Skip to main content

A-Z Protocols: A is for Access

This series is especially for those studying for certifications, IT beginners, or anyone curious about how networking actually works.

Welcome to the A–Z Protocols Series

Whether related to legacy systems or cutting-edge technology, these posts will discuss some of the most pivotal protocols, ports, and acronyms used in the IT field. There's no better place to begin than at the start: the letter A. The acronyms chosen in this and future blog posts were generated from ChatGPT and certification guides, but I would love to include your input in what to discuss.

A is for Access

The following protocols discussed have some relation to how we access our networks, information, and other resources that keep us online.

Address Resolution Protocol (ARP) - The Network Phonebook

Imagine you are at a party, and you meet someone new. Let's say their name is Ben. You exchange numbers and you both make sure to save each other's contact info. Ben gives you his number: +1 (456)-111-9999. You store his name with his number. Or at least you thought you did.

The number didn't save. You ask your friends, "Do any of you know a Ben here? And do you have his number?" One of your friends gives it to you. This time, you make sure it is properly saved to your contact lists.

That's how ARP works. ARP links MAC addresses - the phone numbers - to an IP address - the name. This protocol is often seen at Layer 2.5, operating between the data link and network layer. Devices store these MAC-IP bindings in ARP tables.

ARP is important because devices need to communicate with IP and MAC addresses. At the party, there may be several Bens - Ben A., Ben B., Ben C., but you really need Ben E. Imagine how that will go!

That is why we need ARP. Our devices do not solely rely on IP addresses. IP addresses can change, unless it is a reserved one. MAC addresses are assigned to physical devices and less likely to change.

Common ARP Issues

ARP Spoofing

Let's say someone at the party hears your request for Ben's number. They give you their number, pretending it is Ben's. You save it in your phone and give them a call. You find that you have been pranked.

Similarly, ARP spoofing is an ARP attack where a device pretends to be another device by sending fake ARP messages, claiming another device's IP address and linking that to the fake device's MAC address. As a result, the attacker can intercept messages and block communication.

Symptoms of Attack:
  • No/slow network connection
  • Duplicate IP address warnings
  • No access to resources or websites
How to Fix It:
  • Use commands like arp -a to see ARP table, showing IP-MAC address bindings to identify any duplicates or abnormalities
  • Use packet analyzers such as Wireshark to track ARP traffic
  • Use static ARP entries, where each device is filled with ARP entries (preferable for smaller networks, not good in scale)
ARP Table

ARP table

Outdated ARP Entries

At the party, your friend gives you Ben E.'s number, however, you realize the number is out of service, and now you can't reach him.

Similarly, ARP tables are not kept forever. Many are configured to have an expiration time, usually a few minutes or several hours depending on the vendor or configuration. If a device has outdated ARP entries, your device might send data to the wrong recipient.

Symptoms:
  • Delayed responses
  • Error messages "Destination host unavailable"
  • No LAN connection to devices
How to Fix It:
  • Clear and update the ARP cache
  • Renew DHCP lease to get new IP addresses
  • Manually enter ARP entries
ARP Broadcast Storm

At the party, you yell, "Anybody got Ben's number?" It gets abnormally quiet, then everyone starts to share a number from a Ben they know. You don't know which is real. You are overwhelmed with the overflow of numbers.

That is similar to an ARP broadcast storm. When several devices send an ARP request, it takes up resources on the network trying to find MAC addresses and sending replies. Enough of this type of traffic can lead to network congestion.

Symptoms:
  • High resource usage (CPU, network)
  • Network slows down
  • Series of ARP requests shown in packet captures
ARP Broadcast Storm

A Wireshark packet capture reveals an ARP broadcast storm. Several devices send an ARP request searching for a device that has 10.1.10.215.

How to Fix It:
  • Check for spanning tree loops and establish loop controls
  • Check how often ARP entries are cleared
  • Shrink broadcast domains

Automatic Private IP Addressing (APIPA)

How many times have you felt like you were somewhere, but not really there? Maybe you're in a room full of people with so many conversations going on simultaneously. However, no one is talking to you, and you cannot talk to anyone either. Not fun right? Well, our devices have been there, and when they go there, we are not happy.

If your device has an APIPA address, it means it is on your network but it's not able to access a DHCP server to receive an IP address - or at least one that routes us to a local resource or the Internet. To fill in that gap, it automatically assigns itself a non-routable, private IP address, between the range of 169.254.0.0 to 169.254.255.255 (169.254.0.0/16). If your device receives an APIPA address, you will not be able to reach the Internet.

How to Fix It:

  • With command prompt open, type ipconfig /release and then ipconfig /renew
  • Ensure DHCP is enabled
  • Reset DHCP
  • Manually enter an IP address within the subnet

Authentication, Authorization, and Accounting (AAA)

This is not the insurance agency, but it does still "insure" by protecting your network against unauthorized users, tracking anyone who accesses the system, and providing resources to legitimate users.

Authentication confirms a user's identity matches their claim. When you use multi-factor authentication, you are using different forms to prove you are who you are, such as a password, biometrics, and a passkey.

A biometric system converts physical traits, like fingerprints, gait, and keystrokes, into digital data that can be trained into a security system to identify and authenticate legitimate users.


Authorization usually happens once authentication is validated. The identity will then have certain access to certain privileges. Your account may have access to read documents, for example.

Accounting logs any actions performed by an identity, such as login times, configuration changes, time of entries, or files accessed.

Honorable Mentions

Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES) is an encryption algorithm that depends on breaking down info into specific block sizes and encrypting the data within those blocks.

Asynchronous Transfer Mode (ATM)

Asynchronous Transfer Mode (ATM) is a legacy networking protocol commonly used in older telecommunications and circuit-switched systems.

Did I Miss Anything?

Did I miss an obvious 'A' protocol or acronym? Drop your thoughts below. The next one is B, so 'B' ready with your suggestions. 

Comments

Post a Comment

Popular posts from this blog

Subnets: Key to Network Organization

Whether it is a to-do list or a big project, organization is key. We have busy lives. The task in itself can have several parts or may require some sort of collaboration with a partner or a team. A project may call to meet deadlines, which means keeping up with those crucial dates and having a system of order. Similarly, our networks are busy, transferring a great deal of data across links and nodes. The amount of traffic generated can lead to bottlenecks, packet loss, and delays. A network’s design can vary in complexity, depending on the environment or needs of a customer. Just as we find a manageable way to handle heavy workloads, our networks have a way of efficiently handling network traffic by creating "mini-networks" within our network. This process is called subnetting.   Why We Subnet To reduce congestion. Just as traffic in cities cause slowdowns and delays, too much traffic can lead to bottlenecks, packet loss, and delays. Subnetting breaks the netwo...
Post a Comment
Read more

How to Set Up a Cisco Router as a DHCP Server (Step-by-Step Guide)

Lab time! Want to build a DHCP server?  In this lab, I will show you how to build your own DHCP server on a router using Cisco Packet Tracer, as shown above. By the end of this post, you will be able to create your own DHCP server with a Cisco 2911 router, perhaps in a home lab setting, and prepare you to build your own on other hardware.  Why a Router?  A DHCP server is a centralized, automated service that assigns important network configuration details to devices on a network, such as IP addresses. Without it, we would have to create manual entries for our entire network, which can be time-consuming and lead to errors. Traditionally, there are dedicated servers to handle these functions. There are many ways to implement a DHCP server in your topology, including a dedicated physical server, a virtual machine, cloud-based gateways, and firewalls. However, there are specific benefits to using a router as your DHCP server: Reduced infrastructur...
Post a Comment
Read more

My Trek up Mount Net

   Networking is ...          Let me hold off on that. Expect a definition later. First, let's set the scene.         This is a new platform, new field, new everything for me. You might or might not ask yourself - how?   If you are part of the "might not", I get it. I am currently a college student just trying to make sense at staring at the daunting Mount Net - one of many peaks among the IT Mountain Range that grows not centimeters every year, but centimeters every second it seems like. Yet this is a trek I know I want to take step by step.         Let me just say, my journey to networking started a few years ago. When I graduated high school, I had different interests - psychology, math, animal science, just to name a few. I had a brief stint of interest in electrical engineering that sparked from a fascination with electricity. My mother also told me that my grandfather used to be in ...
Post a Comment
Read more