The Address Resolution Protocol (ARP) is a network protocol used to map an IP address to its corresponding MAC address (Media Access Control address) in a local network. ARP is essential for communication between devices within the same local network or subnet, as devices need to know each other’s MAC addresses in order to send data at the data link layer (Layer 2 of the OSI model).
Here’s how ARP works:
1. ARP Request
When a device (say, Host A) wants to communicate with another device (say, Host B) within the same network, it needs to know Host B’s MAC address. Host A only knows the IP address of Host B, so it sends out an ARP Request to the local network.
- Broadcast: The ARP Request is sent as a broadcast message to all devices in the local subnet (broadcast address).
- Content of the ARP Request:
- The sender’s IP and MAC addresses (Host A’s IP and MAC address).
- The target’s IP address (Host B’s IP address).
- The target’s MAC address is left empty because Host A doesn’t know it yet.
2. ARP Reply
When Host B receives the ARP Request, it checks if the IP address in the ARP request matches its own. If it does, Host B sends an ARP Reply directly back to Host A.
- Direct Communication: Unlike the request, the ARP Reply is a unicast message sent directly to Host A.
- Content of the ARP Reply:
- Host B’s IP address.
- Host B’s MAC address.
3. Updating ARP Cache
When Host A receives the ARP Reply, it now knows Host B’s MAC address. Host A then updates its ARP cache (a local table of IP-MAC mappings) to store this mapping for future use. Similarly, Host B also updates its ARP cache.
4. Communication
After the ARP exchange, Host A can send Ethernet frames directly to Host B using the MAC address in the ARP Reply. From this point onward, communication can occur without the need for further ARP requests unless the cache expires or changes.
5. ARP Cache Expiration
ARP cache entries are temporary and are typically stored for a certain period (e.g., 2-10 minutes). Once the entry expires, a new ARP request may need to be sent.
Summary of ARP Process
- Host A sends a broadcast ARP request asking for the MAC address corresponding to Host B’s IP address.
- Host B replies with its MAC address.
- Host A updates its ARP table/cache with Host B’s IP-MAC mapping.
- Communication can then proceed using the MAC address.
ARP Types
- ARP Request: A broadcast message asking for the MAC address corresponding to an IP address.
- ARP Reply: A unicast message providing the requested MAC address.
ARP Spoofing/Poisoning
ARP is an unsecured protocol and is vulnerable to attacks such as ARP spoofing or ARP poisoning, where a malicious device sends fake ARP replies to intercept or redirect traffic.
In summary, ARP enables devices to discover each other’s MAC addresses based on IP addresses, allowing them to communicate at the data link layer in a local network.