1
00:00:00,000 --> 00:00:18,300
Hey guys and welcome back. So now what I want to talk to you about is something called address

2
00:00:18,300 --> 00:00:24,900
resolution protocol because this is something that we have to understand for our basic network

3
00:00:24,899 --> 00:00:33,460
communication. So the address resolution protocol is more commonly known and referred to simply as

4
00:00:33,460 --> 00:00:40,739
ARPARP. So let's actually talk about what this protocol is doing and then we'll look at the

5
00:00:40,739 --> 00:00:46,140
command that we can do to inspect our ARP information honor system. So think about this,

6
00:00:46,140 --> 00:00:51,780
okay. Let's imagine we have a whole bunch of devices. Let's say device one is here,

7
00:00:51,820 --> 00:00:58,740
device two is here, device three is here and device four. Now all four of these devices,

8
00:00:58,740 --> 00:01:03,620
let's say they're connected with a network switch. So this can be a switch right here.

9
00:01:03,620 --> 00:01:10,020
Let's pretend and connect in to you, connect in, connect in and connect in. So let's imagine

10
00:01:10,179 --> 00:01:23,219
that this device here has the IP address of 192.168.1.1 and this one is 192.168.1.2. Over here we

11
00:01:23,219 --> 00:01:35,699
have 192.168.1.3 and device number four is 192.168.1.4. Perfect. So let's imagine that this device

12
00:01:35,780 --> 00:01:42,980
over here, device number one, wanted to communicate with device number three. Now I'm going to assume

13
00:01:42,980 --> 00:01:50,020
that all of these devices have a network mask of a slash 24. If you can remember your subnetting

14
00:01:50,020 --> 00:01:56,020
basics from LPIC one, that would mean that all of these devices are on the same network. So

15
00:01:56,579 --> 00:02:02,420
when devices are on the same local network, can you remember how they actually communicate?

16
00:02:02,420 --> 00:02:08,900
They actually don't communicate via IP addresses directly. Instead, the way they speak to one

17
00:02:08,900 --> 00:02:18,500
another is via their MAC addresses, i.e. their layer two address. So if this device 192.168.1.1

18
00:02:18,500 --> 00:02:26,740
wants to talk to this device 192.168.1.3 and they have to communicate via MAC addresses,

19
00:02:26,740 --> 00:02:31,460
how is this communication going to be facilitated? i.e. how does this device

20
00:02:31,460 --> 00:02:37,700
learn what this device's MAC addresses? Well, the answer lies in what we're talking about right

21
00:02:37,700 --> 00:02:43,460
now. The answer lies within the address resolution protocol. So the way this is going to happen is

22
00:02:43,460 --> 00:02:51,460
that the sender, i.e. this device here, is going to send out a broadcast message. That means that

23
00:02:51,460 --> 00:02:56,980
it's going to communicate this message to all devices on the local network. And really what

24
00:02:56,980 --> 00:03:07,620
it's going to ask in this message is who has the IP address of 192.168.1.3 because that is who I want

25
00:03:07,620 --> 00:03:13,379
to talk to. So the message goes into the switch and the switch is going to broadcast it out to all

26
00:03:13,379 --> 00:03:20,580
of these ports here. So to this device here and to this device here and this device right here.

27
00:03:20,580 --> 00:03:27,940
Now device number two gets this message saying who is 192.168.1.3 and device two knows hey,

28
00:03:27,940 --> 00:03:33,460
that is not me so I'm just going to discard this message and not pay attention to it. Similarly

29
00:03:33,460 --> 00:03:39,939
device number four gets the same message who is 192.168.1.3. This device also says well that's

30
00:03:39,939 --> 00:03:47,140
not me I'm going to discard this message and just ignore it but when it comes to device number three,

31
00:03:47,139 --> 00:03:54,979
device number three is going to recognize hey, this is my IP address. Now this wasn't the only

32
00:03:54,979 --> 00:04:02,419
instruction within the original message up here. We didn't just ask who is 192.168.1.3. We actually

33
00:04:02,419 --> 00:04:10,259
asked who is 192.168.1.3. Identify yourself and then tell me your MAC address. So this device says

34
00:04:10,259 --> 00:04:17,539
hey the message is going to me who is a sender 192.168.1.1. I'm going to send a message back

35
00:04:17,539 --> 00:04:24,819
saying my MAC address is and then whatever the MAC address happens to be that hexadecimal value.

36
00:04:24,819 --> 00:04:31,139
So now this device here can associate a particular MAC address. Let's just say the MAC address was

37
00:04:31,139 --> 00:04:42,659
0001 0001 0003 whatever and now this device up here can keep a local copy of this information

38
00:04:42,659 --> 00:04:49,379
binding this IP address to this MAC address. So whenever we happen to have a communication

39
00:04:49,379 --> 00:04:55,539
destined for this address, we know we can communicate to that device via this MAC address.

40
00:04:55,540 --> 00:05:02,340
Now like I say this storage of information whereby we keep a copy of the IP address and bind it to

41
00:05:02,340 --> 00:05:07,860
the MAC address otherwise known as the hardware address. We can have multiple entries here so

42
00:05:07,860 --> 00:05:15,780
lots of different IP addresses maybe the MAC address and IP address binding for 192.168.1.2

43
00:05:15,780 --> 00:05:23,540
as well as 1.3 as well as 1.4 if we so need and all of this information is cached and held in

44
00:05:23,540 --> 00:05:28,819
what is called the ARP table. So this is exactly what we're going to be looking at right now. So

45
00:05:29,540 --> 00:05:35,939
really easy command to be able to use we simply type the command ARP. So check this out here we

46
00:05:35,939 --> 00:05:44,740
have some information here we have 192.168.0.39 this device is on the same network as us we are 0.68

47
00:05:44,740 --> 00:05:50,259
and if we want to communicate with this device on our local network we would have to be able to

48
00:05:50,259 --> 00:05:56,259
communicate with that device via its layer to address i.e its MAC address and luckily for us

49
00:05:56,259 --> 00:06:03,620
we have learned and stored that MAC address there it is right there. So now the advantage is once we

50
00:06:03,620 --> 00:06:10,099
have learned this information and we have stored it in our ARP cache every time we want to send a

51
00:06:10,099 --> 00:06:16,180
message to this device we don't have to send it a broadcast every single time and disrupt the entire

52
00:06:16,180 --> 00:06:22,500
network we can just ask the question once once that device responds with its MAC address we

53
00:06:22,500 --> 00:06:27,860
simply just store that information in our ARP cache within the table. Now like I say this is

54
00:06:27,860 --> 00:06:34,019
caching information after a while this information will be eventually flushed so that if we happen to

55
00:06:34,019 --> 00:06:39,460
need to communicate with that device much later on we will indeed have to reissue that broadcast

56
00:06:39,539 --> 00:06:46,259
communication and relearn the MAC address and the event that potentially has changed and then

57
00:06:46,259 --> 00:06:51,779
once again we will store that information for a predetermined period of time. Now if you happen

58
00:06:51,779 --> 00:06:57,379
to go into the man page for the ARP command and we scroll on down we can see different options

59
00:06:57,379 --> 00:07:03,539
available to us via this command so say for example we want to manually delete an entry within the

60
00:07:03,540 --> 00:07:10,340
ARP table we could do so using this particular command using the ARP command specify the interface

61
00:07:10,340 --> 00:07:15,620
you want to target then using the dash D flag and then the IP address that we would want to

62
00:07:15,620 --> 00:07:22,259
delete from the ARP table. Similarly if you want to add a new entry you can use the dash S flag

63
00:07:22,259 --> 00:07:28,980
specify that IP address and then bind it manually to a hardware address this is going to allow you

64
00:07:28,980 --> 00:07:35,220
to manually set up a new entry within the ARP table so really for the purposes of the examination

65
00:07:35,220 --> 00:07:41,379
we want to understand that the ARP command is going to show us IP address to MAC address bindings

66
00:07:41,379 --> 00:07:48,020
for devices on our local network and we can use this command to display this information as well

67
00:07:48,020 --> 00:07:54,020
as manually delete ARP information perhaps that information is stale and outdated we want to flush

68
00:07:54,019 --> 00:08:00,899
it away or if we want to induce some corrective measures manually we can as we see here use the

69
00:08:00,899 --> 00:08:08,419
dash S flag to set up a static ARP binding between a MAC address and an IP address and really that

70
00:08:08,419 --> 00:08:13,779
is the focus of what we want to understand with respect to the ARP command. Okay dogs so I hope

71
00:08:13,779 --> 00:08:20,019
this has been informative for you and I'd like to thank you for viewing.