ARP

11/13/2004

Address Resolution Protocol (ARP). ARP is a protocol used on Ethernet networks to resolve Internet Protocol (IP) addresses to the Media Access Control (MAC) addresses used by Ethernet networks. ARP applies only to (32 bit) IPv4 IP addressing used over ethernet. It would not be used with IPv6 (48 bit) addressing or with routing over a medium that wasn't addressed by MAC addresses.

ARP is needed because Ethernet Network Interface Cards do not understand 32 bit Internet Protocol Addressing. The address resolution process works as follows. A packet is received for a specific IPv4 address. The computer handling the message checks to see if it knows the MAC address for that IP. If so, the message is sent to the MAC address. If not, an ARP request (one of the protocol's four message types) is sent out asking who owns the given IP number. An ARP reply is received from the target PC if it is present on the network. If the address is resolved, the IP and MAC addresses are saved in a cache that is periodically cleared. If the cache were not cleared frequently, no PC could ever change its IP address or install a new Ethernet card with a different MAC address. But because the ARP cache exists, there can be a period of a few minutes after an IP or MAC address is altered during which some elements of the network retain the old information.

There is a provision for broadcasting ARP requests to all addresses on an ethernet segment by using an address of all one bits.

In addition to ARP requests and replies (e.g. "who is 192.168.0.5", "I'm 192.168.0.5 and my MAC number is 01-02-03-04-05-06") reverse ARP requests and replies are supported ("Who is 01-02-03-04-05-06"? "I'm 01-02-03-04-05-06 and my IP is 192.168.0.5"). There is an implicit assumption here that only one IP address will be associated with any MAC address.

In MSDOS/WINDOWS/Linux, there is a program called arp that will list or alter the contents of the Address Resolution Tables and the ARP Protocol cache. This can be used to get the MAC address of a PC by pinging the target PC then looking at the arp table. However that only works for remote PCs as attempts to talk to a PC itself are handled by a fiction called the loopback device and do not result in ethernet traffic that requires MAC address resolution.

The ARP Protocol is defined in RFCs 826 and 894

Return To Index Copyright 1994-2002 by Donald Kenney.