Difference between revisions of "ARP"

From Hackepedia
Jump to navigationJump to search
(looking from the outside in)
Line 4: Line 4:
  
 
[[ARP poisoning]] is an attack that rewrites the destination MAC address of another host and "poisons" the ARP cache of the attacked host.
 
[[ARP poisoning]] is an attack that rewrites the destination MAC address of another host and "poisons" the ARP cache of the attacked host.
 +
 +
== Looking from the outside in ==
 +
 +
If someone is looking at frames from a [[Wifi]] connection they will only see encrypted frames.  However a weakness of all Wifi protocols is that all frames are not the same size.  This lets one identify with some certainty what an ARP packet is by judging a frames size.  This was to the detriment of the [[WEP]] encryption method on wireless links because these frames could be replayed.  Replaying was important for gathering IV's.

Revision as of 13:03, 8 August 2013

Address Resolution Protocol. It's part of Ethernet and translates a 48 bit MAC address to a 32 bit IP address.

ARP Poisoning

ARP poisoning is an attack that rewrites the destination MAC address of another host and "poisons" the ARP cache of the attacked host.

Looking from the outside in

If someone is looking at frames from a Wifi connection they will only see encrypted frames. However a weakness of all Wifi protocols is that all frames are not the same size. This lets one identify with some certainty what an ARP packet is by judging a frames size. This was to the detriment of the WEP encryption method on wireless links because these frames could be replayed. Replaying was important for gathering IV's.

Retrieved from "https://hackepedia.org/?title=ARP&oldid=5592"