Using the Address Resolution Protocol (ARP) Networking

The Address Resolution Protocol, or ARP, is part of the Transmission Control Protocol/Internet Protocol(TCP/IP) protocol stack; it is used to translate TCP/IP addresses to MAC (media access control) addresses using broadcasts. When a machine running TCP/IP wants to know which machine on an Ethernet network uses a particular IP address, it will send an ARP broadcast that says, in effect, “Hey! Who is IP address ?” The machine that owns the specific address will respond with its own MAC address. The machine that made the inquiry then adds that information to its own ARP table.

In addition to the normal usage, the ARP designation refers to a utility in Windows that you can use to manipulate and view the local workstation’s ARP table. Using the Address Resolution Protocol(ARP)

The Windows ARP Table

The ARP table in Windows is a list of TCP/IP addresses and their associated physical (MAC)addresses. This table is cached in memory so that Windows doesn’t have to perform ARP look ups for frequently accessed TCP/IP addresses(for example, servers and default gateways). Each entry contains not only an IP address and a MAC address, but a value for Time to Live (TTL), which indicates how long each entry stays in the ARP table.

The ARP table contains two kinds of entries:

  • Dynamic
  • Static

Dynamic ARP table entries are created whenever the Windows TCP/IP stack performs an ARP lookup and the MAC address is not found in the ARP table. The ARP request is broadcast on the local segment. When the MAC address of the requested IP address is found, that information is added to the ARP table as a dynamic entry.

Static ARP table entries serve the same function as dynamic entries, but are made manually using the arp utility.

Using The arp Utility

ARP is a protocol in the TCP/IP suite. ARP is used by IP to ascertain the MAC address of a device on the same subnet as the requester. When a TCP/IP device needs to forward a packet to a device on the local subnet, it first looks in its own table, called an ARP cache (cache because the contents are periodically aged out), for an association between the known IP address of the destination device on the local subnet and the same device’s MAC address. If no association that includes the destination IP address can be located, the device sends out an ARP broadcast that includes its own MAC and IP information as well as the IP address of the target device and a blank MAC address field, which is the object of the whole operation. It is this one unknown value that the source device requests be returned in an ARP reply. Windows includes a utility called Arp, which allows viewing of the operating system’s ARP cache. To start the arp utility in Windows 2000, follow these steps:

  1. Choose Start _ Run and enter cmd to open the MS-DOS Prompt window. Or, you can choose Start _ Programs _ Accessories _ Command Prompt.
  2. At the command prompt, type arp and any switches you need, as discussed later in this section.

The arp utility is primarily useful for resolving duplicate IP addresses. For example, your workstation receives its IP address from a Dynamic Host Configuration Protocol (DHCP) server, but it accidentally receives the same address as another workstation. When you try to ping it, you get no response. Your workstation is trying to determine the MAC address, and it can’t do so because two machines are reporting that they have the same IP address. To solve this problem, you can use the arp utility to view your local ARP table and see which TCP/IP address is resolved to which MAC address. To display the entire current ARP table, use the arp command with the –a switch, like this:

arp –a

You’ll see something similar to the following:

From this output, you can tell which MAC address is assigned to which IP address. Then, for static assignments, by examining your network documentation (you do have it, don’t you?), you can tell which workstation has the IP address and if it is indeed supposed to have it. For DHCP assigned addresses, you can begin to uncover problems with multiple DHCP scopes or servers giving out identical addresses and other somewhat common configuration issues. Note that, under normal circumstances, you should not see IP addresses in the ARP table for a given interface that are not members of the same IP subnet as the interface, and each other for that matter.

In addition to displaying the ARP table, you can use the arp utility to manipulate the table. To add static entries to the ARP table, use the arp command with the –s switch. These entries stay in the ARP table until the machine is rebooted. A static entry hard-wires a specific IP address to a specific MAC address so that when a packet needs to be sent to that IP address, it is sent automatically to that MAC address. Here’s the syntax:

arp –s [IP Address] [MAC Address]

Simply replace the [IP Address] and [MAC Address] sections with the appropriate entries, like so:

arp –s 00–a0–c0–ab–c3–11

You can now take a look at your new ARP table by using the arp –a command. You should see something like this:

Finally, if you want to delete entries from the ARP table, you can either wait until the dynamic entries time out, or you can use the –d switch with the IP address of the static entry you’d like to delete, like so:

arp –d

This deletes the entry from the ARP table in memory.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status

Networking Topics