IT Trenches

Feb 2 2009   5:15PM GMT

ARP as a network auditing tool

Troy Tate Profile: Troy Tate

ARP – or Address Resolution Protocol is a necessary element for network traffic. Per Wikipedia: “In computer networking, the Address Resolution Protocol (ARP) is the method for finding a host’s link layer (hardware) address when only its Internet Layer (IP) or some other Network Layer address is known. ARP is defined in RFC 826.[1] It is Internet Standard STD 37.” It is not an IP only protocol.

What this means, is that ARP is not a protocol that is easily blocked or disabled on a network. This is as designed but this also means that attackers can use this protocol for malicious activities. It is important that you understand the ARP protocol and the ways it is used and the dangers associated with it.

Laura Chappell, the BitGirl, has created a new tutorial on using ARP to scan networks which may be firewalled or ICMP pings are blocked. ARP will permit you – and attackers – to find hosts on the network. Take some time and watch this short video and gain some valuable insights into ARP.

Watch Chappell University – Ethical Hacking with NetScanTools Pro – ARP Scanning

Thanks for your time and let’s be good network citizens!

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Xionmore
    The thing is, its not the tools which can ping a host behind the firewall. Its because of ARP protocol feature. I have worked on this long time and i am pretty much sure the behavior and feature of ARP. If you people are interested in discovery a host behind the firewall try XML port scanning technique or something innovative like that. By the thanks for such a good video presentation.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: