Lesson 10 | ARP and RARP |
Objective | Address Resolution Protocol and Reverse Address Resolution Protocol |
At its core, the Address Resolution Protocol (ARP) is a protocol used to map a network address (such as an IP address) to a physical address (such as a MAC address). ARP is used in both IPv4 and IPv6 networks, and it is an essential part of the communication process.
In this article, we will take an in-depth look at ARP, how it works, and its role in modern networking. We will also explore some common issues that can arise when working with ARP and how to troubleshoot them.
What is the purpose of ARP?
At its most basic level, ARP is used to translate a network address (such as an IP address) into a physical address (such as a MAC address).
This process is essential for communication between devices on a network.
ARP is used to mediate between ethernet (or other broadcast link-level protocols) and the network layer, or IP protocols. Put more simply, ARP converts IP addresses to ethernet addresses.
When a device wants to communicate with another device on the same network, it needs to know the physical address of the device it is trying to reach. ARP is used to find this information.
How does ARP work?
When a device needs to find the physical address of another device on the same network, it sends out an ARP request. This request contains the IP address of the device it is trying to reach. All devices on the network receive this request, but only the device with the corresponding IP address will respond. The response contains the physical address (MAC address) of the device.
Once the device has the MAC address, it can use it to communicate with the other device on the network. The MAC address is used at the data link layer of the OSI model, while the IP address is used at the network layer.
ARP Cache
To speed up the ARP process, devices keep a cache of recently resolved addresses. This cache is known as the ARP cache, and it contains a mapping of IP addresses to MAC addresses. When a device needs to communicate with another device on the network, it first checks its ARP cache to see if it has the physical address (MAC address) of the other device. If it does, it can use that address without needing to send an ARP request.
Why ARP is necessary
ARP is necessary because the underlying ethernet hardware communicates using ethernet addresses, not IP addresses.
Suppose that one machine, with IP address 2 on an ethernet network, wants to speak to another machine on the same network with IP address 8.
The two machines use ARP to conduct the following dialogue:
- ARP Request - Machine 1: (IP=2) broadcasts to all machines on the network:
Question: Who has IP address 8?
- ARP Reply - Machine 2 (IP=8) replies: I do.
The reply of Machine 2 contains its ethernet address, so now Machine 1 knows it.
Machine 1 stashes that address temporarily in a
kernel memory area called the ARP cache. That way, if it needs to speak to Machine 2 again soon, it does not have to repeat the ARP request.
ARP Spoofing
One common issue that can arise with ARP is ARP spoofing. ARP spoofing is a technique used by malicious actors to intercept network traffic by sending falsified ARP messages. In an ARP spoofing attack, the attacker sends ARP messages with false source MAC addresses, which can cause network traffic to be redirected to the attacker's device. This can be used to steal sensitive information, such as passwords or credit card numbers.
To prevent ARP spoofing attacks, network administrators can use techniques such as static ARP entries or ARP spoofing detection software.
The (ARP) Address Resolution Protocol feature performs a required function in IP routing. ARP finds the hardware address, also known as (MAC) Media Access Contro address, of a host from its known IP address and maintains a cache (table) in which MAC addresses are mapped to IP addresses. ARP is part of all Cisco systems that run IP. The ARP feature for IP routing and the optional ARP feature you can configure, such as static ARP entries, timeout for dynamic ARP entries, clearing the cache, and proxy ARP are part of its standard feature set.
ARP Advice
Sometimes, ARP is the easiest way to find a machine's ethernet address. For example, the Solaris ifconfig
command will not tell you a device's ethernet address, but viewing the ARP cache on the machine will show it to you.
The arp Command
The arp
command enables you to view the ARP cache, as well as to forcibly add and delete entries.
We will experiment with arp
in the next exercise, after a brief discussion of the (RARP) Reverse Address Resolution Protocol.
RARP
RARP is used for the opposite purpose; namely, to convert an ethernet address to an IP address. Its purpose is to enable diskless machines, such as X workstations, to find out their IP address at boot time.
Such a machine broadcasts a reverse-ARP request, such as: RARP request— My ethernet address is such and such, what should my IP address be?
Answer: RARP reply—
Your IP address is
3ffe:1900:4545:3:200:f8ff:fe21:67cf
The RARP reply must come from an RARP server, which contains a file (/etc/ethers) listing the mapping from ethernet addresses to IP addresses.
ARP Conclusion
In conclusion, the Address Resolution Protocol (ARP) is a protocol used to map a network address to a physical address. It is essential for communication between devices on a network and is used in both IPv4 and IPv6 networks. ARP works by sending out requests for the physical address (MAC address) of a device on the network. Once the MAC address is known, it can be used to communicate with the other device on the network. ARP spoofing is a common issue that can arise with ARP, but there are techniques that can be used to prevent it. By understanding ARP and its role in modern networking, network administrators can help ensure that their networks are secure and efficient.
Address Resolution Protocol - Quiz
TCP/IP Illustration