Address Resolution Protocol

Edit online

The first network-level protocol is the Address Resolution Protocol (ARP). ARP dynamically translates Internet addresses into the unique hardware addresses on local area networks.

To illustrate how ARP works, consider two nodes, X and Y. If node X wishes to communicate with Y, and X and Y are on different local area networks (LANs), X and Y communicate through bridges, routers, or gateways, using IP addresses. Within a LAN, nodes communicate using low-level hardware addresses.

Nodes on the same segment of the same LAN use ARP to determine the hardware address of other nodes. First, node X broadcasts an ARP request for node Y's hardware address. The ARP request contains X's IP and hardware addresses, and Y's IP address. When Y receives the ARP request, it places an entry for X in its ARP cache (which is used to map quickly from IP address to hardware address), then responds directly to X with an ARP response containing Y's IP and hardware addresses. When node X receives Y's ARP response, it places an entry for Y in its ARP cache.

Once an ARP cache entry exists at X for Y, node X is able to send packets directly to Y without resorting again to ARP (unless the ARP cache entry for Y is deleted, in which case ARP is reused to contact Y).

Unlike most protocols, ARP packets do not have fixed-format headers. Instead, the message is designed to be useful with a variety of network technologies, such as:

  • Ethernet LAN adapter (supports both Ethernet and 802.3 protocols)
  • Token-ring network adapter
  • Fiber Distributed Data Interface (FDDI) network adapter

However, ARP does not translate addresses for Serial Line Interface Protocol (SLIP) or Serial Optical Channel Converter (SOC), since these are point-to-point connections.

The kernel maintains the translation tables, and the ARP is not directly available to users or applications. When an application sends an Internet packet to one of the interface drivers, the driver requests the appropriate address mapping. If the mapping is not in the table, an ARP broadcast packet is sent through the requesting interface driver to the hosts on the local area network.

Entries in the ARP mapping table are deleted after 20 minutes; incomplete entries are deleted after 3 minutes. To make a permanent entry in the ARP mapping tables, use the arp command with the pub parameter:

arp -s 802.3 host2 0:dd:0:a:8s:0 pub

When any host that supports ARP receives an ARP request packet, the host notes the IP and hardware addresses of the requesting system and updates its mapping table, if necessary. If the receiving host IP address does not match the requested address, the host discards the request packet. If the IP address does match, the receiving host sends a response packet to the requesting system. The requesting system stores the new mapping and uses it to transmit any similar pending Internet packets.