ARP in brief

ARP in brief

Address Resolution Protocol (ARP) is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks. When IP a package reaches the subnet of the destination, it has to be delivered to the destination host via Ethernet (Mac) address instead of using IP. The ARP protocol provided the translation from IP address to hardware address.

ARP package  format.

 

Detailed field explanation:

Hardware type (HTYPE): This field specifies the network protocol type. Example: Ethernet is 1.

Protocol type (PTYPE): This field specifies the internetwork protocol for which the ARP request is intended. For IPv4, this has the value 0x0800.

Hardware length (HLEN): Length (in octets) of a hardware address. Ethernet addresses size is 6.

Protocol length (PLEN): Length (in octets) of addresses used in the upper layer protocol. address size is 4.

Operation : Specifies the operation that the sender is performing: 1 for request, 2 for reply. The request and response for ARP is the same package format except this OP field.

Sender hardware address (SHA): media address of the sender.

Sender protocol address (SPA): internetwork address of the sender.

Target hardware address (THA): media address of the intended receiver. This field is ignored in requests.

Target protocol address (TPA): internetwork address of the intended receiver.

Procedure in brief.

When the sender host wants to know what is the mac address of a IP address. It will send an ARP request via broadcast. All the hosts in that broadcast will receive the request, but only the target host will send the response to the requestor directly, thus the sender will know the target IP/Mac mapping correctly.

#the procedure how the sender got the ARP entry

#the procedure how the requestor got the ARP entry.

To summer up, the basic ARP protocol is very simple and straightforward.

Some other concerns about ARP.

Imcompleted ARP.

When the host is not on the subnet (either not configured or not started), the sender will get an imcompleted ARP record as below.

ARP cache.

The arp entry will be cached in the OS (router, hosts) for further usage. Also it helps to reduce the broadcast traffic on the LAN. It depends on how the OS implemented the cache. By default,  the entry will be cached for half an hour and the imcomplete ARP will be cached for 3 mims.

ARP proxy.

When the target host is in a different network than the sender host, the router in between the subnets will work as a proxy, that is it will send the requestor his MAC address , acting as the target host. So the sender will think it as the destination.  When the sender sends the packages to the router , the router should forward it to the host over the other network.

ARP command.

arp command is very helpful.

//show all arp entries

#arp -a

//add arp static entries

#arp –I [interface]  -s [ip] [mac]

//remove arp static entries

#arp –d [IP]

//arping commands

arping command is to issue the arp requests to a IP address.

arping [options] IP