All Collections
Frequently Asked Questions
What is Dynamic ARP Inspection?
What is Dynamic ARP Inspection?
Updated over a week ago

In order to understand dynamic ARP (address resolution protocol), one must understand how man-in-the-middle attacks happen.

If computer A wants to know the MAC address of a router, it broadcasts the question "What is your MAC address?" The question is sent to everyone on the network, but uninvolved devices discard the message. The router, on the other hand, replies with its MAC address, which computer A stores along with the router's IP address in the ARP cache for future use. Storing the info makes connection super fast.

However, a hacker's device (computer B) can trick computer A into believing that IT is the router instead. It does this by broadcasting ARP messages pretending to be the router in hopes that computer A will log its MAC address into the ARP cache as the default router. Now, when computer A tries to connect with the router, it will actually connect with computer B first. The hacker at computer B can then do all the snooping he/she wants before allowing computer A to connect to the legitimate router and on to whatever resource they wanted in the first place. This is called a man-in-the-middle attack. It is especially subversive because, as long as computer B stays quiet and just snoops, computer A is none the wiser since it can still proceed as planned.

That's where dynamic ARP inspection (DAI) comes in. DAI allows admins to intercept, log, and discard invalid ARP packets whose MAC and IP addresses don't match up. It doesn't prevent all man-in-the-middle attacks, but it can catch a lot of them.

Did this answer your question?