ARP notes

From Helpful
Jump to navigation Jump to search

For other network related things, see:

Also:


This article/section is a stub — some half-sorted notes, not necessarily checked, not necessarily correct. Feel free to ignore, or tell me about it.

For context, consider that

wired home LANs are usually Ethernet, and
within a Ethernet network, packets are sent to MAC addresses

The fact that what we carry on top is usually IP is not something that Ethernet layer hardware cares about.


Yet IP is so ubiquitous that some amount of added integration between IP and Ethernet would be great.

ARP is mainly used to find a MAC when the IP is known - which IPv4 addresses are (currently) held by which Ethernet MACs - so that you can think in IP addresses instead, and there is something doing the translation for you.


ARP's packets carry little more than something like

"Who has 192.168.178.29? Tell 192.168.178.1"

And responses (from the node with that address)

"192.168.178.29 is at 74:d4:35:01:23:45"

(which is basically what tcpdump arp -n will say)


Nodes will keep a table containing the (mac,ip) pairs from such answers, as they support IP-level networking calls.


Note that this is also useful for layer-2 switching, in that ARP responses will have the side effect of telling the switch which port a particular MAC is attached to (we can ignore the IP part of the response), which is the only port that packets for that MAC need to be sent on (before it learns this, it has to broadcast packets to all ports - basically acting like hub until it learns this).

Each computer-like host tends to keep an ARP table too see arp -n in *nix or arp -a on windows)


ARP has other uses, such as the allowing a DHCP client to double check whether the IP it just got is already in use in its broadcast domain, before creating what might be an IP conflict. (optional but a good idea)


ARP requests are usually broadcast (though there are uses for Directed ARP requests) }}, responses unicast.