ARPNetSteg: Network Steganography using Address Resolution Protocol

Punam Bedi, Arti Dua


Steganography is a technique that allows hidden transfer of data using some media such as Image, Audio, Video, Network Protocol or a Document, without its existence getting noticed. Over the past few years, a lot of research has been done in the field of Image, Video and Audio Steganography but very little work has been done in Network Steganography. A Network Steganography technique hides data in a Network Data Unit, i.e., a Network Protocol Packet. In this paper we present an algorithm ARPNetSteg that implements Network Steganography using the Address resolution protocol. Our technique is a robust technique that can transfer 44 bits of covert data per ARP reply packet.

Full Text:



W. Richard Stevens. TCP/IP illustrated (vol. 1): the protocols. Addison-Wesley Longman Publishing Co., Inc., USA. 1993.

Trithemius, Johannes, and Wolfgang Ernst Heidel. Steganographia. 1721.

I. Cox, Miller, M., Bloom, J. Fridrich and T. Kalker. “Digital Watermarking and Steganography”, 2nd ed. Elsevier, Morgan Kaufmann Publishers, 2008.

K. Szczypiorski, “Steganography in TCP/IP networks”, in State of the Art and a Proposal of a New System–HICCUPS, Institute of Telecommunications' seminar, Warsaw University of Technology, Poland, 2003.

G. Fisk, M. Fisk, C. Papadopoulos and J. Neil, “Eliminating Steganography in Internet Traffic with Active Wardens,” in Proc. 5th International Workshop on Information Hiding, Oct. 2002.

D. Plummer, "An Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware", STD 37, RFC 826, Nov. 1982, DOI 10.17487/RFC0826.

ARP, Address Resolution Protocol, “Network Socery Website,” 2015

TCP/IP Guide Website, 2020

T. G. Handel and M. T. Sandford, “Hiding data in the OSI network model.” in Proc. International Workshop on Information Hiding, Berlin, Heidelberg, 1996, pp. 23-38.

A. Mileva, and P. Boris, "Covert channels in TCP/IP protocol stack-extended version." Open Computer Science vol. 4, pp 45-66, 2014.

C. Rowland, "Covert channels in the TCP/IP protocol suite, first Monday." Peer Reviewed Journal on the Internet vol. 2, no. 5, 1997.

K. Ahsan, and D Kundur, “Practical data hiding in TCP/IP” in Proc. Workshop on Multimedia Security at ACM Multimedia, 2002.

Bellovin, M. Steven, "Security problems in the TCP/IP protocol suite." ACM SIGCOMM Computer Communication Review, vol. 19, no. 2, pp 32-48, 1989.

K. Szczypiorski, M. Drzymała, and M. Ł. Urbański. "Network Steganography in the DNS Protocol." International Journal of Electronics and Telecommunications, vol. 62, no. 4, pp. 343-346, 2016.

Z. Trabelsi and I. Jawhar, "Covert file transfer protocol based on the IP record route option." Journal of Information Assurance and Security vol. 5 no. 1, pp. 64-73, 2010.

P. Bedi, A. Dua, “Network Steganography using the Overflow Field of Timestamp Option in an IPv4 Packet”. Presented at Third International Conference on Computing and Network Communications (CoCoNet’19), Trivendrum, Dec. 18-21, 2019.

L.Ji, Y.Fan, C.Ma, “Covert channel for local area network,” in Proc. IEEE International Conference on Wireless Communications, Networking and Information Security, WCNIS 2010, Beijing, China, 2010, pp. 316–319.

B. Jankowski, W. Mazurczyk, K. Szczypiorski, “PadSteg: Introducing Inter-Protocol Steganography,” Telecommunication Systems, Vol. 52, 2013, pp. 1101–1111.

S. Tobias, S. Wendzel, A. Mileva, and W. Mazurczyk, "Introducing dead drops to network steganography using ARP-caches and SNMP-walks," in Proc. 14th International Conference on Availability, Reliability and Security, 2019, pp. 1-10.

Scapy Website, 2020. latest/introduction.html

Wireshark website, 2020,


  • There are currently no refbacks.

International Journal of Electronics and Telecommunications
is a periodical of Electronics and Telecommunications Committee
of Polish Academy of Sciences

eISSN: 2300-1933