u653b\u64ca\u4e3b\u8981\u6709
dos:\u5c0d\u76ee\u6a19pc\u767c\u9001\u932f\u8aa4\u9598\u9053ip\/mac\u5c0d\u61c9\u4e4barp reply,\u76ee\u6a19\u5373\u7121\u6cd5\u7d93\u7531\u6b63\u78ba\u9598\u9053\u5230\u5176\u4ed6\u7db2\u8def,\u6703\u8b93\u4f7f\u7528\u8005\u6709\u7121\u6cd5\u4e0a\u7db2\u7684\u932f\u89ba ex:netcut
man-in-middle attack:\u540c\u6642\u6b3a\u9a19\u96d9\u65b9,\u5247\u53ef\u4e0d\u5f71\u97ffpc1\u548cpc2\u7684\u901a\u8a0a\u9054\u5230\u76e3\u8996\u6548\u679c
Session Hijacking:\u5229\u7528ARP\u6b3a\u9a19\u5c07\u4f7f\u7528\u8005\u6b63\u5e38\u7684\u9023\u7dda\u6436\u904e\u4f86<\/p>\n\n\n\n

arp\u653b\u64ca\u53ef\u5206\u70ba
\u60e1\u610f\u653b\u64ca:\u5229\u7528\u5de5\u5177\u6709\u610f\u5716\u7684\u653b\u64ca\u7279\u5b9a\u76ee\u6a19,\u6613\u507d\u88dd\u597d\u64cd\u4f5c,\u56e0\u6b64\u8f03\u96e3\u89e3\u6c7a
\u4e2d\u6bd2\u800c\u653b\u64ca:\u4f7f\u7528\u8005\u4e2d\u6bd2\u800c\u7522\u751farp\u653b\u64ca

<\/p>\n\n\n\n

………………..<\/p>\n\n\n\n

\u89e3\u6c7aman-in-middle attack\u7684\u7c21\u6613\u8fa6\u6cd5<\/strong>
\u5c07gatewayip\u548cgatewaymac\u8a2d\u6210\u975c\u614b\u5c0d\u61c9
windows client\u7528\u6236:\u4f7f\u7528arp -s < gateway ip > < gateway mac> 
ps:
\u5efa\u8b70\u4e5f\u628adns ip\u548cmac\u8a2d\u6210\u975c\u614b\u5c0d\u61c9,\u53ef\u4ee5\u9632\u5047\u5192dns\u653b\u64ca<\/p>\n","protected":false},"excerpt":{"rendered":"

ARP(Address Resolution Protoco …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[25],"tags":[],"class_list":["post-780","post","type-post","status-publish","format-standard","hentry","category-osi-layer3"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/780","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=780"}],"version-history":[{"count":0,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/780\/revisions"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}