----IP Addresses, MAC Addresses, and ARP----
By Niels/Ch4r | nielsosky@gmail.com | www.binaryuniverse.net
=================================================================================
This tutorial may be redistributed and hosted on other servers as long
as full credit is given to me, Niels/Ch4r, and it is left completely
intact.
=================================================================================
This tutorial covers IP addresses, MAC addresses, and ARP. You will
learn more about each of these in their respective sections of this
paper, but before you assume that IP addresses, MAC addresses, and ARP
have nothing to do with each other, a brief introduction is necessary.
IP addresses are addresses assigned to hosts over the internet, MAC
addresses are addresses that are used to identify hardware over a
network, and ARP is a protocol that converts IP addresses to MAC
addresses, so you can now see that all three subjects addressed in this
paper do relate to each other. As always, feedback is appreciated, so
feel free to contact me via email, or any other way for that matter.
Now, let us begin.
IP addresses are addresses used to identify hosts uniquely over the
internet. Think about it, if you are communicating with a web server,
or any other kind of computer via a network or the internet, that
machine needs to know how to reply to you, just as if you are writing a
letter to a person, that person needs an address to send a reply to. IP
addresses in IPv4, which is currently the most widely used version of
Internet Protocol, consist of 32-bit numbers, such as:
11010011 01110100 11101001 00101110
However, this form of writing IP addresses is hardly easily read. To
make IP addresses more readable by humans, they are usually written in
what is referred to as dotted decimal notation. To translate this to
dotted decimal notation, each octet (byte/8 bits) is converted to a
decimal number and each octet is seperated by a dot, hence the name
dotted decimal notation. Thus, the previous example is the following in
dotted decimal notation:
211.116.233.46
IP addresses are divided into 5 classes, Class A, Class B, Class C,
Class D, and Class E. Classes D and E are reserved for special use,
while classes A, B, and C are used by the public, so to speak. Class A
addresses always begin with a 0 when in binary form, and can start with
any octet from 1 to 126. In a class A address, the first octet
represents which network the IP belongs to, while the last three octets
are used to represent the host on the network. This leaves a
possibility for a large number of different hosts, and thus class A
addresses are reserved for large organizations.
Class B addresses will always begin with 10 in binary notation, meaning
the first octet in dotted decimal notation will be a number from 128 to
191. In class A addresses, we saw that the first octet identified the
network, and the last three the host. In class B addresses, the frist
two octets identify the network of the IP, and the last two identify
the host. If you're wondering what happenned to an IP starting with
127.x.x.x, the answer is that it is reserved for local loopback,
meaning that 127.x.x.x is always the machine you are on, so if you ping
127.0.0.1, you are actually pinging your own computer.
Class C addresses always begin with 110 in binary form, which also
means that the first octet as a decimal will be a number in the range
from 192 to 223. We saw earlier that the first octet of class A
networks represents the network, the first two octets for class B, and
to stick with the pattern, the first three octets of a class C
represent the network portion of the address, and the last octet
represents the host portion of the address. You'll notice that this
leaves room for many class C networks, but not so many hosts per
network, wheras class A is exactly the opposite.
Now that we've discussed the basics of IP addresses, we can move on to
level two: MAC addresses. A MAC (Media Access Control) address is a
unique 48 bit hex number used to identify a network adapter, and are
used for identifying hosts on a LAN (Local Area Network). They are
displayed in the following form:
AA:AA:AA:BB:BB:BB
The first half, in this case AA:AA:AA is used to identify the
manufacturer of the networking hardware, and the second half, in this
case BB:BB:BB is used to identify the serial number of the network
adapter. If everyone left their networking hardware as it was, no two
adapters would have the same MAC address, but many users, for many
different reasons, will spoof a different MAC address, or even outright
change it on occasion.
As you've seen, IP addresses are used to identify a host via the
internet, and MAC addresses to identify a host via a network. However,
something's missing. Suppose you are communicating with a web server.
You send the data to the server via a gateway, and the server sends the
data back to the gateway, which routes it back to you. However, the
server sends the data with the IP address of the intended recipient,
and hosts are identified over a network via MAC address, thus the IP
needs to be associated with the appropriate MAC address. To do this, IP
addresses and their corresponding MAC addresses are stored in the ARP
cache. The gateway receives the message from the server to be routed,
and looks for the destination IP in the ARP cache. If the IP is found
in the ARP cache, the message is then routed to the appropriate MAC
address. If the IP address is not in the ARP cache, then the gateway
broadcasts an ARP request for the IP address it is routing the message
to. The machine with the appropriate IP responds, and the gateway sends
the message to that host and adds the IP address and MAC address to
it's ARP cache for later use.
And that, ladies and gentlemen, is how ARP ties MAC addresses and IP
addresses together. I hope you learned something from this, or at least
found it mildly entertaining. El fin.
-Niels