From the course: Cisco Network Security: Secure Routing and Switching
Join today to access over 24,400 courses taught by industry experts.
ARP spoofing
From the course: Cisco Network Security: Secure Routing and Switching
ARP spoofing
- Address Resolution Protocol is used to resolve an IP address to a physical address. ARF is unique on a network because it's not routable, and it doesn't contain an IP header. Every device holds an ARP cache. For example, if you went to the command-line interface on a Windows operating system, you can type arp-a to display the current ARP cache. If there's no entry in the ARP cache, an ARP broadcast is sent out to determine the MAC address of the destination device. It's fairly straightforward. The device says, "Who has this IP address? Tell me." And the device that has the IP address responds with its MAC address. I'm in Wireshark, and in this packet capture, we see the tail end of a normal boot-up process. I'll filter the traffic for bootp, and this displays the DHCP traffic. In frame two, you see the DHCP acknowledgement, which gives the host their IP address. I'll clear that. And now let's just filter…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
