Address Resolution Protocol
Hi there ๐
๐ฑ Back to basic on Networking, Protocols, and Security
๐ Hobbies include, Hiking, Sketching, and CTFs
About me
I'm Saket Mahar a web developer, solution architect, blogger, and security enthusiast.
I come from a mixed background being a front-end developer, Network Engineer ( CCNA ) and AWS architect ( AWS ).
I currently live in Gujarat, India and my roots are in Uttrakhand, India.
I write about security incidents, networking, and new tech arising in the market.
1. What is ARP ?? ๐ค
The Address Resolution Protocol (ARP) is a communication protocol for discovering layer 2 addresses, for example, MAC addresses.
ARP was defined by RFC 826 in 1982. ( RFC refers to Request for Comments as a set of rules on how a protocol or functionality should work and operate most prominently set by the IETF i.e Internet Engineering Task Force )
Devices use ARP to learn another device's MAC addresses ( Layer 2 ). An IP address ( Layer 3 ) is used to locate a device on a network whereas a MAC address identifies the actual device.
ARP table shows the respective mac addresses of the devices assigned against the IP addresses.
ARP consists of 2 messages:-
ARP Request - It is a broadcast message sent to all hosts on the network. ARP Request consists of source IP, destination IP, src mac address, and destination mac address. If the destination mac address is unknown a broadcast mac address is used instead i.e FFFF.FFFF.FFFF
ARP Reply - It is a unicast message sent only to one host ( uni-directional messages ).
2. Understanding ARP
Step 1: let's assume all the Mac Addresses (table with a list of known mac addresses) table is empty.
Step 2: Host A sends an ARP request.
Step 3: The switch checks if the requested mac address is in the mac address table.
Step 4: If the mac address exists a unicast is sent directly to the destination address else a broadcast request is sent just like in the above image.
Step 5: The matching mac address ( Here Host B ) sends an ARP Reply message confirming its existence other packets whose destination mac address doesn't match are dropped.
3. Viewing ARP table
We can use the "arp -a" command to view the list of known mac addresses in windows, mac, and Linux.
4. Dynamic vs Static ARP entries
Dynamic type entries are those entries that are automatically learned and are kept on a device for a while time whereas static type is those entries where the mac address is manually added to the cache table for a device and are retained in the cache permanently.
