ARP实验一:工作过程

2015年10月30日

一、实验目的

了解ARP的工作过程

二、ARP简介

  • ARP的作用

    IP地址到对应硬件地址(采用不同的网络技术)之间提供动态映射

  • ARP分组格式

  • 以太网封装格式

图片失效

  • 以太网中ARP请求和ARP响应的分组格式

图片失效

  • 字段说明
    • 以太网目的地址:全1的时候为广播(Broadcast)地址,电缆上所有以太网接口都要接收广播的数据帧
    • 帧类型:对于ARP请求/应答,为0x0806;对于RARP请求/应答,为0x0835;对于IP数据报,此字段为0x0800
    • 硬件类型:1表示以太网
    • 协议类型:需要映射的协议地址类型,0x0800表示IP地址
    • 硬件长度类型:以太网地址的长度(6 Bytes)
    • 协议地址长度:IP地址的长度(4 Bytes)
    • 操作(op):1表示ARP请求,2表示ARP应答,3表示RARP请求,4表示RARP应答

三、实验环境

表1 ARP实验环境
机器名称 网卡名称 IP地址 MAC地址
FreeBSD V1 em0 192.168.146.141 00:0c:29:4b:8e:c3
FreeBSD V2 em0 192.168.146.142 00:0c:29:c7:9f:61

四、实验步骤

  • 查询FreeBSD V1和FreeBSD V2上现有的ARP缓存
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 命令
arp -a

# 结果
# FreeBSD V1上的ARP缓存
? (192.168.146.254) at 00:50:56:ec:5a:5b on em0 expires in 747 seconds [ethernet]
pcbsdv2.local (192.168.146.142) at 00:0c:29:c7:9f:61 on em0 expires in 777 seconds [ethernet]
pcbsdv1.local (192.168.146.141) at 00:0c:29:4b:8e:c3 on em0 permanent [ethernet]
? (192.168.146.2) at 00:50:56:e6:d1:8f on em0 expires in 1139 seconds [ethernet]
? (192.168.146.133) at 00:50:56:37:63:fe on em0 expires in 1194 seconds [ethernet]

# FreeBSD V2上的ARP缓存
? (192.168.146.254) at 00:50:56:ec:5a:5b on em0 expires in 772 seconds [ethernet]
pcbsdv2.local (192.168.146.142) at 00:0c:29:c7:9f:61 on em0 permanent [ethernet]
pcbsdv1.local (192.168.146.141) at 00:0c:29:4b:8e:c3 on em0 expires in 1190 seconds [ethernet]
? (192.168.146.2) at 00:50:56:e6:d1:8f on em0 expires in 1135 seconds [ethernet]
? (192.168.146.133) at 00:50:56:37:63:fe on em0 expires in 963 seconds [ethernet]
  • 清空FreeBSD V1和FreeBSD V2上的ARP缓存
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# 命令 on FreeBSD V1
arp -d (192.168.146.142 # 删除关于FreeBSD V2的ARP缓存 
# 命令 on FreeBSD V2
arp -d (192.168.146.141 # 删除关于FreeBSD V1的ARP缓存

# 结果
# FreeBSD V1上的ARP缓存
? (192.168.146.254) at 00:50:56:ec:5a:5b on em0 expires in 526 seconds [ethernet]
pcbsdv1.local (192.168.146.141) at 00:0c:29:4b:8e:c3 on em0 permanent [ethernet]
? (192.168.146.2) at 00:50:56:e6:d1:8f on em0 expires in 1173 seconds [ethernet]
? (192.168.146.133) at 00:50:56:37:63:fe on em0 expires in 973 seconds [ethernet]


# FreeBSD V2上的ARP缓存
? (192.168.146.254) at 00:50:56:ec:5a:5b on em0 expires in 558 seconds [ethernet]
pcbsdv2.local (192.168.146.142) at 00:0c:29:c7:9f:61 on em0 permanent [ethernet]
? (192.168.146.2) at 00:50:56:e6:d1:8f on em0 expires in 1177 seconds [ethernet]
? (192.168.146.133) at 00:50:56:37:63:fe on em0 expires in 749 seconds [ethernet]
  • 在FreeBSD V1和FreeBSD V2上监听各自网卡em0上的ARP请求与应答
1
2
3
4
# 命令 on FreeBSD V1
tcpdump -exx -ttt -i em0 -vnn arp and not host 192.168.146.133 and not host 192.168.146.2 and not host 192.168.146.254
# 命令 on FreeBSD V2
tcpdump -exx -ttt -i em0 -vnn arp and not host 192.168.146.133 and not host 192.168.146.2 and not host 192.168.146.254
  • 在FreeBSD V1上向FreeBSD V2发起telnet请求
1
2
3
4
5
6
7
# 命令
telnet 192.168.146.142 discard

# 结果
Trying 192.168.146.142...
telnet: connect to address 192.168.146.142: Operation timed out
telnet: Unable to connect to remote host

五、实验结果

  • FreeBSD V1上监听到em0上的网络内容如下
1
2
3
4
5
6
7
8
9
00:00:00.000000 00:0c:29:4b:8e:c3 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.146.142 tell 192.168.146.141, length 28
	0x0000:  ffff ffff ffff 000c 294b 8ec3 0806 0001
	0x0010:  0800 0604 0001 000c 294b 8ec3 c0a8 928d
	0x0020:  0000 0000 0000 c0a8 928e
00:00:00.000170 00:0c:29:c7:9f:61 > 00:0c:29:4b:8e:c3, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Reply 192.168.146.142 is-at 00:0c:29:c7:9f:61, length 46
	0x0000:  000c 294b 8ec3 000c 29c7 9f61 0806 0001
	0x0010:  0800 0604 0002 000c 29c7 9f61 c0a8 928e
	0x0020:  000c 294b 8ec3 c0a8 928d 0000 0000 0000
	0x0030:  0000 0000 0000 0000 0000 0000
  • FreeBSD V2上监听到em0上的网络内容如下
1
2
3
4
5
6
7
8
9
00:00:00.000000 00:0c:29:4b:8e:c3 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.146.142 tell 192.168.146.141, length 46
	0x0000:  ffff ffff ffff 000c 294b 8ec3 0806 0001
	0x0010:  0800 0604 0001 000c 294b 8ec3 c0a8 928d
	0x0020:  0000 0000 0000 c0a8 928e 0000 0000 0000
	0x0030:  0000 0000 0000 0000 0000 0000
00:00:00.000060 00:0c:29:c7:9f:61 > 00:0c:29:4b:8e:c3, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Reply 192.168.146.142 is-at 00:0c:29:c7:9f:61, length 28
	0x0000:  000c 294b 8ec3 000c 29c7 9f61 0806 0001
	0x0010:  0800 0604 0002 000c 29c7 9f61 c0a8 928e
	0x0020:  000c 294b 8ec3 c0a8 928d
  • 查看最终FreeBSD上的ARP缓存
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# 命令
arp -a

# 结果
# FreeBSD V1
? (192.168.146.142) at 00:0c:29:c7:9f:61 on em0 expires in 875 seconds [ethernet]
? (192.168.146.141) at 00:0c:29:4b:8e:c3 on em0 permanent [ethernet]
? (192.168.146.2) at 00:50:56:e6:d1:8f on em0 expires in 1121 seconds [ethernet]
? (192.168.146.133) at 00:50:56:37:63:fe on em0 expires in 734 seconds [ethernet]


# FreeBSD V2
? (192.168.146.142) at 00:0c:29:c7:9f:61 on em0 permanent [ethernet]
? (192.168.146.141) at 00:0c:29:4b:8e:c3 on em0 expires in 866 seconds [ethernet]
? (192.168.146.2) at 00:50:56:e6:d1:8f on em0 expires in 1187 seconds [ethernet]
? (192.168.146.133) at 00:50:56:37:63:fe on em0 expires in 950 seconds [ethernet]

六、实验结果分析

  • 分析FreeBSD V1监听得到的数据报,易得
表2 ARP请求数据报解析(包括链路层)
目的地址(链路层) 源地址(链路层) 帧类型 硬件类型 协议类型 硬件地址长度 协议地址长度 op 源地址(链路层) 源地址(网络层) 目的地址(链路层) 目的地址(网络层)
0xffffffffffff 0x000c294b8ec3 0x0806 0x0001 0x0800 0x06 0x04 0x0001 0x000c294b8ec3 0xc0a8928d 0x000000000000 0xc0a8928e
ff.ff.ff.ff.ff.ff 00.0c.29.4b.8e.c3 ARP请求/应答 以太网地址 IP地址 6 Bytes 4 Bytes ARP请求 00.0c.29.4b.8e.c3 192.168.146.141 00.00.00.00.00.00 192.168.146.142


表3 ARP应答数据报解析(包括链路层)
目的地址(链路层) 源地址(链路层) 帧类型 硬件类型 协议类型 硬件地址长度 协议地址长度 op 源地址(链路层) 源地址(网络层) 目的地址(链路层) 目的地址(网络层)
0x000c294b8ec3 0x000c29c79f61 0x0806 0x0001 0x0800 0x06 0x04 0x0002 0x000c29c79f61 0xc0a8928e 0x000c294b8ec3 0xc0a8928d
00.0c.29.4b.8e.c3 00.0c.29.c7.9f.61 ARP请求/应答 以太网地址 IP地址 6 Bytes 4 Bytes ARP应答 00.0c.29.c7.9f.61 192.168.146.142 00.0c.29.4b.8e.c3 192.168.146.141


  • 过程分析
  1. 一开始FreeBSD V1不知道192.168.146.142的链路层地址,所以填充ARP请求数据报中的链路层目的地址为00.00.00.00.00.00,交给链路层进行下一步处理
  2. 链路层向目的地址向网段内(192.168.146.142)广播该ARP请求,询问哪台机器持有192.168.146.142的IP地址;
  3. FreeBSD V2接收到广播的数据帧后,向FreeBSD V1发送回复,192.168.146.142在Mac地址为00.0c.29.c7.9f.61(其实就是FreeBSD v2的链路层地址)的机器上,与此同时,FreeBSD V2会依据收到的ARP请求中的源地址(链路层)和源地址(网络层)的数据来更新自身的ARP缓存;
  4. FreeBSD V1收到FreeBSD V2的回复后,也会依据收到的ARP应答中的源地址(链路层)和源地址(网络层)的数据来更新自身的ARP缓存;

七、参考内容