Questions about this topic? Sign up to ask in the talk tab.

ARP

From NetSec
Revision as of 09:47, 25 August 2012 by LashawnSeccombe (Talk | contribs)

Jump to: navigation, search

Address Resolution Protocol (ARP) is used to resolve a network layer address to a link layer address, typically resolving a MAC address to an IP address. For example, ARP may resolve the MAC address 01:23:45:67:89:AB to the IPv4 address 192.168.1.1.

How ARP Works

To resolve a MAC address to an IP address, ARP uses cached ARP tables containing IP address/MAC address pairs stored locally. When dynamic ARP is enabled, this cache is updated by ethernet frames on the Local Area Network (LAN) broadcasting IP address and MAC address pairs.

For example, Network Device A (NDA) wants to send a packet to Network Device B (NDB) with a MAC address of DE:AD:BE:EF:CA:FE and an IP address of 192.168.1.1.

  • Device A first needs to resolve 192.168.1.1 to its MAC address, DE:AD:BE:EF:CA:FE.
  • First it checks for the IP address 192.168.1.1 in its ARP table.
If it finds the corresponding MAC address it will send the packet to the address it found, and it will (hopefully) reach its target.

If it cannot find the corresponding MAC address:

  • It will send a broadcast ARP message (with a destination of FF:FF:FF:FF:FF:FF) requesting the MAC address of 192.168.1.1 (also known as an ARP WhoHas).
  • Network Device B would then respond to that message with its MAC address (DE:AD:BE:EF:CA:FE), and will also store the MAC address of Network Device A in its own ARP cache table.
  • Network Device A now has the MAC of Network Device B and can send its TCP/IP message along over the ethernet.

See Also