What is ARP? Address Resolution Protocol refers to a method to search for the corresponding hardware Address of a host when the network layer Address (IP) is known. This protocol is specified in RFC826. The ARP protocol has been implemented on various networks. It is not only a protocol dedicated to IP or LAN, but can map different types of network layer protocol addresses to actual physical addresses. However, in the current network environment, ARP is mainly used to resolve the mapping between IP addresses and Mac addresses. ARP is also used in token networks, FDDI, IEEE 802.11, and ATM. In the next generation IPV6 Internet, ARP will mainly provide the Neighbour Discovery Protocol (NDP) function. Fedora runs several common ARP commands. Arp Arp cache of the operating system. Arp -s hostname hw_ADR Can specify static IP: MAC mapping to avoid arp attacks. Arping Arping is an application program used to discover network information. It’s similar to the ping command, but tests communication at a more basic level. Usage Arping {IP} You can also specify The Times of sending requests. The specific usage can be man arping arptables arptables are mapping tables used to set and manage ARP filtering rules in the Linux kernel. Multiple ARpTables may be defined in a user system to prevent ARP spoofing. A table contains several columns of rules and user rules. You can use Arptables to prevent Arp requests from getting your Mac address, so that attackers will assume that your server does not exist and thus avoid Arp attacks. Arpwatch arpwatch is open source software for monitoring ARP activity in computer networks. It generates a time-stamped IP-MAC pair when it runs, and the reason it monitors ARP activity is to prevent ARP spoofing. The software was developed at Lawrence Berkeley National Laboratory. ARP spoofing ARP spoofing, also known as ARP Posioning, is used to attack wired or wireless networks. ARP spoofing allows an attacker to detect data frames in the network, modify data traffic, or stop data traffic. This attack method can be used only on the network that uses ARP for IP-MAC mapping. ARP attacks send disguised ARP messages to the LAN to link the attacker’s Mac address to the IP address of another node on the network (such as the default gateway). In this way, all messages sent to this address are mistakenly delivered to the attacker’s Mac address, and the attacker can look at these messages and decide what to do with them. He can send the data to the original address without modification, send the modified information to the original address, and import all traffic to another IP address, thus launching a DOS attack. ARP spoofing tools Arpspoof, Arppoison, Cain and Abel, and Ettercap can all be used to launch ARP attacks. Libnet is required to install ArPOISON. If you install Arpoison on Fedora, you need to use /usr/lib/libnet.so to compile arpoison. Usage: -i -d

-s

-t

-r

[-a] [-w time between packets] [-n number to send] Supplementary information: The operation method of changing the Mac address is to disable the NETWORK adapter first and ifconfig eth0 down. Otherwise, the system will report that the system is busy and cannot be changed. Ifconfig etho hw ether new MAC address Ifconfig eth0 up; If you want to permanently change the Mac address, you can also write the above command in the/etc/rc. D/rc. Local, so every time after the restart will execute the script References 1, ARP en.wikipedia.org/wiki/Addres… 2, 3, Arptables RFC826 http://tools.ietf.org/html/rfc826 en.wikipedia.org/wiki/Arptab… 4, Arpwatch http://en.wikipedia.org/wiki/Arpwatch 5, to prevent and attack the ARP home.phpchina.com/space.php?u…