December 19th, 2004, 05:04 PM
IP Addresses, MAC Addresses, and ARP
----IP Addresses, MAC Addresses, and ARP----
By Niels | firstname.lastname@example.org | www.binaryuniverse.no-ip.com
This tutorial may be redistributed and hosted on other servers as long as full credit is given to me, Niels, and it is left completely intact.
This tutorial covers IP addresses, MAC addresses, and ARP. You will learn more about each of these in their respective sections of this paper, but before you assume that IP addresses, MAC addresses, and ARP have nothing to do with each other, a brief introduction is necessary. IP addresses are addresses assigned to hosts over the internet, MAC addresses are addresses that are used to identify hardware over a network, and ARP is a protocol that converts IP addresses to MAC addresses, so you can now see that all three subjects addressed in this paper do relate to each other. As always, feedback is appreciated, so feel free to contact me via email, or any other way for that matter. Now, let us begin.
IP addresses are addresses to identify host uniquely over the internet. Think about it, if you are communicating with a web server, or any other kind of computer via a network or the internet, that machine needs to know how to reply to you, just as if you are writing a letter to a person, that person needs an address to send a reply to. IP addresses in IPv4, which is currently the most version of Internet Protocol, consist of 32-bit numbers, such as:
11010011 01110100 11101001 00101110
However, this form of writing IP addresses is hardly easily read. To make IP addresses more readable by humans, they are usually written in what is referred to as dotted decimal notation. To translate this to dotted decimal notation, each octet (byte/8 bits) is converted to a decimal number and each octet is seperated by a dot, hence the name dotted decimal notation. Thus, the previous example is the following in dotted decimal notation:
IP addresses are divided into 5 classes, Class A, Class B, Class C, Class D, and Class E. Classes D and E are reserved for special use, while classes A, B, and C are used by the public, so to speak. Class A addresses always begin with a 0 when in binary form, and can start with any octet from 1 to 126. In a class A address, the first octet represents which network the IP belongs to, while the last three octets are used to represent the host on the network. This leaves a possibility for a large number of different hosts, and thus class A addresses are reserved for large organizations.
Class B addresses will always begin with 10 in binary notation, meaning the first octet in dotted decimal notation will be a number from 128 to 191. In class A addresses, we saw that the first octet identified the network, and the last three the host. In class B addresses, the frist two octets identify the network of the IP, and the last two identify the host. If you're wondering what happenned to an IP starting with 127.x.x.x, the answer is that it is reserved for local loopback, meaning that 127.x.x.x is always the machine you are on, so if you ping 127.0.0.1, you are actually pinging your own computer.
Class C addresses always begin with 110 in binary form, which also means that the first octet as a decimal will be a number in the range from 192 to 223. We saw earlier that the first octet of class A networks represents the network, the first two octets for class B, and to stick with the pattern, the first three octets of a class C represent the network portion of the address, and the last octet represents the host portion of the address. You'll notice that this leaves room for many class C networks, but not so many hosts per network, wheras class A is exactly the opposite.
Now that we've discussed the basics of IP addresses, we can move on to level two: MAC addresses. A MAC (Media Access Control) address is a unique 12-bit hex number used to identify a network adapter, and are used for identifying hosts on a LAN (Local Area Network). They are displayed in the following form:
The first half, in this case AA:AA:AA is used to identify the manufacturer of the networking hardware, and the second half, in this case BB:BB:BB is used to identify the serial number of the network adapter. If everyone left their networking hardware as it was, no two adapters would have the same MAC address, but many users, for many different reasons, will spoof a different MAC address, or even outright change it on occasion.
As you've seen, IP addresses are used to identify a host via the internet, and MAC addresses to identify a host via a network. However, something's missing. Suppose you are communicating with a web server. You send the data to the server via a gateway, and the server sends the data back to the gateway, which routes it back to you. However, the server sends the data with the IP address of the intended recipient, and hosts are identified over a network via MAC address, thus the IP needs to be associated with the appropriate MAC address. To do this, IP addresses and their corresponding MAC addresses are stored in the ARP cache. The gateway receives the message from the server to be routed, and looks for the destination IP in the ARP cache. If the IP is found in the ARP cache, the message is then routed to the appropriate MAC address. If the IP address is not in the ARP cache, then the gateway broadcasts an ARP request for the IP address it is routing the message to. The machine with the appropriate IP responds, and the gateway sends the message to that host and adds the IP address and MAC address to it's ARP cache for later use.
And that, ladies and gentlemen, is how ARP ties MAC addresses and IP addresses together. I hope you learned something from this, or at least found it mildly entertaining. El fin.