Wednesday, May 21, 2014

Types of ARP

Most of us are aware of ARP (address resolution protocol) and its functionality.

1.ARP is a layer 3 protocol.
2.Help to find the mac address using ip address.

Types of ARP

RARP
IARP
Proxy-ARP
Gratuitous ARP

Proxy ARP

Host A wants to send data to Host B which is not on that network, Host A sends an ARP to get a MAC address for host B. Router (gateway) replies to Host A with its own MAC address stating itself as destination (something like a proxy roll call when you respond as present to a roll call of your friend), hence when the data is sent to the destination by Host A it would be sending to the gateway (as destination MAC is given as Gateway's MAC) which would in-turn send to host B. This is called proxy arp

Gratuitous ARP

Gratuitous ARP could mean both gratuitous ARP request or gratuitous ARP reply. Gratuitous in this case means a request/reply that is not normally needed according to the ARP specification (RFC 826) but could be used in some cases. A gratuitous ARP request is anAddressResolutionProtocol request packet where the source and destination IP are both set to the IP of the machine issuing the packet and the destination MAC is the broadcast address ff:ff:ff:ff:ff:ff. Ordinarily, no reply packet will occur. A gratuitous ARP reply is a reply to which no request has been made.
Gratuitous ARPs are useful for four reasons:

  • They can help detect IP conflicts. When a machine receives an ARP request containing a source IP that matches its own, then it knows there is an IP conflict.
  • They assist in the updating of other machines' ARP tables. Clustering solutions utilize this when they move an IP from one NIC to another, or from one machine to another. Other machines maintain an ARP table that contains the MAC associated with an IP. When the cluster needs to move the IP to a different NIC, be it on the same machine or a different one, it reconfigures the NICs appropriately then broadcasts a gratuitous ARP reply to inform the neighboring machines about the change in MAC for the IP. Machines receiving the ARP packet then update their ARP tables with the new MAC.
  • They inform switches of the MAC address of the machine on a given switch port, so that the switch knows that it should transmit packets sent to that MAC address on that switch port.
  • Every time an IP interface or link goes up, the driver for that interface will typically send a gratuitous ARP to preload the ARP tables of all other local hosts. Thus, a gratuitous ARP will tell us that that host just has had a link up event, such as a link bounce, a machine just being rebooted or the user/sysadmin on that host just configuring the interface up. If we see multiple gratuitous ARPs from the same host frequently, it can be an indication of bad Ethernet hardware/cabling resulting in frequent link bounces.
Posted by at No comments:

Monday, May 19, 2014

Layer 4 TCP Flags

The TCP (Transmission Control Protocol) is layer 4 protocol of OSI stack.
rather than going on to the basics of  TCP like understanding its a connection oriented protocol and else ; Lets discuss the 5 FLAGS :

1.SYN : Initiates a connection
2.ACK : Acknowledges received data
3.URG : Discussed Below
4.PSH : Discussed Below
5.RST :Aborts a connection in response to an error
6.FIN :Closes a connection

"PSH FLAG"

To understand the function of the PSH flag, we first need to understand how TCP buffers data. TCP operates at layer four of the OSI model; it presents to upper layers a simple socket which can be read from and written to, masking the complexities of packet-based communications. To allow applications to read from and write to this socket at any time, buffers are implemented on both sides of a TCP connection in both directions.
Buffers allow for more efficient transfer of data when sending more than one maximum segment size (MSS) worth of data (for example, transferring a large file). However, large buffers do more harm than good when dealing with real-time applications which require that data be transmitted as quickly as possible. Consider what would happen to a Telnet session, for instance, if TCP waited until there was enough data to fill a packet before it would send one: You would have to type over a thousand characters before the first packet would make it to the remote device. Not very useful.
This is where the PSH flag comes in. The socket that TCP makes available at the session level can be written to by the application with the option of "pushing" data out immediately, rather than waiting for additional data to enter the buffer. When this happens, the PSH flag in the outgoing TCP packet is set to 1 (on). Upon receiving a packet with the PSH flag set, the other side of the connection knows to immediately forward the segment up to the application. To summarize, TCP's push capability accomplishes two things:
  • The sending application informs TCP that data should be sent immediately.
  • The PSH flag in the TCP header informs the receiving host that the data should be pushed up to the receiving application immediately

"URG FLAG"

The URG flag is used to inform a receiving station that certain data within a segment is urgent and should be prioritized. If the URG flag is set, the receiving station evaluates the urgent pointer, a 16-bit field in the TCP header. This pointer indicates how much of the data in the segment, counting from the first byte, is urgent.
Posted by at No comments:
Subscribe to: Comments (Atom)