What is an ARP Table?

The Address Resolution Protocol (ARP) is a critical communication protocol used on local area networks (LANs). It is defined in RFC 826 and operates at Layer 2 of the OSI model. ARP provides the translation between IP addresses and MAC addresses within a single network.

This allows machines to communicate directly on the LAN without the need for complex routing. ARP is a simple protocol, relying on broadcast requests and responses to populate ARP cache tables. The proper functionality of ARP is foundational for communication on Ethernet networks.

The Role of ARP in Network Communication

ARP enables effective communication between devices on a LAN by bridging between Layer 3 IP addressing and Layer 2 MAC addressing. Whenever a node on an IP network needs to send data to another local IP address, ARP is used to determine the recipient’s MAC address.

The sender consults its ARP cache or initiates an ARP broadcast to resolve the IP into a MAC. Without the IP-to-MAC translation ARP provides, LAN nodes would be unable to properly address frames to each other using the right MAC destination address. ARP is the key enabler for getting data to the right physical interface.

The Purpose and Function of an ARP Table

The core purpose of the ARP table, sometimes referred to as the ARP cache, is to record IP address to MAC address mappings discovered on the LAN. Here is an example ARP table:

IP AddressMAC Address

The ARP table serves as a lookup reference for determining the MAC address that corresponds to a given IP address. This saved mapping information eliminates the need to repeatedly send ARP requests for addresses already resolved.

Decoding the ARP Table

The Process of MAC (Media Access Control) Address Discovery

When an IP address needs to be resolved to a MAC address, the node sends an ARP “Who has” broadcast request onto the LAN containing the desired IP address.

The device assigned to that IP will then respond with its MAC address. This response is unicasted directly back to the requesting node. The MAC returned in the ARP reply gets cached in the requester’s ARP table.

The Significance of Each Device’s Unique ARP Table

Because ARP functions within a single LAN broadcast domain, its effectiveness depends on each device building its own ARP cache to reflect the local network. The ARP table on each node is populated by the ARP requests made specifically by that device. No two ARP tables are identical since they represent the perspective of each device’s communications.

The Importance of ARP in Network Communication

Without the IP addressing to MAC addressing linkage provided by ARP, Layer 3 routing of packets could not occur down to Layer 2 delivery between physical network interfaces. Communication would fail without mapping IP-to-MAC. ARP enables getting network packets to the right destination device.

The Mechanics of ARP

The Interplay of MAC and IP Addresses in the OSI Model

MAC addresses uniquely identify devices at the Layer 2 data link layer, while IP addresses route packets at the Layer 3 network layer. Before a packet goes out on the wire, both the MAC and IP addresses must be properly set. ARP handles the process of harmonizing IP and MAC for effective communication.

The Process of MAC Address Discovery via ARP

When a node wants to communicate with an IP address that is not already mapped in its ARP table, the node sends a broadcast ARP request containing the desired IP. The device assigned that IP will reply with its MAC address in a unicast ARP reply. The requesting node adds this IP-to-MAC mapping into its cache.

A Practical Example of ARP in a Local Subnet

Here is an example of how ARP works:

  1. Computer A wants to send data to Computer B at IP address
  2. Computer A checks its ARP cache and finds no entry for
  3. Computer A sends a broadcast ARP request for
  4. Computer B sees the ARP request and replies with its MAC address of 00:1b:54:11:e2:ac
  5. Computer A adds the mapping of to 00:1b:54:11:e2:ac into its ARP table
  6. Now Computer A can send the data to Computer B directly using the resolved MAC address

This exchange allows Communication A to learn Computer B’s MAC address for further direct communication.

Mastering ARP Table Operations

How to View an ARP Table?

There are several methods to view a device’s ARP table:

  • The arp -a command can be used in Windows, Linux, and OS X to output the ARP cache contents
  • Network admin tools like ipconfig (Windows) or ifconfig (Linux/OS X) include options for ARP table output
  • Wireshark can passively sniff and collect ARP traffic to reconstruct the table state

Steps to Add an ARP Entry

Static ARP entries can be manually added to bypass the dynamic ARP process using the arp -s command. For example, to add a static ARP entry on a Windows machine:

arp -s 00-11-22-33-44-55

This will enter the mapping into the ARP cache without sending an ARP request.

Modifying an Existing ARP Entry

Because the ARP cache has a timeout on dynamic entries, changes can be made by forcing in a new static entry. To modify an existing ARP-mapped entry, simply use the arp -s command on the desired IP with the new MAC address. The static entry will override the previous dynamic one.

Exploring ARP-Related Terminology

Understanding Reverse ARP

Reverse ARP (RARP) works in the opposite direction to the normal ARP process. With RARP, the MAC address is known and the IP address needs to be determined. It allows a host to broadcast its MAC and receive its IP address in response.

The Concept of Proxy ARP

Proxy ARP enables one device to respond to an ARP request on behalf of another device. This is useful in some special networking configurations and allows for the expansion of the reachable subnet.

An Introduction to Inverse ARP

Inverse ARP (InARP) serves a similar address resolution function as ARP but for the ATM protocol’s address rather than Ethernet’s MAC address. This allows ATM nodes to map Layer 3 addresses down to Layer 2 virtual circuits.

The Role of ARP Cache

Defining ARP Cache

The ARP cache also called the ARP table, stores IP-to-MAC address mappings learned through dynamic ARP requests and responses. It serves as a short-term lookup table to avoid repeated requests for the same address.

The Function of ARP Cache in Storing IP-to-MAC Address Mappings

The ARP cache on each device improves network efficiency by storing previously resolved IP-to-MAC mappings for a configurable timeout period. Rather than re-ARPing for every packet, devices can consult their cache for destinations they recently communicated with.

Leave a Comment