Cache Flood
Cache flooding is an attack that can flood the CAM table this causes a switch to switch to a HUB mode.
Adress resolution protocol(ARP) is a communication protocol used for discovering the link layer adress such as a MAC adress associated with a given internet layer adres. Usually an IPv4 adress.
Within Ipv6 networks the functionality of ARP is provided by the Neighbor Discovery Protocol
Reverse ARP (RARP) is a compliment to ARP
ARP is broadcasted using mac addresses and hte data is contained in the ethernet frame.
Client A is connected on the same subnet as Client B with both assigned a IPv4. Client A has to send a packet to client B. Through DNS it resolves that Client B has ip adress X.
To send a packet a MAC adres of Client B is also needed by Client A Client A first uses a locally cached ARP table to look up the IP of Client B.
If the adres is foudn then it sends a Ethernet frame with the destination mac adress containing the the IP packet.
If there is no entry for Client B in the local ARP cache then Client A will send out a broadcast ARP request message on (FF:FF:FF:FF:FF:FF) requesting an answer for an IP adres
Client B will respond with an ARP response message containing the MAC and IP adresses of the client. and sends it to Client A.
As part of this request Client B might store the IP and MAC of Client A in the local ARP cache.
The arp packet is 224 octets in length and it contains the following types
The entries are arranged in the following manner in the packet
Hardware Type: Each link layer protocol is assigned a numer used in this field. For Ethernet this number is 1.
Protocol Type: Each protocol is assigned a number used in this field. For example, IPv4 is 0x0800.
Hardware Length: Length in bytes of a hardware adres. The ethernet hardware MAC adress is 6 bytes long.
Protocol Lenght: Length in bytes of a logical adress. IPv4 adressses are 4 bytes long.
Operation: Specifies the operation the sender is performing. There are 4 types of ARP messages that may be send by the ARP protocol. These are identified by four values in the operation field of the ARP message. The types are:
Sender Hardware Address: the hardware adress of the sender
Sender Protocol Address: Protocol Adress opf the sender.
Target Hardware Adress: Hardware adress of the intended reciever. This field is left empty upon ARP request.
Target Protocol Adress : Protocol adress of the inteded reciever.
Cache flooding is an attack that can flood the CAM table this causes a switch to switch to a HUB mode.
Spoofing ARP requests can change the routing of packets and is required for a Man in the middle attack.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.