What is ARP (Address Res­ol­u­tion Protocol)?

In order to be able to send data packets in TCP/IP networks, a trans­mit­ter requires three bits of address in­form­a­tion to be sent via the host: the subnet mask, the IP address and the MAC address (also the hardware address or physical address). Your netmask and IP address receive network devices auto­mat­ic­ally and flexibly when they connect to a network. For this purpose, the con­nect­ing com­mu­nic­a­tion devices, such as routers or hubs, revert to the DHCP protocol. In local networks, the two entries can also be entered manually. The hardware address is, however, assigned by the man­u­fac­turer of the re­spect­ive device and is linked to a specific IP address by means of the so-called Address Res­ol­u­tion Protocol (ARP).

The Address Res­ol­u­tion Protocol was specified in RFC-Standard 826 in 1982 to ac­com­plish the res­ol­u­tion of IPv4 addresses into MAC addresses. ARP is in­dis­pens­able for the trans­mis­sion of data in Ethernet networks for two reasons: on the one hand, the in­di­vidu­al data frames (also Ethernet frames) of an IP packet can only be sent to the desired des­tin­a­tion hosts by means of the hardware address. However, the Internet protocol cannot refer to these physical addresses in­de­pend­ently. On the other hand, due to its’ limited length, the IPv4 protocol does not provide the option to store device addresses. ARP provides a solution with its’ own ARP caching mechanism. For the newer IPv6, the cor­res­pond­ing functions are adopted by the Neighbor Discovery Protocol (NDP). When resolving the address via ARP, a dis­tinc­tion must always be made as to whether the target host’s IP address is located in the same local network of another subnet. In that case, if the MAC address is to be assigned to a specific address, the subnet mask is first inspected. If the IP is located in the local network, the first step is to check whether there is already an entry for this in the ARP cache.

If a physical coun­ter­part is already assigned to the IP address, it can be used for ad­dress­ing. If this is not the case, the sender sends an ARP request with the target IP to all hosts on the network. For this purpose, it uses the ARP broadcast address FF:FF:FF:FF:FF:FF as the receiver address. The in­di­vidu­al stations compare the IP address specified in the request with their own and reject the request if there is no match. However, if a station registers that it is its own address, it responds with an ARP reply, as well as the MAC address. Both sides can now add the MAC and IP address of the counter to the cache, which provides the basis for the data exchange.

If the target host is not in the same subnet, the sender addresses the default gateway (usually a router). This can also be done by combining MAC and IP addresses, which is why the Address Res­ol­u­tion Protocol is also required. The gateway receives the data packet after the address res­ol­u­tion and then takes care of for­ward­ing it to the target host. For this purpose, it analyses the IP header first, to obtain the necessary in­form­a­tion. Sub­sequently, it also uses different aspects of the ARP protocol to solve:

• Either the physical address of the target computer directly, if it’s located in a neigh­bour­ing subnet
• Or the hardware address of another gateway if the target computer is on a remote subnet and the packet path cannot be de­term­ined using the routing table

In the latter scenario, the process is repeated until the data packet reaches its des­tin­a­tion or the TTL field (time to live) has the value 0 in the IP header. 

ARP protocol uses a simple message format to send requests/respond to requests. Although it was ori­gin­ally intended for IPv4 and MAC addresses, using other network protocols are the­or­et­ic­ally possible. This is why fields exist for the type and size of the hardware and protocol addresses. Con­sequently, the overall size of the ARP packets can also differ. For example, in a standard situation, the use of ARP in IPv4 ethernet networks obtains a length of 224 bits (28 bytes). The following il­lus­tra­tion shows the com­pon­ents of one of these in­form­a­tion packets:

The ARP header begins with the 16-bit-long in­form­a­tion sequence about the specifics of the hardware address. In the case of the intended ethernet devices, the packet above would have the value 1. The protocol (also 16 bits long) follows, and its job is to serve as the basis for the ARP address res­ol­u­tion. IPv4 addresses are char­ac­ter­ised by the value 0x0800 (2048), which is also used in ethernet frames as the value for the IPv4 protocol (EtherType). The next two fields provide in­form­a­tion on the length of the two addresses (in bytes). MAC addresses have a size of 6 bytes (48 bits) and are therefore iden­ti­fied by the value 6. IP addresses are 4 bytes long (32 bits), which is why the default value is 4.

The next 16 bits (operation) are reserved for spe­cify­ing the ARP message. Thus, 1 rep­res­ents an ARP request, while 2 indicates that it is an ARP response. Finally, the packets contain the four relevant and pre­vi­ously declared addresses:

• Senders‘ MAC address: Contains the MAC address of the re­quest­ing computer in a request; in an ARP response, the des­tin­a­tions’ physical address, or the next gateways’ address is found at this point
  
  
• Senders‘ IP address: Contains the IP address of the re­quest­ing computer (ARP request) or the des­tin­a­tion of the next gateway (response)
  
  
• Receivers‘ MAC address: This field shows the MAC address broadcast FF:FF:FF:FF:FF:FF, if the sender makes a request; in an ARP response, the hardware address of the re­quest­ing host is listed here
  
  
• Receivers‘ IP address: In a request, this field contains the IP address of the host whose MAC address is being searched; in a response message, this contains the IP address of the re­quest­ing computer

If you want to add the address com­bin­a­tion of a host in­de­pend­ently or remove it from the ARP tables, you need the –s and –d para­met­ers. For example, if the physical address 00-aa-00-62-c6-09 is behind the IP address 157.55.85.212, create a cor­res­pond­ing static entry with the following command:

This in­form­a­tion is also removed from the cache just as quickly if you apply the “delete” parameter to one of the archived addresses instead:

Instead of a specific internet address, you can also use the place­hold­er * to denote all tem­por­ar­ily stored data.

Apart from the pre­vi­ously in­tro­duced standard function, there are a number of al­tern­at­ive uses for ARP message packages. For example, a host can also use it to inform the other network members about their own MAC address. For this purpose, it sends an ARP request to the broadcast and enters its own IP as both a source address and a recipient address. Since this is done on its own, this modi­fic­a­tion of the protocol is also called Gra­tu­it­ous ARP (“Un­so­li­cited ARP”). Such a self-initiated message of the physical address may occur, for example, in the following cases:

1. Due to their IP ad­dress­ing, GARP messages are not allowed to produce any response in the theory – otherwise, it would indicate that the IP address used by the sender would be du­plic­ated. If one of the broadcast-contacted hosts replies with a response message anyway, is it the fault of the network ad­min­is­trat­or
    
2. Gra­tu­it­ous ARP allows all hosts to include the hardware address of the sender in their own cache. This is par­tic­u­larly ad­vant­age­ous when this address has changed, for example, because of the network card being exchanged. Therefore, the modified ARP messages are always sent when a computer boots up
    
3. Servers that are con­figured as spares for the purpose of fail-pro­tec­tion often share an IP address. In order for data traffic to be re­dir­ec­ted to the incoming server, the latter must announce the MAC address to the other hosts. For this, GARP messages are an excellent option
    
4. Mobile IP allows a mobile host to keep its own IP address even when a network is switched. To this end, a so-called HomeAgent takes over the IP address of the mobile hosts when it’s removed from the home network.  In order to draw attention to them­selves, they send a gra­tu­it­ous ARP message. In the same way, the mobile host logs back when it is back on the home network

A further modi­fic­a­tion is the Reverse Address Res­ol­u­tion Protocol (RARP), which basically inverts the function of the ARP: it does not resolve IP addresses in MAC addresses, but rather MAC addresses in IP addresses. This is the pos­sib­il­ity to determine your own internet address by using devices in which the al­loc­a­tion or permanent storage is not provided (e.g., work stations without a hard disk drive).

The modi­fic­a­tion proxy ARP is also common, which enables routers to answer ARP requests for other hosts. This allows com­mu­nic­a­tion between two hosts from different subnets without the need for any changes to the devices’ network con­fig­ur­a­tions. If an ARP request reaches a router with ARP proxy enabled, it responds instead of the actual target computer. It transmits its own MAC address, whereupon it also receives sender’s data packets. Sub­sequently, the router forwards the data to the target host, using the ARP cache in­form­a­tion.