From the course: Network Forensics
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
ARP
- [Narrator] ARP stands for Address Resolution Protocol. In the previous lessons I talked about the use of two addressing schemes in computer networking. One was MAC for switches and the other was IP for routers. Because of this difference between the addressing schemes, when a router forwards a message to a switch the IP address needs to be converted to a corresponding MAC address. Hosts use a table called ARP table to keep track of the mapping between IP addresses and their MAC versions. Let's check this out on our Windows box. In your Command Prompt window, type arp -a. Press enter. See the mapping between the internet addresses and physical addresses? This table is useful for network forensics specialists because they can find out the MAC addresses associated with the IP addresses they're investigating without signing onto each host. ARP obtains MAC addresses by using a net broadcast request that asks for the MAC address for a device that is configured with an specific IP. When…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.