Appendix Section; Appendix A Mitigating Arp Spoofing Attacks Using Packet Content Acl; How Address Resolution Protocol Works - D-Link xStack DGS-3420 Series Reference Manual

xStack® DGS-3420 Series Layer 2 Managed Stackable Gigabit Switch Web UI Reference Guide

Appendix Section

Appendix A Mitigating ARP Spoofing Attacks
Using Packet Content ACL

How Address Resolution Protocol works

Address Resolution Protocol (ARP) is the standard method for finding a host's hardware address (MAC address)
when only its IP address is known. However, this protocol is vulnerable because crackers can spoof the IP and
MAC information in the ARP packets to attack a LAN (known as ARP spoofing). This document is intended to
introduce the ARP protocol, ARP spoofing attacks, and the countermeasures brought by D-Link's switches to
thwart ARP spoofing attacks.
Figure 1 - ARP Request
In the process of ARP, PC A will first issue an ARP request to query PC B's MAC address. The network structure is
shown in Figure 1.
Figure 2 - ARP Payload
The ARP request will be encapsulated into an Ethernet frame and sent out. As can be seen in Figure 3, the
"Source Address" in the Ethernet frame will be PC A's MAC address. Since an ARP request is sent via broadcast,
the "Destination address" is in a format of Ethernet broadcast (FF-FF-FF-FF-FF-FF).
390