Unlike the Internet, devices connected to a local network do not communicate directly with their IP address. Instead, for address resolution in IPv4 networks, physical hardware addresses are used, the so-called MAC (Media Access Control) addresses , consisting of a unique 48-bit code that identifies the network card of each device on the network. local unequivocally.
Example of a MAC address: 00-80-41-ae-fd-7e
MAC addresses are granted by hardware manufacturers and are unique globally. In theory these physical addresses should be able to resolve addresses locally, but in practice this is not feasible as IPv4 addresses are too short to fully reproduce MAC addresses. This is the reason why, in networks based on this protocol, address resolution using ARP is essential ..
In order to communicate with computer B, computer A needs to find out the MAC address associated with its IP address. This is where the address resolution protocol or ARP comes in, a network protocol that works according to the request-response model .
In the search for the corresponding MAC address, the computer A broadcasts a request ( ARP Request ) in all network devices containing the following information:
A computer with the MAC address xx-xx-xx-xx-xx-xx and the IP address yyy.yyy.yyy.yyy wants to contact a computer with the IP address zzz.zzz.zzz.zzz and needs its MAC address.
To avoid having to send an ARP request every time a data packet is sent, all computers on the network have a table ( ARP cache ), where all known MAC addresses including their associated IPs are temporarily stored. These computers, after receiving the request, write down the pair of addresses (IP and MAC) delivered together with the request, but the response with the MAC address can only be given by one of them, computer B. Your response could be something like:
Here the system with the IP address zzz.zzz.zzz.zzz. The requested MAC address is aa-aa-aa-aa-aa-aa.
When computer A receives this reply ( ARP Reply ), it already has all the information it needs to send data packets to computer B. At this point there is nothing to prevent communication on the local network. Now, what if the one responding is not the expected computer, but a device controlled by an external person with dubious objectives? This is where ARP spoofing comes into play.