ARP - Address Resolution Protocol
ARP
network protocol that allows hosts to learn the Layer 2 address of a device it wants to communicate with by sending a query based on the Layer 3 address of the specific device.
Learn how Address Resolution Protocol (ARP) maps an IPv4 address to a MAC address.
Lab Topology
< 192.168.1.0/24 >
+----------------------+
| Switch |
+----------------------+
| |
| |
PC1 PC2
192.168.1.10 192.168.1.20
MAC: AAAA MAC: BBBB
IP Addressing
| Device | IP Address | MAC Address |
|---|---|---|
| PC1 | 192.168.1.10 | AA-AA-AA-AA-AA-AA |
| PC2 | 192.168.1.20 | BB-BB-BB-BB-BB-BB |
Step 1: Check the ARP Cache
On PC1 (Windows):
arp -a
Initially, you may see no entry for 192.168.1.20.
Example:
Interface: 192.168.1.10
Internet Address Physical Address Type
192.168.1.1 00-11-22-33-44-55 dynamic
Step 2: Ping PC2
ping 192.168.1.20
The first ping may take slightly longer because ARP resolution occurs first.
What Happens Internally?
1. PC1 Checks Its ARP Cache
Do I know the MAC for 192.168.1.20?
No.
2. PC1 Sends an ARP Request (Broadcast)
Who has IP 192.168.1.20? Tell 192.168.1.10 ( Wireshark display filter ARP )
Destination MAC:
FF:FF:FF:FF:FF:FF
This is a broadcast.
3. Switch Floods the Broadcast
The switch sends the ARP request to all ports except the one it was received on.
Switch
/ | \
PC1 PC2 Others
ARP Request goes to everyone.
4. PC2 Replies
PC2 recognizes its IP address and responds:
192.168.1.20 is at BB-BB-BB-BB-BB-BB
This is a unicast reply back to PC1.
5. PC1 Updates Its ARP Cache
Now PC1 stores:
192.168.1.20 → BB-BB-BB-BB-BB-BB
6. Ping Succeeds
Future packets are sent directly to PC2 using its MAC address.
Step 3: Verify the ARP Cache
arp -a
Example:
Interface: 192.168.1.10
Internet Address Physical Address Type
192.168.1.20 BB-BB-BB-BB-BB-BB dynamic
Clear the ARP Cache
On Windows:
arp -d *
Now repeat the ping and observe the ARP process again.
Cisco Router Commands
View the ARP table:
show arp
or
show ip arp
Example:
Protocol Address Age Hardware Addr Type
Internet 192.168.1.10 5 aaaa.bbbb.cccc ARPA
Internet 192.168.1.20 3 dddd.eeee.ffff ARPA
Packet Flow
PC1 wants to ping PC2
↓
Checks ARP cache
↓
No MAC found
↓
Broadcast ARP Request
↓
Switch floods request
↓
PC2 sends ARP Reply
↓
PC1 stores MAC address
↓
ICMP Echo Request sent
↓
ICMP Echo Reply receivedWhy does a host maintain an ARP table?
A host communicates using IP addresses, but Ethernet can only send frames using MAC addresses.
Suppose PC1 wants to send data to PC2.
PC1
IP: 192.168.1.10
MAC: AA-AA-AA-AA-AA-AA
PC2
IP: 192.168.1.20
MAC: BB-BB-BB-BB-BB-BBThe application on PC1 says:
"Send this packet to 192.168.1.20."
The NIC cannot send an Ethernet frame to an IP address. It needs the destination MAC address.
So PC1 checks its ARP table:
192.168.1.20 → BB-BB-BB-BB-BB-BBIf the mapping isn't there, it sends an ARP Request and learns the MAC address.
The ARP table answers:
"What MAC address belongs to this IP address?"
Why does a switch maintain a MAC table?
The switch already receives Ethernet frames with MAC addresses.
Example frame:
Source MAC: AA-AA-AA-AA-AA-AA
Destination MAC: BB-BB-BB-BB-BB-BBThe switch doesn't care about IP addresses. It only asks:
"Which port should I use to reach MAC BB-BB-BB-BB-BB-BB?"
So it maintains a table like:
MAC Address Port AA-AA-AA-AA-AA-AA Fa0/1 BB-BB-BB-BB-BB-BB Fa0/5 The MAC table answers:
"On which switch port can I find this MAC address?"
Why can't the host use the switch's MAC table?
The switch's MAC table is:
- Stored inside the switch.
- Used only by the switch to forward frames.
- Not shared with end devices.
The host must know the destination MAC before it sends the frame. It cannot ask the switch,
"What's the MAC for this IP?" because the switch does not store IP-to-MAC mappings.
Comments
Post a Comment