xStack® DGS-3420 Series Layer 2 Managed Stackable Gigabit Switch CLI Reference Guide
898
Appendix A
Mitigating ARP
Spoofing Attacks Using Packet
Content ACL
How Address Resolution Protocol works
Address Resolution Protocol (ARP) is the standard method for finding a host’s hardware address
(MAC address) when only its IP address is known. However, this protocol is vulnerable because
crackers can spoof the IP and MAC information in the ARP packets to attack a LAN (known as
ARP spoofing). This document is intended to introduce the ARP protocol, ARP spoofing attacks,
and the countermeasures brought by D-Link’s switches to thwart ARP spoofing attacks.
Figure 1 - ARP Request
In the process of ARP, PC A will first issue an ARP request to query PC B’s MAC address. The
network structure is shown in Figure 1.
Figure 2 - ARP Payload
The ARP request will be encapsulated into an Ethernet frame and sent out. As can be seen in
Figure 3, the “Source Address” in the Ethernet frame will be PC A’s MAC address. Since an ARP