welcome and in this video course we are looking at the cyber ops associate version one course this course is going to cover the skills and knowledge needed for successfully handling the tasks and duties responsibilities of an associate level security analyst working at a security operations center the goal of this video series is to help prepare learners for the cisco 200-201 certification that's focusing on understanding the cisco cyber security operation fundamentals course known as c b r o p s module eight is all about address resolution protocol known as arp so here we're looking at mac addresses and ip addresses predominately looking at ipv4 since arp only uses ipv4 we're going to be looking at and analyzing arp by examining ethernet frame and then we're going to look at some arp requests issues and the impact it may have on the network so again first one is mac and ip addresses first thing to point out is uh these are not the right mac addresses i'm gonna pin we shortened it so instead of showing six pairs we're only showing two pairs again a mac address is a 48-bit number so a mac address is also known as a physical address and it's used for local connection local connectivity local being part of the lan also that means we're dealing with mac addresses being part of the layer 2. if we are dealing with anything leaving the network that will deal with a layer 3 address known as a logical address also referred to as an ip address if we need to leave the network we will use the mac address to reach our default gateway our default gateway will strip away the layer 2 header and look at the layer 3 data it will then replace the layer 2 header with its own mac address and its own destination here is a perfect example here we have one pair of mac addresses as we go to our layer 3 device the layer 3 device will strip away those mac address source and destination it will replace it with the source address being its mac address and the destination being the next hops mac address that builds the next layer 2 frame when router 2 receives it it will strip away the old layer 2 data it will replace it with its source mac address and the destination mac address will be the end server each router will strip away the mac address examining its ip address since we are communicating on a remote network the goal is to be able to look at the next network so all of this is how arp functions to illustrate uh a problem while sending a packet to another host on the same local network that's because the ip address is known but the mac address is not so what do we do when we do not know the mac address but we know the ip address we use arp to determine the mac address of the local device while knowing its ip address only we send the broadcast i know this ip address who does this who has this address what is the mac address of this device and the goal is to resolve the ipv4 address to a mac address that can also be used to maintain a table of addresses ipv4 to mac address this is called address mapping so the overall function is to be able to send the broadcast i have this ip address who who has the matching mac address it will go to everyone and only the ip address that it has will respond and it will update by sending its mac address back to the original source this helps build the arp table sometimes referred to as the arp cache that means the switch will start building this mapping of addresses between layer 4 and layer 3 sorry between layer 3 and layer 2. this device will also then start building a mapping for what ports are attached to [Music] which devices what mac address is attached to those physical ports so when a device needs to determine a mac address it will map to the ipa address and no entry is found the ipv4 address and it's our payable then the arp request is sent out the arp request is a broadcast thought was really funny is that's not my computer the machine that cisco is using to build these power points wasn't activated you can see the activate windows go to settings option right here that's kind of interesting anyways so only the device that the target ipv4 address will respond with the appropriate mac address remember ipv6 uses a similar process but it uses neighbor discovery uses either a neighbor acknowledgement or a neighbor solicitation ipv6 does not use arp it only uses neighbor discovery so the role of arp in communication is it allows for that local connectivity on a local network so removing entries from the arp table essentially the devices will purge old information so if a mac address or an ip address hasn't been used in x amount of time it will age out that means the devices will forget it because it's been too long we can look at an art table by doing a uh arp tag a on a device so i will do my computer go to my command line arp tag a these are all of the devices that i currently know about i have a lot of virtual machines and so that's why these addresses right here between 27 and 193 these are all mine one computer but with virtual addresses i have a lot of virtual mix because i have several vms running we have a lab to examine our ethernet frame which you guys will do that individually we will be i will be posting videos of these labs just when i have time lastly arp issues where do you know arp sends out broadcasts that means these broadcasts could flood the local media so what can we do to prevent that well one thing is to understand that we need to have an appropriately set up network a bus or a ring doesn't function very well in networks like this so we have to use csma ca csma cd media act csma cd to prevent collisions from occurring if we're doing a shared media like this another issue is we can spoof our armpit requests i've showed videos of a man in the middle attack and how it can be done as long as you can spoof the default gateway that's one of the issues is threat actors can use arp spoofing to do art poisoning or to do redirection of data or data interception things like that arp spoofing is pretty easy to do and arp spoofing is essentially us being able to pretend to be a different device on the network or to have a certain mac address when we really do not so that is actually it for this chapter we talked about ip addresses both physical and logical addresses we talked about layer 2 versus layer 3 addresses layer 2 being a mac address which is a physical address layer 3 being a ip address also known as a logical address we talked through arp and how arp allows us to communicate between or find information between an ip address and an unknown mac address so that way we can determine the appropriate mac address we looked at arp using ipv4 network we looked at neighbor discovery when looking at ipv6 network and we wrapped up with our spoofing and our poisoning as possible types of attacks if you have any questions or concerns please reach out thank you