ARP - Address Resolution Protocol

 ARP

network protocol that allows hosts to learn the Layer 2 address of a device it wants to communicate with by sending a query based on the Layer 3 address of the specific device.


Learn how Address Resolution Protocol (ARP) maps an IPv4 address to a MAC address.


Lab Topology

       <  192.168.1.0/24  >

+----------------------+
| Switch |
+----------------------+
| |
| |
PC1 PC2
192.168.1.10 192.168.1.20
MAC: AAAA MAC: BBBB

IP Addressing

DeviceIP AddressMAC Address
PC1192.168.1.10AA-AA-AA-AA-AA-AA
PC2192.168.1.20BB-BB-BB-BB-BB-BB

Step 1: Check the ARP Cache

On PC1 (Windows):

arp -a

Initially, you may see no entry for 192.168.1.20.

Example:

Interface: 192.168.1.10

Internet Address Physical Address Type
192.168.1.1 00-11-22-33-44-55 dynamic

Step 2: Ping PC2

ping 192.168.1.20

The first ping may take slightly longer because ARP resolution occurs first.


What Happens Internally?

1. PC1 Checks Its ARP Cache

Do I know the MAC for 192.168.1.20?

No.

2. PC1 Sends an ARP Request (Broadcast)

Who has IP 192.168.1.20? Tell 192.168.1.10  ( Wireshark display filter ARP ) 

Destination MAC:

FF:FF:FF:FF:FF:FF

This is a broadcast.


3. Switch Floods the Broadcast

The switch sends the ARP request to all ports except the one it was received on.

          Switch
/ | \
PC1 PC2 Others

ARP Request goes to everyone.

4. PC2 Replies

PC2 recognizes its IP address and responds:

192.168.1.20 is at BB-BB-BB-BB-BB-BB

This is a unicast reply back to PC1.


5. PC1 Updates Its ARP Cache

Now PC1 stores:

192.168.1.20 → BB-BB-BB-BB-BB-BB

6. Ping Succeeds

Future packets are sent directly to PC2 using its MAC address.


Step 3: Verify the ARP Cache

arp -a

Example:

Interface: 192.168.1.10

Internet Address Physical Address Type

192.168.1.20 BB-BB-BB-BB-BB-BB dynamic

Clear the ARP Cache

On Windows:

arp -d *

Now repeat the ping and observe the ARP process again.


Cisco Router Commands

View the ARP table:

show arp

or

show ip arp

Example:

Protocol  Address         Age   Hardware Addr       Type

Internet 192.168.1.10 5 aaaa.bbbb.cccc ARPA

Internet 192.168.1.20 3 dddd.eeee.ffff ARPA

Packet Flow

PC1 wants to ping PC2



Checks ARP cache



No MAC found



Broadcast ARP Request



Switch floods request



PC2 sends ARP Reply



PC1 stores MAC address



ICMP Echo Request sent



ICMP Echo Reply received


Why does a host maintain an ARP table?

A host communicates using IP addresses, but Ethernet can only send frames using MAC addresses.

Suppose PC1 wants to send data to PC2.

PC1
IP: 192.168.1.10
MAC: AA-AA-AA-AA-AA-AA

PC2
IP: 192.168.1.20
MAC: BB-BB-BB-BB-BB-BB

The application on PC1 says:

"Send this packet to 192.168.1.20."

The NIC cannot send an Ethernet frame to an IP address. It needs the destination MAC address.

So PC1 checks its ARP table:

192.168.1.20 → BB-BB-BB-BB-BB-BB

If the mapping isn't there, it sends an ARP Request and learns the MAC address.

The ARP table answers:

"What MAC address belongs to this IP address?"


Why does a switch maintain a MAC table?

The switch already receives Ethernet frames with MAC addresses.

Example frame:

Source MAC: AA-AA-AA-AA-AA-AA
Destination MAC: BB-BB-BB-BB-BB-BB

The switch doesn't care about IP addresses. It only asks:

"Which port should I use to reach MAC BB-BB-BB-BB-BB-BB?"

So it maintains a table like:

MAC AddressPort
AA-AA-AA-AA-AA-AAFa0/1
BB-BB-BB-BB-BB-BBFa0/5

The MAC table answers:

"On which switch port can I find this MAC address?"


Why can't the host use the switch's MAC table?

The switch's MAC table is:

  • Stored inside the switch.
  • Used only by the switch to forward frames.
  • Not shared with end devices.

The host must know the destination MAC before it sends the frame. It cannot ask the switch,
"What's the MAC for this IP?" because the switch does not store IP-to-MAC mappings.

Comments

Popular posts from this blog

🖧 VLAN (Virtual Local Area Network)

🌐 NAT (Network Address Translation)

🛰️ OSPF (Open Shortest Path First)