Geek Culture
Published in

Geek Culture

ARP ( Address Resolution Protocol ) demystified

Whenever a host needs to contact another host, either in its subnet or in another subnet or maybe on the internet, then it sends an ARP ( Address Resolution Request)

Screenshots were made on my FortiGate 60F https://amzn.to/2W1cHkQ

As the name suggests, An ARP request that is sent, actually asks “Who has the IP address that I need to contact”

The request is being sent in the broadcast domain or sometimes it is being relayed to another subnet, and the host that has the IP address sends back its MAC address

The MAC address is crucial in crafting the packet itself. It is one of the most important functions in IP routing.

On the other side, Your FortiGate firewall has an ARP table, which holds the binding between the different MAC addresses and the IP addresses on different interfaces. So let’s take a deeper look at the ARP table

Sniffing ARP

Let’s start by examining ARP requests that are being sent from our LAN

To do so we’ll use the “diag sniffer packet” which is a FortiGate Wireshark way to capture the packets that travel between the different interfaces and examine what is happening.

When we examine packets, we can use filters, to capture specific traffic.

Here we will not use any filters , only port number and verbosity level

“ Diag sniffer packet port2 none 4 “

Press enter and you can see the different ARP requests “who has that IP address”.

The IP address that is requested is the gateway address.

Now let’s look at some other commands.

The first command that you can use is the:

“get system arp”

Here you can see, IP addresses, MAC addresses, and associated interfaces.

The second command will show the ARP table cache

“diag ip arp list”

As stated in the Fortinet documentary, The default ARP timeout value is 5 minutes (300 seconds) and can vary depending on the state of the ARP entry and the objects that are using. using the command, We can see the ARP cache, the different states ( ARP was received, The device is not supporting ARP…).

Our third command is

We start with “config system global” following that, we will use the set up maximum entry where we can enter an integer with the number of entries.

Moving On, There are times where you need to delete the whole ARP table.

We will use the “execute clear system arp table”

So let’s just look at the system ARP table. And Yep, we only have one ARP table, which its age in minutes is zero. So it was just received now.

The last command that we will look at is the “config system arp table”

Now we can add up specific IP addresses and bind a specific MAC address according to our needs. As the interface to port two.the IP, the MAC address and associate them together.

Learn more about how to administrate your Fortigate Firewall in my book “ Fortigate firewall admin pocket guide “ https://amzn.to/37Zobbn

--

--

--

A new tech publication by Start it up (https://medium.com/swlh).

Recommended from Medium

RDD(Resilient Distributed Dataset)

NODES 2021 Is Coming, and We Need You!

Get more kids into programming

CS373 Spring 2022: Catherine Fang: Final Entry

Server-Side Request Forgery (SSRF) — Part 3: Other advanced techniques

How to run EKS job with AWS state machine

Webinar #8: Scrum Master Anti-Patterns [Video]

Introduction to Simulation with SimPy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ofer shmueli

ofer shmueli

YouTube.com/fortitip

More from Medium

Extracting Hancitor’s Configuration with Ghidra part 1

Generating a self-signed certificate for smart card logon using a FIDO2 security key

octoDNS, GitHub Actions, Cloudflare & Digital Ocean — Redundant, Multi-cloud DNS hosting for free

Set up Dynamic DNS for Dynamic IP Addresses at Home (FREE) + WireGuard Configuration