Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,000 --> 00:00:07,000
So that being said, how would traffic flow if device A sends traffic to device C?
2
00:00:07,000 --> 00:00:12,000
So let�s say for example that device A pings device C.
3
00:00:12,000 --> 00:00:19,000
So on host A or device A the command ping 10.1.1.2 is used.
4
00:00:19,000 --> 00:00:22,000
How would traffic flow, now it�s important to remember
5
00:00:22,000 --> 00:00:25,000
that IP is a layer 3 technology.
6
00:00:25,000 --> 00:00:27,000
Mac address are used at layer 2
7
00:00:27,000 --> 00:00:32,000
so PC A needs to have a mapping between the layer 3 IP address
8
00:00:32,000 --> 00:00:34,000
and the layer 2 MAC address
9
00:00:34,000 --> 00:00:38,000
that�s because Ethernet is used in this environment
10
10
00:00:38,000 --> 00:00:44,000
and the packet needs to be encapsulated at layer 2 and sent unto the wire.
11
11
00:00:44,000 --> 00:00:49,000
So in Ethernet a MAC address needs to be added at layer 2.
12
12
00:00:49,000 --> 00:00:52,000
So this point PC A doesn�t know the MAC addresses
13
13
00:00:52,000 --> 00:00:55,000
associated with IP address 10.1.1.2.
14
14
00:00:55,000 --> 00:00:58,000
Ethernet once again is a layer 2 technology
15
15
00:00:58,000 --> 00:01:03,000
and requires the use of MAC addresses when traffic is sent unto Ethernet segment
16
16
00:01:03,000 --> 00:01:08,000
so before A can send the traffic onto the network segment
17
17
00:01:08,000 --> 00:01:13,000
it needs to know the MAC address associated with IP address 10.1.1.2
18
18
00:01:13,000 --> 00:01:19,000
I remember that in the OSI model, each layer is independent of other layers
19
19
00:01:19,000 --> 00:01:22,000
and lower layers encapsulate higher layers.
20
20
00:01:22,000 --> 00:01:27,000
So how is PC A going to learn the MAC address of PC C?
21
21
00:01:27,000 --> 00:01:34,000
it does this by using a protocol called Address Resolution Protocol or ARP,
22
22
00:01:34,000 --> 00:01:38,000
the first thing PC A does is check its local ARP cache
23
23
00:01:38,000 --> 00:01:42,000
to see if there is already an existing entry mapping
24
24
00:01:42,000 --> 00:01:45,000
IP address 10.1.1.2 to a MAC address.
25
25
00:01:45,000 --> 00:01:49,000
If there isn't an existing entry on the local machines cache
26
26
00:01:49,000 --> 00:01:52,000
it will send out a broadcast to try and find out
27
27
00:01:52,000 --> 00:01:59,000
who has IP address 10.1.1.2 and that message is called an ARP request message.
28
28
00:01:59,000 --> 00:02:05,000
In this example PC A and PC C are in the same subnet
29
29
00:02:05,000 --> 00:02:11,000
so PC A will send a broadcast unto the local subnet
30
30
00:02:11,000 --> 00:02:16,000
asking for the MAC address of PC C using an ARP request.
31
31
00:02:16,000 --> 00:02:18,000
An ARP request looks as follows
32
32
00:02:18,000 --> 00:02:21,000
The source MAC address in this example is A
33
33
00:02:21,000 --> 00:02:22,000
because the frame was sent by A
34
34
00:02:22,000 --> 00:02:26,000
the destination Mac address is a broadcast.
35
35
00:02:26,000 --> 00:02:31,000
This is because A doesn�t know who has IP address 10.1.1.2
36
36
00:02:31,000 --> 00:02:38,000
So an ARP request is essentially a message asking who has this IP address?
37
37
00:02:38,000 --> 00:02:44,000
so the IP address that's being referenced in the packet is 10.1.1.2
38
38
00:02:44,000 --> 00:02:49,000
the source IP address is 10.1.1.1 the source MAC address is A
39
39
00:02:49,000 --> 00:02:53,000
and the destination MAC address is a broadcast at the layer 2.
40
40
00:02:53,000 --> 00:02:57,000
Just to reiterate, this is the layer 2 portion of the message
41
41
00:02:57,000 --> 00:03:03,000
and this is the layer 3 portion of the message as per the OSI model.
42
42
00:03:03,000 --> 00:03:06,000
Now before continuing with our example
43
43
00:03:06,000 --> 00:03:12,000
I wanna show you a real world example of ARP or Address Resolution Protocol.
44
44
00:03:12,000 --> 00:03:18,000
so on my PC, I can type the command arp-a and I'll see my local ARP cache
45
45
00:03:18,000 --> 00:03:23,000
my IP address is 10.0.0.3 and as you can see here
46
46
00:03:23,000 --> 00:03:28,000
I�ve learnt an IP address of 10.0.0.254 dynamically.
47
47
00:03:28,000 --> 00:03:31,000
there are also some static entries in the ARP cache
48
48
00:03:31,000 --> 00:03:34,000
as an example this is the broadcast address at layer 3
49
49
00:03:34,000 --> 00:03:42,000
which is 255.255.255.255 and the layer 2 address is 8Fs
50
50
00:03:42,000 --> 00:03:47,000
so for a layer 3 broadcast of 255.255.255.255
51
51
00:03:47,000 --> 00:03:51,000
the equivalent layer 2 address is 8Fs
52
52
00:03:51,000 --> 00:03:55,000
in this example we only have 1 dynamic MAC address
53
53
00:03:55,000 --> 00:03:57,000
in the local ARP cache of my pc
54
54
00:03:57,000 --> 00:04:02,000
so the command ip config shows me my IP addresses.
55
55
00:04:02,000 --> 00:04:10,000
In this example we can see my IPv6 address which is 2001:20::2
56
56
00:04:10,000 --> 00:04:14,000
and my IPv4 address of 10.0.0.3
57
57
00:04:14,000 --> 00:04:18,000
at the moment we're only concentrating on IPv4 addresses.
58
58
00:04:18,000 --> 00:04:24,000
So you can also see my default gateway, which will set to 10.0.0.254
59
59
00:04:24,000 --> 00:04:29,000
so my ARP cache is showing the mapping of my default gateways IP address
60
60
00:04:29,000 --> 00:04:32,000
to the relevant MAC address.
61
61
00:04:32,000 --> 00:04:39,000
So the command arp - d will allow me to delete the ARP entries in my local ARP cache.
62
62
00:04:39,000 --> 00:04:46,000
arp - a shows that single dynamic entry, so I'll delete the ARP cache again.
63
63
00:04:46,000 --> 00:04:50,000
And now you can see that there are no entries in the ARP cache.
64
64
00:04:50,000 --> 00:04:53,000
I�ll do that again and notice the entry has appeared once again
65
65
00:04:53,000 --> 00:04:58,000
and that�s because I'm sending traffic from my local PC to my default gateway.
66
66
00:04:58,000 --> 00:05:05,000
I�ll do that again, so arp - a, shows the directed broadcast address
67
67
00:05:05,000 --> 00:05:08,000
for this subnet which is 10.0.0.255
68
68
00:05:08,000 --> 00:05:13,000
I'll now ping another IP address of 10.0.0.123
69
69
00:05:13,000 --> 00:05:18,000
so there was no ARP entry for this IP address.
70
70
00:05:18,000 --> 00:05:21,000
But notice when I ping, the ping succeed
71
71
00:05:21,000 --> 00:05:23,000
and if I look at the ARP cache again,
72
72
00:05:23,000 --> 00:05:30,000
you�ll notice that an ARP entry has been added for IP added 10.0.0.123
73
73
00:05:30,000 --> 00:05:34,000
Now this is another IP address configured on my local router.
74
74
00:05:34,000 --> 00:05:38,000
So the MAC address resolved is the same MAC address
75
75
00:05:38,000 --> 00:05:42,000
as for IP address 10.0.0.254
76
76
00:05:42,000 --> 00:05:46,000
If I delete the ARP cache again, so arp - d
77
77
00:05:46,000 --> 00:05:50,000
notice no entries are found in the ARP cache, still no entry.
78
78
00:05:50,000 --> 00:05:55,000
Let�s ping 10.0.0.123 the ping succeeds
79
79
00:05:55,000 --> 00:05:58,000
and if we look at the ARP cache again notice there�s an entry
80
80
00:05:58,000 --> 00:06:03,000
and the ARP cache now for IP address 10.0.0.123
81
81
00:06:03,000 --> 00:06:07,000
if I now ping my default gateway of 10.0.0.254
82
82
00:06:07,000 --> 00:06:12,000
which previously didn�t have entry in the ARP cache
83
83
00:06:12,000 --> 00:06:16,000
I can now see by using the command arp - a
84
84
00:06:16,000 --> 00:06:19,000
that an IP address to MAC address entry has been created.
85
85
00:06:19,000 --> 00:06:22,000
So what's the moral of the story?
86
86
00:06:22,000 --> 00:06:27,000
Before traffic can be sent to an IP address on the local segment
87
87
00:06:27,000 --> 00:06:31,000
ARP is required to create a mapping between the layer 3 IP address
88
88
00:06:31,000 --> 00:06:34,000
and the layer 2 MAC address.
89
89
00:06:34,000 --> 00:06:38,000
Wireshark is a sniffing tool that allows you to capture traffic
90
90
00:06:38,000 --> 00:06:41,000
of the local wire to see what�s going on.
91
91
00:06:41,000 --> 00:06:45,000
It's invaluable tool for Network Engineer
92
92
00:06:45,000 --> 00:06:50,000
Let's use Wireshark to see what's taking place in this example
93
93
00:06:50,000 --> 00:06:54,000
So what I'll do firstly is start to capture in Wireshark
94
94
00:06:54,000 --> 00:06:58,000
So on my Ethernet interface, I'll start capturing frames
95
95
00:06:58,000 --> 00:07:00,000
I'll now delete the ARP cache
96
96
00:07:00,000 --> 00:07:00,000
so now no entries are found in the ARP cache
97
97
00:07:00,000 --> 00:07:06,000
I'll ping 10.0.0.254
98
98
00:07:06,000 --> 00:07:09,000
and let's look at the ARP cache again
99
99
00:07:09,000 --> 00:07:11,000
after looking at the ARP cache
100
100
00:07:11,000 --> 00:07:15,000
we can see that an entry has been added for that address
101
101
00:07:15,000 --> 00:07:18,000
and I'll now ping 10.0.0.123
102
102
00:07:18,000 --> 00:07:23,000
so now arp - a shows those 2 entries in the ARP cache
103
103
00:07:23,000 --> 00:07:27,000
Let's stop the capture and let's look for the ARP entries
104
104
00:07:27,000 --> 00:07:33,000
So as you can see here is a broadcast that�s been sent from my local device
105
105
00:07:33,000 --> 00:07:41,000
the protocol used is ARP and I�m asking who has IP address 10.0.0.254
106
106
00:07:41,000 --> 00:07:45,000
tell 10.0.0.3 my local PC
107
107
00:07:45,000 --> 00:07:50,000
So at layer 2 you can see that the destination address is a broadcast
108
108
00:07:50,000 --> 00:07:54,000
the source address is my local machine it�s an ARP request.
109
109
00:07:54,000 --> 00:08:00,000
This is the Ether type for ARP 0x0806
110
110
00:08:00,000 --> 00:08:05,000
and looking at the address resolution protocol for ARP information.
111
111
00:08:05,000 --> 00:08:09,000
Notice we're looking for an IP address 10.0.0.254
112
112
00:08:09,000 --> 00:08:12,000
the sender MAC address is my local machine
113
113
00:08:12,000 --> 00:08:15,000
the target MAC address is unknown
114
114
00:08:15,000 --> 00:08:19,000
and we're looking for IP address 10.0.0.254
115
115
00:08:19,000 --> 00:08:24,000
Once the device has replied back using an ARP reply message
116
116
00:08:24,000 --> 00:08:27,000
I'll be able to ping that device.
117
117
00:08:27,000 --> 00:08:32,000
So in the Wireshark capture you can see I'm sending an echo
118
118
00:08:32,000 --> 00:08:35,000
so you can see the ICMP echo ping request
119
119
00:08:35,000 --> 00:08:37,000
and here are I got the response or reply.
120
120
00:08:37,000 --> 00:08:42,000
Going further down I'll be able to see the ARP request
121
121
00:08:42,000 --> 00:08:45,000
for IP address 10.0.0.123
122
122
00:08:45,000 --> 00:08:50,000
the layer 2 destination is a broadcast, the source is a local MAC address
123
123
00:08:50,000 --> 00:08:54,000
and we're requesting the target MAC address in other words
124
124
00:08:54,000 --> 00:08:59,000
who has IP address 10.0.0.123
125
125
00:08:59,000 --> 00:09:03,000
the reply is a unicast because the device are sent
126
126
00:09:03,000 --> 00:09:06,000
the arp request to knows who the arp request came from.
127
127
00:09:06,000 --> 00:09:10,000
So the destination at layer 2 is my local machine.
128
128
00:09:10,000 --> 00:09:13,000
The source is my local router sender the Mac address
129
129
00:09:13,000 --> 00:09:17,000
sender IP address, target MAC address, target IP address.
130
130
00:09:17,000 --> 00:09:21,000
In this case I�m communicating directly with my local router
131
131
00:09:21,000 --> 00:09:24,000
rather than sending traffic through the router
132
132
00:09:24,000 --> 00:09:28,000
So the MAC address and the IP address used in this example
133
133
00:09:28,000 --> 00:09:31,000
is my local machine and local router.
134
134
00:09:31,000 --> 00:09:35,000
You can see in the output here that the sender MAC address is a Cisco router.
135
135
00:09:35,000 --> 00:09:38,000
IP address is 10.0.0.123
136
136
00:09:38,000 --> 00:09:41,000
target MAC address is my local laptop
137
137
00:09:41,000 --> 00:09:46,000
with the target IP address of 10.0.0.3
13026
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.