#免费ARP解析R1(config)#int e1/1R1(config-if)#ip addr 192.168.1.1 255.255.255.0R1(config-if)#no shutR1(co
.
#免费ARP解析R1(config)#int e1/1R1(config-if)#ip addr 192.168.1.1 255.255.255.0R1(config-if)#no shutR1(config-if)#endFrame 8: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0Ethernet II, Src: aa:bb:cc:00:05:11 (aa:bb:cc:00:05:11), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Destination: Broadcast (ff:ff:ff:ff:ff:ff) Address: Broadcast (ff:ff:ff:ff:ff:ff) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) #全球标识 .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) # IG位判断是否接收,IG=1bit 为组播/广播;广播则接收,单播比较接口mac Source: aa:bb:cc:00:05:11 (aa:bb:cc:00:05:11) Address: aa:bb:cc:00:05:11 (aa:bb:cc:00:05:11) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) # IG=0bit 为单播 Type: ARP (0x0806) # ARP协议接收数据包 Padding: 000000000000000000000000000000000000Address Resolution Protocol (reply/gratuitous ARP) # ARP协议 处理数据包 Hardware type: Ethernet (1) Protocol type: IPv4 (0x0800) Hardware size: 6 Protocol size: 4 Opcode: reply (2) [Is gratuitous: True] # Is gratuitous: True 为免费ARP Sender MAC address: aa:bb:cc:00:05:11 (aa:bb:cc:00:05:11) Sender IP address: 192.168.1.1 Target MAC address: Broadcast (ff:ff:ff:ff:ff:ff) Target IP address: 192.168.1.1 #免费ARP的报文发,用于查找自己的IP地址,只希望是起宣告作用;如果收到回应,则证明对方也使用自 #己目前使用的IP地址。
# ping命令解析R1#debug arpARP packet debugging is onR1#ping 192.168.1.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:*Aug 22 14:15:21.518: IP ARP: creating incomplete entry for IP address: 192.168.1.2 interface Ethernet1/1 *Aug 22 14:15:21.518: IP ARP: sent req src 192.168.1.1 aabb.cc00.0111, dst 192.168.1.2 0000.0000.0000 Ethernet1/1 # 目的mac 地址标记为 0000.0000.0000 *Aug 22 14:15:21.523: IP ARP: rcvd rep src 192.168.1.2 aabb.cc00.0211, dst 192.168.1.1 Ethernet1/1.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 3/5/7 ms
#wireshake抓包# 1、查路由表,存在直连路由,则进行封装;若无路由表,则丢弃R1#sh ip route 192.168.1.2Routing entry for 192.168.1.0/24 Known via "connected", distance 0, metric 0 (connected, via interface) Routing Descriptor Blocks: * directly connected, via Ethernet1/1 Route metric is 0, traffic share count is 1# 2、封装# 三层封装:ICMP request请求 source ip address 为出接口地址为源地址(路由表决定); destination ip address: 192.168.12.2# 二层封装:source MAC aa:bb:cc:00:01:11,destination MAC(00.00.00.00.00.00),arp encapsulation失败R1# 3、ARP请求# 有ARP表项,则转发;# 否则,创建arp imcomplete,然后arp request-B请求;#sh ip arpProtocol Address Age (min) Hardware Addr Type InterfaceInternet 192.168.1.1 - aabb.cc00.0111 ARPA Ethernet1/1#没有arp表项,则创建arp imcomplete,然后broadcast arp request请求;Frame 13: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0Ethernet II, Src: aa:bb:cc:00:01:11 (aa:bb:cc:00:01:11), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Destination: Broadcast (ff:ff:ff:ff:ff:ff) Address: Broadcast (ff:ff:ff:ff:ff:ff) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: aa:bb:cc:00:01:11 (aa:bb:cc:00:01:11) Address: aa:bb:cc:00:01:11 (aa:bb:cc:00:01:11) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: ARP (0x0806) Padding: 000000000000000000000000000000000000Address Resolution Protocol (request) Hardware type: Ethernet (1) Protocol type: IPv4 (0x0800) Hardware size: 6 Protocol size: 4 Opcode: request (1) Sender MAC address: aa:bb:cc:00:01:11 (aa:bb:cc:00:01:11) Sender IP address: 192.168.1.1 Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00) #目的Mac 00:00:00:00:00:00 Target IP address: 192.168.1.2 # 192.168.1.2收到请求后,unicast响应携带mac地址 aa:bb:cc:00:02:11 Frame 14: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0Ethernet II, Src: aa:bb:cc:00:02:11 (aa:bb:cc:00:02:11), Dst: aa:bb:cc:00:01:11 (aa:bb:cc:00:01:11) Destination: aa:bb:cc:00:01:11 (aa:bb:cc:00:01:11) Address: aa:bb:cc:00:01:11 (aa:bb:cc:00:01:11) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: aa:bb:cc:00:02:11 (aa:bb:cc:00:02:11) Address: aa:bb:cc:00:02:11 (aa:bb:cc:00:02:11) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: ARP (0x0806) Padding: 000000000000000000000000000000000000Address Resolution Protocol (reply) Hardware type: Ethernet (1) Protocol type: IPv4 (0x0800) Hardware size: 6 Protocol size: 4 Opcode: reply (2) Sender MAC address: aa:bb:cc:00:02:11 (aa:bb:cc:00:02:11) # 目的mac地址 aa:bb:cc:00:02:11 Sender IP address: 192.168.1.2 Target MAC address: aa:bb:cc:00:01:11 (aa:bb:cc:00:01:11) Target IP address: 192.168.1.1# 有ARP表项后,正常转发R1#sh ip arpProtocol Address Age (min) Hardware Addr Type InterfaceInternet 192.168.1.1 - aabb.cc00.0111 ARPA Ethernet1/1Internet 192.168.1.2 21 aabb.cc00.0211 ARPA Ethernet1/1Frame 15: 114 bytes on wire (912 bits), 114 bytes captured (912 bits) on interface 0Ethernet II, Src: aa:bb:cc:00:01:11 (aa:bb:cc:00:01:11), Dst: aa:bb:cc:00:02:11 (aa:bb:cc:00:02:11) Destination: aa:bb:cc:00:02:11 (aa:bb:cc:00:02:11) Address: aa:bb:cc:00:02:11 (aa:bb:cc:00:02:11) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: aa:bb:cc:00:01:11 (aa:bb:cc:00:01:11) Address: aa:bb:cc:00:01:11 (aa:bb:cc:00:01:11) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800)Internet Protocol Version 4, Src: 192.168.1.1, Dst: 192.168.1.2Internet Control Message Protocol
