What is ARP (Address Resolution Protocol)?

The ARP protocol is a link-level protocol responsible for finding the hardware address (Ethernet MAC) that corresponds to a specific IP address and documented in RFC 826 in 1982.

What is ARP (Address Resolution Protocol)?

How ARP Works?

ARP is used for data transfer in Ethernet networks, and data frames of IP packets can only be sent to target computers with a hardware address. In this case, the Internet Protocol cannot obtain these physical addresses on its own and without a hardware address.

In short, due to its limited address length, the IPv4 protocol lacks the ability to store device addresses.

As an example of using ARP in a network, there are 4 different cases regarding communication between two hosts.

The first is used when two computers are on the same network and one wants to send a packet to the other.

The second is used when the two computers are in different networks and to reach a gateway/router to reach another computer.

The third is used when a router needs to send a packet through another router to a computer on the local network.

The fourth stage is when a router sends a packet to a computer on the same network, this protocol is used.

   ARP Table

When computer A on the network receives a message with an IP source address and does not have this address in its table, it sends a broadcast to learn the ARP frame and its IP.

Later, the computer matching its IP address will respond to computer A by sending the request to its physical address.

At this point, computer A adds the record for this IP to the ARP table. Table entries can be deleted from time to time, as the physical addresses in the network can change. If we give an example to this situation; If a network card breaks down and needs replacement, or if a user on the network changes its IP address, the records in the table are deleted.

   How Does ARP Work?

When assigning addresses with this protocol, it is necessary to know whether the IP address of the target host is on the same local network or on another subnet.

Therefore, if a MAC address is assigned to a specific IP address, the subnet mask is examined first. Later, if the IP is on the local network, it is necessary to check if this record is in the ARP cache.

If the IP is assigned a physical address, this can be seen in the ARP table. However, if there is no physical address for this IP address in the table, the Request is sent over the entire network.

The request is done by Broadcast by the sending computer, and the address of the recipient is set as FF:FF:FF:FF:FF:FF.

All computers on the network receive this Broadcast and compare the IP address in the frame to their configurations. In this case, a computer sends a Reply request when it detects it has its own IP address.

In this process, if the destination computer is in a subnet, the request is sent to a router or gateway.

After the gateway or router decodes the address, it receives the data packet and transmits it to the target computer and analyzes the IP header to obtain the required data. In this case, communication is established if the destination computer is in a neighboring subnet.

If the neighbor is not a network and the destination computer is on a remote network, then the route the data packet will travel is determined by a routing table. Otherwise, the process is repeated until the data packet reaches its destination or during the TTL (Time to Live) period.

This protocol is a standard protocol that can be used on any platform because it runs in the background regardless of the system of Windows, Linux, or macOS operating systems, and its task is to assign a MAC address.

   ARP Analysis Over Local Network

When pinging computer B from computer A over the same network, the ARP table will be checked first. If there is no IP address assigned to physical addresses in the table, computer A will send a Broadcast to the entire network.

When computer B sees its IP address in the frame, it will record the MAC address of A.

ARP Analysis on the Local Network

As a result, the Ethernet and ARP frame of computer A will be as follows.

Sending a Frame from Computer A to Computer B

   ARP Analysis Over Remote Network

When pinging computer C on LAN2 from computer A on LAN1, computer A will first look at the ARP table. If there is no record in A’s table, it will broadcast to the whole network, but since the target C computer is on the remote network, the destination address in A’s frame will be 192.168.1.1.

Switch0 on LAN1 receiving this Broadcast will send a Broadcast because it does not know the IP address of the Router’s FastEthernet adapter, and then after resolving the address, the Router on LAN1 will broadcast to the Router on LAN2.

In this case, the Router on the LAN will send Broadcast directly to the networks it is connected to, and learn the physical address of the C computer and record it in the MAC table.

ARP Analysis Over Remote Network

As a result, the ARP table of computer A will be as follows;

C:\>arp -a
Internet Address  Physical Address Type
192.168.1.1       000c.cf93.8401 dynamic
C:\>

The table of computer C will be as follows;

C:\>arp -a
  Internet Address      Physical Address      Type
  192.168.1.1           000c.8532.0801        dynamic
  192.168.2.1           000c.8532.0801        dynamic
C:\>

The table of the Router in LAN1 is as follows;

Router#show arp 
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.1.1             -   000C.CF93.8401  ARPA   GigabitEthernet0/0
Internet  192.168.1.2             32  00E0.B0C1.3206  ARPA   GigabitEthernet0/0
Internet  192.168.1.3             1   00D0.BC36.B360  ARPA   GigabitEthernet0/0
Router#

The table of the Router in LAN2 is as follows;

Router#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.2.1             -   000C.8532.0801  ARPA   GigabitEthernet0/0
Internet  192.168.2.2             33  000C.85C4.7705  ARPA   GigabitEthernet0/0
Router#

You can better understand how this protocol works by using the Cisco Packet Tracer program. Additionally, you can open the command prompts of computers A, B, and C and examine the table with the arp -a command. If you want to restart the test, you can use the arp -d command to clear the tables of these computers.

You can use the show arp command to view the ARP records of Routers on LAN1 and LAN2. If you want to delete these records from the Router, simply use the clear arp-cache command.

In this example, the Ethernet and ARP frame of computer A will be as follows.

Sending a Frame from Computer A to Computer C

   Related Articles


TCP Protocol
UDP Protocol
TCP/IP Protocol
Static Routing
DHCP Protocol

Add a Comment

Your email address will not be published. Required fields are marked *

error: