Address Resolution Protocol (ARP)

ARP is an abbreviation for Address Resolution Protocol, which is used to determine the MAC address of a device based on its known IP address. This signifies that the source device already knows the IP address of the destination device but not the MAC address. The device’s MAC address is essential because you cannot connect with a device in a local area network (Ethernet) unless you know its MAC address. As a result, the Address Resolution Protocol aids in determining the MAC address of the target device.

ARP’s function is to transform a 32-bit logical address (IPv4 address) to a 48-bit physical address (MAC address). This protocol operates between the OSI model’s layers 2 and 3. The MAC address is located on layer 2, also known as the data link layer, while the IP address is located on layer 3, commonly known as the network layer.

Types of Mapping in ARP:

1. Static Mapping:

A table in static mapping comprises the destination device’s logical address and matching physical address. In this case, the device’s IP and MAC addresses are manually inserted into an ARP table. If the source device wishes to connect with the destination device, it must first access the table.

2. Dynamic Mapping:

In dynamic mapping, if a device knows the logical address of another device, it can use the Address Resolution protocol to determine the physical address of the other device. When the source device submits an ARP broadcast request, the dynamic entries are produced automatically. These entries are not permanent and are cleared on a regular basis.

Types of ARP:

1. Proxy ARP:

Proxy ARP is a technique that allows Layer 3 devices to reply to ARP requests for a target that is on a different network than the sender. The Proxy ARP configured router responds to the ARP by mapping the router’s MAC address to the target IP address and convincing the sender that it has arrived at its destination.

Because the packets have the relevant information, the proxy router forwards them to the right destination at the backend.

2. Gratuitous ARP:

Gratuitous ARP is a host ARP request that aids in the identification of a duplicate IP address. It is a broadcast request for the router’s IP address. If a switch or router sends an ARP request to get its IP address and no ARP answers are received, all other nodes are unable to utilise the IP address assigned to that switch or router.

However, if a router or switch makes an ARP request for its IP address and receives an ARP response, another node uses the switch or router’s IP address.

3. Reverse ARP (RARP):

It is a networking protocol that a client system on a local area network (LAN) uses to obtain its IPv4 address from the ARP gateway router table. The network administrator creates a table in the gateway-router that is used to match the MAC address to the matching IP address.

When a new system is installed if a computer does not have enough memory to save the IP address, the user must determine the IP address of the device. The device transmits a RARP broadcast packet, containing its own MAC address in both the sender and recipient hardware’s address fields.

The RARP-server, a host placed within the local network, is ready to reply to such a broadcast packet. The RARP server then attempts to identify a mapping table item in the IP to MAC address mapping table. If any of the entries in the table match the item in the table, the RARP server transmits the response packet to the requesting machine, along with the IP address.

4. Inverse ARP (InARP):

Inverse ARP is the inverse of ARP and is used to determine node IP addresses from data link layer addresses. These are primarily utilised in frame relays and ATM networks, since Layer 2 virtual circuit addressing is frequently derived from Layer 2 signalling. The required Layer 3 addresses are available when utilising these virtual circuits.

Layer 3 addresses are converted to Layer 2 addresses using ARP. InARP, on the other hand, may define an inverse address. The packet format of InARP is identical to that of ARP, but the operating codes are different.

ARP Request:

When two devices (say, source and destination) on a local area network desire to interact with each other (Ethernet), the source device consults the ARP cache/table to determine the MAC address of the destination device. If the device’s MAC address is saved in the ARP cache, the source will use that address to initiate communication.

If the destination’s MAC address is not recorded in the ARP cache, the source device sends an ARP request message. The IP and MAC addresses of the device source and destination are included in this ARP request. The target device’s Mac address field is left blank.

On the local area network, the ARP request message is broadcast (Ethernet). All network devices get the ARP request message and compare their IP addresses to the source device’s IP addresses. When the source device’s IP address matches one of the devices on the local area network, that device will send an ARP reply message. If the source device’s IP address does not match any of the devices on the local area network, the packet will be dropped automatically.

After then, the ARP reply message is transmitted to the source device. The MAC address of the destination device is included in the ARP reply message.

When the source device gets the ARP reply message, the MAC address received by the ARP reply message, together with its IP address, is updated in the ARP cache.

The objective for keeping an ARP database is so that when the source device wishes to interact with a device with whom it has previously communicated, the source does not have to broadcast an ARP request message again. Until the machine reboots again, the information is already saved in the ARP cache. The source device must search up the ARP cache and acquire the device’s MAC address from there.

Important points about ARP Request:

• The ARP request is broadcast, while the ARP response is unicast.
• The device’s MAC address is kept null since the source requested it.
• ARP cache has a smaller amount of memory storage. As a result, it deletes its entries on a regular basis to free up space.
• If the device does not know its IP address, it employs RARP (Reverse Address Resolution Protocol) and broadcasts the RARP request instead of ARP.

Need for ARP Request:

An ARP request is required when a device needs to know the MAC address of the device with which the source wants to interact. It is important for both devices to be aware of each other’s IP and MAC addresses. Each device in a network is aware of the IP addresses of the other devices but is unaware of their MAC addresses. As a result, the source device generates the ARP request in order to retrieve the MAC address of the destination device.

ARP Table:

The ARP Table is used to maintain track of the devices’ IP addresses and MAC addresses (source and destination device). The IP address and MAC address of the source and destination devices must be kept in an ARP table in order for two devices to communicate. If there is no entry in the table, the source sends an ARP broadcast to all network devices.

Every device compares its own IP address to the target device’s IP address. When the IP addresses of the devices match, that device sends a response, which is then updated in an ARP table. Each network-connected host should be required to have an ARP table.

ARP Commands:

• arp -a: Displays ARP table for particular IP address
• arp -g: Works the same way as arp -a
• arp -d: To delete an entry from the ARP table for a particular interface.
• arp -d *: To delete all entries from the ARP table.
• arp -s: To add static entry to the ARP table.
• /? : To show help at the command prompt.
• arp purge-delay: Delays purging in ARP entries when an interface goes down.
• no arp purge-delay: To turn off purge delay.
• arp timeout: To determine how long the dynamic entries learned on the interface reside in the ARP cache
• show interface: To show the ARP timeout value.
• clear arp cache: To delete/remove all the dynamic entries from the ARP table.
• proxy-arp: To enable proxy ARP on an interface.
• no proxy-arp: To disable proxy ARP on an interface.
• show arp: To indicate Address Resolution Protocol (ARP).
• show arp traffic: To display static traffic on ARP.

ARP Packet:

The address resolution protocol (ARP) employs a simple message structure in which either an address resolution request or an address resolution response is included. The address size of the link layer and network layer determines the size of the ARP message. The message header specifies the network type and address size utilised at each tier. The operation code, which is 1 for the request and 2 for the response, completes the message header.

The payload of the packet has four addresses, which are as follows:

• Sender’s hardware address
• Receiver’s hardware address
• Sender’s protocol address
• Receiver’s protocol address

1. HTYPE:

The hardware type field has a capacity of 16 bits. This parameter specifies the network type required by the local network to send the ARP message.

Example:

• Ethernet has a value of 1
• IEEE 802 Networks have a value of 6
• ARCNET has a value of 7
• Frame Relay has a value of 15
• Asynchronous Transfer Mode has a value of 16
• HDLC has a value of 17
• Fibre Channel has a value of 18
• Serial Line has a value of 20

2. PTYPE:

The protocol type is a 16-bit parameter that specifies the protocol type.

3. HLEN:

The hardware length field has an 8-bit size. This parameter defines the physical address’s length in bytes.

4. PLEN:

The protocol length field is 8 bits in length. It specifies the IP address’s length in bytes.

5. OPER:

The kind of ARP packet is determined by this 16-bit parameter. ARP packets are classified into two types: ARP request and ARP reply. The first two values in the table are utilised for the ARP request and reply. This table also includes values for additional ARP frame formats such as RARP, DRARP, and so on.

Example:

• ARP Request: 1
• ARP Reply: 2
• RARP Request: 3
• RARP Reply: 4
• DRARP Request: 5
• DRARP Reply: 6
• DRARP Error: 7
• InARP Request: 8
• InARP Reply: 9

6. SHA:

This field indicates the sender’s physical address, and its length is not defined.

7. SPA:

This parameter is needed to identify the sender’s logical address, and its length is not defined.

8. THA:

The target hardware address defines the target’s physical address. It is a field with a changeable length. Because the sender does not know the physical address of the recipient, this field in the ARP request packet comprises all zeros.

9. TPA:

This field specifies the target’s logical address. TPA is a field with a variable length.

Working of ARP:

When the source wishes to interact with the destination at the network layer. First, the source must determine the destination’s MAC address (Physical Address). The source will look in the ARP cache and ARP table for the destination’s MAC address. If the destination’s MAC address is found in the ARP cache or ARP table, the source uses that MAC address for communication.

If the destination’s MAC address is not in the ARP cache or ARP table, the Source sends an ARP Request message. The source’s MAC address and IP address are included in the ARP Request message. It also includes the destination’s IP address and MAC address. Because the user requested it, the destination’s MAC address was left blank.

The source computer will broadcast the ARP Request message to the local network. The broadcast message is received by all devices on the LAN network. Now, each device compares its own IP address to the destination’s IP address. If the device’s IP address matches the destination’s IP address, the device will send an ARP to respond to the message. If the device’s IP address does not match the destination’s IP address, the packet is dropped automatically.

When the destination address matches the device, the destination sends an ARP reply packet. The MAC address of the device is included in the ARP Reply packet. Because the source’s MAC address will be required for communication, the destination device automatically changes the database and saves it.

The source device now serves as a target for the destination device, and the destination device sends the ARP Reply message.

The ARP Reply message is sent unicast rather than broadcast. This is due to the fact that the device (destination) sending the ARP Reply message is aware of the MAC address of the device (source) to whom the ARP Reply message is delivered.

When the source device receives the ARP Reply message, it will know the destination’s MAC address since the ARP Reply packet contains the destination’s MAC address along with the other addresses. The source will update the destination’s MAC address in the ARP cache. The sender can now connect directly with the recipient.

Advantages of ARP:

1. If we know the IP address of the device, we can simply determine its MAC address.

2. It is not essential to specify the end node addresses for the MAC address. We can find it if we need to.

Disadvantages of ARP:

1. ARP attacks, such as spoofing and denial of service, are possible.

Summary:

In this article, we looked at the concept of the Address Resolution Protocol. We also looked at the concept of the ARP Table, the various commands used to manipulate the ARP table, and the structure of the ARP packet. Lastly, we looked at the working of ARP and its advantages and disadvantages.