A Beginners Guide To Address Resolution Protocols (ARP)
Linux UbuntuIn its simplest form imagine you have a computer such as a laptop and you want to communicate with your Raspberry PI which is both connected as part of your local broadband connection.
You can generally see if the Raspberry PI is available on the network by pinging it. As soon as you ping the Raspberry PI or attempt any other connection with the Raspberry PI you will be kicking off the need for address resolution.
Think of it as a form of handshake.
The ARP compares the address and subnet masks of the host and the target computer. If these match then the address has effectively been resolved to the local network.
So how does this process actually work?
Your computer will have an ARP cache which is accessed first to try and resolve the address.
If the cache does not contain the information required to resolve the address then a request is sent to every machine on the network.
If a machine on the network doesn't have the IP address being searched for then it will just ignore the request but if the machine has a match then it will add the information for the calling computer to its own ARP cache. It will then send a response back to the original calling computer.
Upon receiving confirmation of the target computer's address the connection is made and so a ping or other network request can be processed.
The actual information the source computer is seeking from the destination computer is its MAC address or as it is sometimes termed the HW Address.
A Worked Example Using The Arp Command
To make this easier to understand you will need to have 2 computers attached to your network.Make sure that both computers are switched on and are able to connect to the internet.
Now open a terminal window using Linux and type in the following command:
arp
The information displayed is the information currently stored in your computer's ARP cache.
The results may just show your machine, you may see nothing at all or the results may include the other computer's name if you have connected to it previously.
.The information provided by the arp command is as follows:
- Address
- HW Type
- HW Address
- Flags
- Mask
- IFace
You need to know the name of the computer that you are connecting to. In my case, I am connecting to my Raspberry PI zero.
Within the terminal run the following command replacing the words raspberrypizero with the name of the computer you are connecting to.
ping raspberrypizero
What has happened is that the computer that you are using has looked in its ARP cache and realized it has no information or not enough information about the machine you are trying to ping. It has therefore sent out a request across the network asking all other machines on the network whether they are indeed the computer you are looking for.
Each computer on the network will look at the IP address and mask requested and all but the one that has that IP address will discard the request.
The computer that has the requested IP address and mask will shout out, "Hey that is me!!!!" and will send its HW address back to the requesting computer. This will then get added to the ARP cache of the calling computer.
Don't believe me? Run the arp command again.
arp
This time you should see the name of the computer you pinged and you will also see the HW address.
Show The IP Addresses Instead Of The Computer's Hostname
By default, the arp command will show the hostname of the items within the ARP cache but you can force it to display IP addresses using the following switch:arp -n
Alternatively, you might wish to use the following switch which will display the output in a different way:
arp -a
The output from the above command will be something along the lines of this:
raspberrypi (172.16.15.254) at d4:ca:6d:0e:d6:19 [ether] on wlp2s0
This time you get the computer's name, the IP address, the HW address, the HW type and the network.
How To Delete Entries From The ARP Cache
The ARP cache doesn't hold on to its data for very long but if you are having issues connecting to a specific computer and you suspect it is because the address data held is incorrect you can delete an entry from the cache in the following way.First, run the arp command to get the HW address of the entry you wish to remove.
Now run the following command:
arp -d HWADDR
Replace HWADDR with the HW Address for the entry you wish to remove.