arvb.net

Address Resolution Protocol

3 min read

ARP Address Resolution Protocol is sued to map the IP address to MAC address (as opposed to DNS which maintains a mapping of FQDNs to IP). This is particularly useful because MAC addresses do not have a logical ordering, and cannot be automatically derived at any layer.

Important

ARP maps the destination IP address to the destination MAC adress.

ARP process for local traffic

When on the same subnet, the sender may not know the destination MAC, and thus cannot fully encapsulate a message on all OSI model layers. Thus, it will begin by broadcasting an ARP request along with the destination IP address. This will arrive at all hosts in the subnet; the host with the matching IP address will respond (with unicast, since the destination MAC is known).

Once the cycle completes, the original sender can fully encapsulate its data and send it as required.

Note

The broadcast MAC address is FFFF.FFFF.FFFF

ARP for Routed Traffic

If the sender and receiver are on different IP subnets, all traffic must be forwarded by a router. Consider, for example, having 17 2.23.4.1/24 sending a packet to 192.168.10.1/24.

Info

Recall that broadcast traffic is forwarded by switches, but not by routers.

A sender device is aware that a broadcast will not function if the destination is on a different subnet - this is done by simply comparing its own IP address and mask with the destination IP address. Knowing that it still needs the MAC address but that it cannot broadcast the ARP request, the sender will unicast an ARP request to the default gateway.

Note

Even for a unicast ARP request to the default gateway, the destination MAC must be F.F.F because the sender still doesn’t know the destination MAC.

The gateway will reply with its own MAC address so that the sender can send the package with a destination MAC address of the router:

IP Packet
Src IP: 172.23.4.1
Dst IP: 192.168.10.1
Src MAC: Own MAC
Dst MAC: _Gateway_ MAC

With this information, the way knows that the destination is on the 192.168.10.0 network, and thus begins the ARP process for local traffic process.

Important

Throughout the process the source and destination IP address do not change - that part of the packet is never touched. However, the destination and source MAC addresses will change between physical/network hops, since this occurs at Layer 2.

Host ARP Commands

Windows

arp -a # View ARP cache
netsh interface ip delete arpchache # Clear ARP cache

Linux

arp -n # view ARP cache
ip -s -s neigh flush all # clear ARP cache

Graph View

Backlinks