ARP
Address Resolution Protocol is the means by which an IP address is translated into a physical media access control address (MAC) using a broadcast request to all hosts on the network.

RFC 826 defines Address Resolution Protocol (ARP). ARP is the means by which an IP address is translated into a physical MAC address. By using ARP, a packet destined for a logical IP address may be delivered to a computer with a Network Interface Card (NIC) with a specific hardware address. All network hosts maintain their own ARP tables which is usually formatted as follows:

ARP is used to build a host table listing the network protocol, the protocol's logical address, and the physical address (MAC) of that host. All hosts in a broadcast domain will passively listen to broadcast ARP packets, and will record information heard in these broadcast packets to it's host table. A host will actively attempt to discover a particular address only when it looks for a logical address it does not have in it's host table.

A simple ARP host table might look something like this:

Red Hat

[[email protected] ~]$ /sbin/arp -an
? (192.168.1.254) at 00:18:E7:16:22:06 [ether] on eth0
? (192.168.1.100) at 00:13:D4:B9:1C:82 [ether] on eth0
? (192.168.1.253) at 00:1A:92:7C:24:C7 [ether] on eth0
? (192.168.1.1) at 00:1C:10:F5:3B:06 [ether] on eth0

MS-DOS

C:\>arp -a

Interface: 192.168.1.100 --- 0x2
Internet Address Physical Address Type
192.168.1.1 00-1c-10-f5-3b-06 dynamic
192.168.1.250 00-0c-29-4c-95-2e dynamic
192.168.1.253 00-1a-92-7c-24-c7 dynamic
192.168.1.254 00-18-e7-16-22-06 dynamic

* Note that other protocols such as IPX can show up in the ARP table.

 

ARP PACKET STRUCTURE

TRANSMISSION LAYER for 802.x protocols


                       1       2       3       3       4
        0      7       5       3       1       9       7
       +------------------------------------------------+
       |          Destination MAC Address               |
       +------------------------------------------------+
       |            Source MAC Address                  |
       +---------------+--------------------------------+
       | Protocol Type |
       +-------+-------+
ARP
PACKET                 1       2       3       3       4
DATA    0      7       5       3       1       9       7
       +---------------+---------------+----------------+
       |      HRD      |      PRO      |  HLN  |   PLN  |
       +---------------+---------------+----------------+
       |      OP       |      SHA ...
       +------------------------------------------------+
       |      SPA ...
       +------------------------------------------------+
       |      THA ...
       +------------------------------------------------+
       |      TPA ...
       +------------------------------------------------+
       |      SHA ...


Ethernet transmission layer
(not necessarily accessible to the user):
DESTINATION 48.bit: Destination Address
SOURCE 48.bit: Source Address
PROTOCOL TYPE 16.bit: Protocol type
(set to ARP).

Ethernet packet data:
HRD 16.bit: Hardware address space
(e.g., Ethernet, Packet Radio Net.)
PRO 16.bit: Protocol address space.
For Ethernet hardware, this is from
the set of type fields ether_typ$.
HLN 8.bit: Hardware Address Length (0-255 Bytes)
PLN 8.bit: Protocol Address Length (0-255 Bytes)
OP 16.bit: Opcode: either request or reply
SHA nbytes: Sender Hardware Address (this packet),
n from the HLN field.
SPA mbytes: Sender Protocol Address (this packet),
m from the PLN field.
THA nbytes: Target Hardware Address (this packet),
(if known).
TPA mbytes: Target Protocol Address

ARP ADDRESS RESOLUTION PROCESS

  1. A routing protocol determines the next-hop IP address.
  2. Is the next hop MAC for the IP in question in the IP-ARP table?
    1. YES: create an 802.x packet using the destination MAC and send.
    2. NO:
      1. Generate Ether packet with:
        DESTINATION = Unset
        SOURCE = LOCAL MAC
        Protocol type = Address Resolution
        HRD = local MAC
        PRO = IP
        HLN = 6
        PLN = 4 (if IP)
        OP = REQUEST
        SHA = local MAC (Requestor)
        SPA = local IP (Requestor)
        THA = (broadcast hardware address)
        TPA = remote IP
      2. Broadcast ARP packet to the wire.

  3. Next-Hop Host will update it's IP-ARP table with the requestor's IP address and MAC, then respond with packet set to:
    DESTINATION = Unset
    SOURCE = LOCAL MAC
    Protocol type = Address Resolution
    HRD = local MAC
    PRO = IP
    HLN = 6
    PLN = 4 (if IP)
    OP = REPLY
    SHA = local MAC
    SPA = local IP
    THA = requestor's MAC
    TPA = requestor's IP
  4. OTHER Hosts:
    Any other host will update it's IP-ARP table with the requestor's info, then drop the packet.

ARP Cache

Most computer systems maintain a cache of IP to MAC address pairings called the "ARP Table". This table is populated with the IP and MAC addresses the computer recently has obtained. Entries in the ARP cache are aged out over time with the default usually approximating 15 seconds.

 

Checking the ARP Table

Use the arp command from the command line to display the current ARP table.


Bookmark this page and SHARE:  

Search

Support InetDaemon.Com

Get Tutorials in your INBOX!

Free Training