IP Addresses • Universal address regardless of layer 2 architecture • Each address is that of an interface, not necessarily a host • A host may have more than one interface and therefore more than one IP address • IP address affects the path selected to deliver data to a host Path Based on Address I1 R I3 A I4 B I2 Host A sends data to host B at address I4 Host A sends data to host B at address I5 I5 I1 Host I2 I3 I4 Router I5 I8 I7 Bridge Datagram Delivery • In the Internet Protocol, the basic unit of data is called a datagram • Each datagram is individually addressed • Decide if destination is on a network to which device (host/router) is attached • If on the same network, deliver datagram directly (direct delivery) • If on other than a directly attached network, send datagram to a predefined router for delivery (indirect delivery) Datagram Delivery • Given a destination IP address, a datagram eventually needs direct delivery • But datagram must be encapsulated into the layer 2 architecture for delivery (frame) • How to find the layer 2 (MAC) address that is associated with the destination IP address? • Could build a table • Could develop a protocol Address Resolution Protocol (ARP) Ethernet IA IB A PA IC B C PB PC • At higher level protocol we wish to use addresses IA, IB, IC • At final delivery we need to use PA, PB, PC • We must therefore map IX PX O F Ethernet IA IB A PA IC B PB C PC • Station O needs to send a datagram to address IX • Station O sends a special frame to broadcast address • Frame contains address IX • Station IX is expected to respond with its Physical address • Station O retains this mapping in its memory (cache) • Station O also includes its own IP and Physical addresses in the frame Address Resolution Protocol • This is sort of a call for ‘Who on this network has address IX’ • Response from target station contains its Physical address • Actual protocol is defined in RFC 826 • Frame format also defined • This is a general protocol, not unique to IP ARP Frame 11111..111 CRC Source T Type = 0806 ARP Frame 1111….111 CRC Source T Type = 0806 ARP Frame Hardware type: 1 for Ethernet Protocol type: 0800 for Internet Protocol Hardware length: 6 for Ethernet Protocol length: 4 for IP Operation: 1 for ARP Request, 2 for Reply Sender hardware address Sender protocol address Target hardware address: 0s on a request Target protocol address ARP – The Protocol • A broadcast is received • Check the frame type – 0806 = ARP • Check Type and address of sender (Is) Update cache • • • • • • Check Operation – Is it a Request Check Target address (It) – Is it me? Swaps Hardware and Protocol address Inserts own Hardware address Set Operation to Reply (2) Sends response (unicast) Gratuitous ARP • Station send ARP request for its own IP address • Let other stations know its mapping and any changes in hardware address • Checks to see if any other station has this same IP address Proxy ARP • Sometimes it is desirable for one device (router) to respond on behalf of other hosts • Often used to respond for devices on the other end of a serial line connected to the router • If a station can respond for another, is this a security concern? Reverse ARP • Extension of ARP protocol to allow a station to obtain its IP address given its hardware addressed • Originally used with diskless stations • This function has been replaced with more modern protocols • BOOTP • DHCP Position of ARP and RARP in TCP/IP Stack Tools - Utilities Packet Capture – Analyzer http://www.ethereal.com Ethereal capture/analyzer Windows version Unix version Ethereal_XTRA on course Web site http://www.netgroup.polito.it/ WinPcap – required for ethereal Analyzer – another capture utility Windump