Table of Contents
What is ARP(Address Resolution Protocol)?
ARP (Address Resolution Protocol) is the protocol for associating an IP address with a MAC address. The mapping of IP addresses to MAC addresses is called address resolution, hence the name of the protocol, ARP.
ARP is an important protocol that is essential when forwarding IP packets over Ethernet.
Why is a MAC address also required?
In TCP/IP communication, the destination is specified by IP address, but why is a MAC address also required?
This is because IP alone cannot deliver data to its final destination; IP does not have the ability to convert “0” and “1” bits into physical signals that can be conveyed. Therefore, IP packets must be encapsulated in a network interface layer protocol, such as Ethernet or Wi-Fi, and converted into physical signals and sent out. When using Ethernet as the network interface layer protocol, an Ethernet header must be added to IP packets to send them out of the Ethernet interface.
The IP header requires an IP address. And the Ethernet header needs a MAC address. The source IP address and source MAC address are known because they belong to the device sending the packet. And since an IP address is always specified in TCP/IP communication, the destination IP address should be the one specified.Now the destination MAC address is needed. ARP is available to find the MAC address corresponding to the destination IP address.
Although not explicitly represented in the figure, the digital data of “0” and “1” are converted to physical signals when sent out from the Ethernet interface.
How the ARP works
ARP address resolution targets IP addresses within the same network.When a device such as a PC connected via the Ethernet interface specifies a destination IP address to send IP packets, ARP processing is automatically performed. Although users do not need to be particularly aware of how ARP works, the fact that ARP is used for address resolution is very important for understanding how networks work.
The flow of ARP operation is as follows.
- Broadcast ARP request
- Query the MAC address corresponding to an IP address with ARP request
- Return ARP reply
- The host with the queried IP address gives its MAC address with the ARP reply
- Update ARP cache
- Stores correspondence between address resolved IP addresses and MAC addresses in the ARP cache
Note that ARP requests and ARP replies are encapsulated directly with an Ethernet header, with no IP header appended.
1.Query with ARP Request
When an IP packet is sent out of the Ethernet interface with an IP address, an ARP request is sent first. The content of an ARP request is “Please tell me the MAC address of this IP address.
ARP request is sent by broadcast so that all hosts on the same network will receive it; ARP address resolution is only available within the same network because it uses broadcasts. Broadcasts are not forwarded to different networks.
Note that ARP request is broadcast, so all hosts on the same network will receive the ARP request, but hosts other than the IP address to be queried will discard the ARP request even if they receive it.
2.Tell MAC address with ARP reply
The host with the IP address to be queried returns an ARP reply. The content of the ARP reply is the queried MAC address; the ARP reply allows the original host to recognize the MAC address for the desired IP address.
3.Update ARP Cache
It is not efficient to perform ARP address resolution every time an IP packet is sent. Besides, the correspondence between IP addresses and MAC addresses does not change that often. Therefore, once the IP address is resolved, the MAC address correspondence is stored in the ARP cache for a certain period of time. Note that the ARP cache is updated by both the querying host and the queried host.
If the IP address and MAC address correspondence exists in the ARP cache, the procedure of name resolution with ARP request and reply can be skipped.Information in the ARP cache is deleted over time; the ARP cache is also called the ARP table.
Example of ARP address resolution
The following figure shows an example of ARP address resolution, illustrating how the MAC address of PC3 is resolved when sending data from PC1 to PC3 (IP address 192.168.1.3) on the same network.
Once the MAC address of PC3 has been resolved, data destined for PC3 can be sent out of the Ethernet interface by specifying the destination MAC address in the Ethernet header.
When transferring data to different networks
ARP address resolution is only for IP addresses on the same network. So how do we find the MAC address when transferring data to different networks?
When sending data to an IP address of a different network, it is first forwarded to the default gateway.The default gateway is a router on the same network. It is an entry point to other networks. Multiple networks are interconnected by routers. That is, different networks are beyond routers on the same network.When sending data to different networks, send an ARP request with the IP address of the default gateway as the IP address to be queried in the ARP. The default gateway router will return an ARP reply and the source host will know the MAC address of the default gateway.
Once the MAC address for the IP address of the default gateway is resolved, the data is encapsulated in an Ethernet header and sent. The destination MAC address in the Ethernet header is that of the default gateway. But the destination IP address is that of the host to which the data will eventually be delivered.
The default gateway then receives the data and performs routing based on the destination IP address.
ARP cache management (Windows)
The Windows OS allows you to manage the ARP cache from the command prompt; this section explains how to view the contents of the ARP cache, register IP address to MAC address correspondence in the static, and delete ARP cache information.
Display ARP cache
From the command prompt, use the arp -a command to display the contents of the ARP cache. If there are multiple network interfaces, the ARP cache is displayed for each network interface.
C:\Users\gene>arp -a Interface: 192.168.72.1 --- 0x2 Internet Address Physical Address Type 192.168.72.255 ff-ff-ff-ff-ff-ff static 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static Interface: 192.168.124.1 --- 0x7 Internet Address Physical Address Type 192.168.124.255 ff-ff-ff-ff-ff-ff static 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static Interface: 192.168.1.215 --- 0xb Internet Address Physical Address Type 192.168.1.1 28-bd-89-d3-42-1c dynamic 192.168.1.27 60-57-18-62-53-9a dynamic 192.168.1.33 f0-72-ea-15-1d-d0 dynamic 192.168.1.34 48-d6-d5-71-11-7b dynamic 192.168.1.100 00-1f-33-eb-02-29 dynamic 192.168.1.160 00-25-dc-58-6a-71 dynamic 192.168.1.166 54-53-ed-78-ef-7a dynamic 192.168.1.168 0c-fe-45-f2-b3-10 dynamic 192.168.1.169 f4-f5-e8-4d-f8-92 dynamic 192.168.1.170 14-c1-4e-74-d4-85 dynamic 192.168.1.202 f8-0d-60-2e-0c-50 dynamic 192.168.1.233 04-5d-4b-b6-09-5e dynamic 192.168.1.234 54-53-ed-66-7b-32 dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static
Static registration of ARP cache
The arp -s command allows you to statically register IP and MAC address information in the ARP cache. the format of the arp -s command is as follows: arp -s command is executed with administrative privileges.
Static registration of ARP cache
C:\>arp -s <ip-address> <mac-address>
<ip-address> : IP address
<mac-address> : MAC address
The following is an example of registering the MAC address “00-00-00-01-02-03” with the IP address “192.168.1.200”.
C:\Windows\System32>arp -s 192.168.1.200 00-00-00-01-02-03 C:\Windows\System32>arp -a -- omitted -- Interface: 192.168.1.215 --- 0xb Internet Address Physical Address Type 192.168.1.1 28-bd-89-d3-42-1c dynamic 192.168.1.27 60-57-18-62-53-9a dynamic 192.168.1.33 f0-72-ea-15-1d-d0 dynamic 192.168.1.34 48-d6-d5-71-11-7b dynamic 192.168.1.100 00-1f-33-eb-02-29 dynamic 192.168.1.160 00-25-dc-58-6a-71 dynamic 192.168.1.166 54-53-ed-78-ef-7a dynamic 192.168.1.168 0c-fe-45-f2-b3-10 dynamic 192.168.1.169 f4-f5-e8-4d-f8-92 dynamic 192.168.1.170 14-c1-4e-74-d4-85 dynamic 192.168.1.200 00-00-00-01-02-03 static 192.168.1.202 f8-0d-60-2e-0c-50 dynamic 192.168.1.233 04-5d-4b-b6-09-5e dynamic 192.168.1.234 54-53-ed-66-7b-32 dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static
Deletion of ARP cache
You can delete IP and MAC address entries in the ARP cache with the arp -d command. the format of the arp -d command is as follows: arp -d command is executed with administrative privileges.
Deletion of ARP cache
C:\>arp -d <ip-address>
<ip-address> : IP address of the ARP cache to be deleted. If the wildcard “*” is specified, all
The following is an example of deleting the ARP cache entry for IP address “192.168.1.200”.
C:\Windows\System32>arp -a -- omitted -- Interface: 192.168.1.215 --- 0xb Internet Address Physical Address Type 192.168.1.1 28-bd-89-d3-42-1c dynamic 192.168.1.27 60-57-18-62-53-9a dynamic 192.168.1.33 f0-72-ea-15-1d-d0 dynamic 192.168.1.34 48-d6-d5-71-11-7b dynamic 192.168.1.100 00-1f-33-eb-02-29 dynamic 192.168.1.160 00-25-dc-58-6a-71 dynamic 192.168.1.166 54-53-ed-78-ef-7a dynamic 192.168.1.168 0c-fe-45-f2-b3-10 dynamic 192.168.1.169 f4-f5-e8-4d-f8-92 dynamic 192.168.1.170 14-c1-4e-74-d4-85 dynamic 192.168.1.200 00-00-00-01-02-03 static 192.168.1.202 f8-0d-60-2e-0c-50 dynamic 192.168.1.233 04-5d-4b-b6-09-5e dynamic 192.168.1.234 54-53-ed-66-7b-32 dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static C:\Windows\System32>arp -d 192.168.1.200 C:\Windows\System32>arp -a -- omitted -- Interface: 192.168.1.215 --- 0xb Internet Address Physical Address Type 192.168.1.1 28-bd-89-d3-42-1c dynamic 192.168.1.27 60-57-18-62-53-9a dynamic 192.168.1.33 f0-72-ea-15-1d-d0 dynamic 192.168.1.34 48-d6-d5-71-11-7b dynamic 192.168.1.100 00-1f-33-eb-02-29 dynamic 192.168.1.160 00-25-dc-58-6a-71 dynamic 192.168.1.166 54-53-ed-78-ef-7a dynamic 192.168.1.168 0c-fe-45-f2-b3-10 dynamic 192.168.1.169 f4-f5-e8-4d-f8-92 dynamic 192.168.1.170 14-c1-4e-74-d4-85 dynamic 192.168.1.202 f8-0d-60-2e-0c-50 dynamic 192.168.1.233 04-5d-4b-b6-09-5e dynamic 192.168.1.234 54-53-ed-66-7b-32 dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static
What is the MAC address of the ARP frame?
ARP is used to obtain the destination MAC address when encapsulating IP packets with Ethernet. Then, what about the “destination MAC address of the ARP frame?” The MAC address of the ARP frame, i.e., ARP request and ARP reply, is specified as follows.
ARP Request
Dst MAC address : FF-FF-FF-FF-FF-FF(Broadcast)
Src MAC address : MAC address of the interface sending the ARP request
ARP Reply
Dst MAC address : ARP Request Source MAC Address
Src MAC address : MAC address of the interface sending ARP reply
There is no need to find the destination MAC address of an ARP request. The destination MAC address of the ARP request should be the broadcast MAC address “FF-FF-FF-FF-FF-FF-FF-FF”. The source MAC address is then the MAC address of the interface sending the ARP request.
An ARP reply is a response to an ARP request. Therefore, the destination MAC address of the ARP reply can simply be the source MAC address of the ARP request. The source MAC address is the MAC address of the interface sending the ARP reply.
TCP/IP
- IP(Internet Protocol) : The Most Important Data Transfer Protocol
- Ping “Will the data be transfered properly?”
- Ping command on Windows OS
- Traceroute : Which router does the data go through?
- ICMP Redirect
- Where’s the Trouble? Ping and Traceroute
- ARP(Address Resolution Protocol)
- ARP Format
- Gratuitous ARP(GARP)
- nslookup command : Verifying DNS name resolution
- DHCP : Automatically Assign IP Address
- Cisco IOS DHCP Server Configuration and Verification Commands
- Cisco Router DHCP Server Configuration Example
- DHCP Relay Agent
- DHCP Relay Agent Configuration Example [Cisco]
- Summary of DHCP Server Placement
- TCP/IP Configuration Summary
- ipconfig command : To verify TCP/IP configurations on Windows OS
- Commands to Verify TCP/IP Configuration On Linux (Ubuntu)
- Web Proxy Server
- FTP : Representative File Transfer Protocol
- TFTP(Trivial File Transfer Protocol)
- TFTP Client on Windows10/11