ARP (англ. Address Resolution Protocol — протокол определения адреса) — протокол в компьютерных сетях, предназначенный для определения MAC-адреса по IP-адресу другого компьютера. Существуют следующие типы сообщений ARP: запрос ARP (ARP request) и ответ ARP (ARP reply). Система-отправитель при помощи запроса ARP запрашивает физический адрес системы-получателя. Ответ (физический адрес узла-получателя) приходит в виде ответа ARP.
Компьютер А (IP-адрес 192.168.1.1) и компьютер Б (IP-адрес 192.168.1.2) соединены сетью Ethernet. Компьютер А желает переслать пакет данных на компьютер Б, IP-адрес компьютера Б ему известен. Компьютеру А для осуществления передачи через Ethernet требуется узнать MAC-адрес компьютера Б в сети Ethernet. Для этой задачи и используется протокол ARP.
Компьютер А отправляет широковещательный запрос, адресованный всем компьютерам в одном с ним широковещательном домене. Суть запроса: «компьютер с IP-адресом 192.168.1.2, сообщите свой MAC-адрес компьютеру с МАС-адресом …». Этот запрос доставляется всем устройствам в том же сегменте Ethernet. Компьютер Б отвечает компьютеру А на запрос и сообщает свой MAC-адрес.
Протокол имеет буферную память (ARP-таблицу), в которой хранятся пары адресов (IP-адрес, MAC-адрес) с целью уменьшения количества посылаемых запросов, следовательно, экономии трафика и ресурсов. Записи ARP-таблицы бывают двух вид видов: статические и динамические. Статические добавляются самим пользователем, динамические же — создаются и удаляются автоматически. При этом в ARP-таблице всегда хранится широковещательный физический адрес FF:FF:FF:FF:FF:FF.
Команда arp в Windows
Позволяет просмотреть ARP-таблицу, добавить в нее новую запись или удалить существующую:
> arp Отображение и изменение таблиц преобразования IP-адресов в физические, используемые протоколом разрешения адресов (ARP). ARP -s inet_addr eth_addr [if_addr] ARP -d inet_addr [if_addr] ARP -a [inet_addr] [-N if_addr] [-v] -a Отображает текущие ARP-записи, опрашивая текущие данные протокола. Если задан inet_addr, то будут отображены IP и физический адреса только для заданного компьютера. Если ARP используют более одного сетевого интерфейса, то будут отображаться записи для каждой таблицы. -g То же, что и параметр -a. -v Отображает текущие ARP-записи в режиме подробного протоколирования. Все недопустимые записи и записи в интерфейсе обратной связи будут отображаться. inet_addr Определяет IP-адрес. -N if_addr Отображает ARP-записи для заданного в if_addr сетевого интерфейса. -d Удаляет узел, задаваемый inet_addr. Параметр inet_addr может содержать знак шаблона * для удаления всех узлов. -s Добавляет узел и связывает адрес в Интернете inet_addr с физическим адресом eth_addr. Физический адрес задается 6 байтами (в шестнадцатеричном виде), разделенных дефисом. Эта связь является постоянной eth_addr Определяет физический адрес. if_addr Если параметр задан, он определяет адрес интерфейса в Интернете, чья таблица преобразования адресов должна измениться. Если параметр не задан, будет использован первый доступный интерфейс. Пример: > arp -s 157.55.85.212 00-aa-00-62-c6-09 .. Добавляет статическую запись. > arp -a
Создать запись в ARP-таблице:
> arp -s IP-адрес MAC-адрес
Вывести записи ARP-таблицы:
> arp -a Интерфейс: 192.168.53.1 --- 0x5 адрес в Интернете Физический адрес Тип 192.168.53.255 ff-ff-ff-ff-ff-ff статический 224.0.0.22 01-00-5e-00-00-16 статический 224.0.0.251 01-00-5e-00-00-fb статический 224.0.0.252 01-00-5e-00-00-fc статический 239.255.255.250 01-00-5e-7f-ff-fa статический Интерфейс: 192.168.110.2 --- 0x14 адрес в Интернете Физический адрес Тип 192.168.110.1 04-bf-6d-9a-c7-a8 динамический 192.168.110.3 08-00-27-92-ce-01 динамический 192.168.110.255 ff-ff-ff-ff-ff-ff статический 224.0.0.22 01-00-5e-00-00-16 статический 224.0.0.251 01-00-5e-00-00-fb статический 224.0.0.252 01-00-5e-00-00-fc статический 239.255.255.250 01-00-5e-7f-ff-fa статический 255.255.255.255 ff-ff-ff-ff-ff-ff статический Интерфейс: 172.28.128.1 --- 0x15 адрес в Интернете Физический адрес Тип 172.28.128.255 ff-ff-ff-ff-ff-ff статический 224.0.0.22 01-00-5e-00-00-16 статический 224.0.0.251 01-00-5e-00-00-fb статический 224.0.0.252 01-00-5e-00-00-fc статический 239.255.255.250 01-00-5e-7f-ff-fa статический
Команда arp в Linux
Позволяет просмотреть ARP-таблицу, добавить в нее новую запись или удалить существующую:
$ arp --help Использование: arp [-vn] [<HW>] [-i <интерфейс>] [-a] [<имя_компьютера>] <- Отобразить кэш arp arp [-v] [-i <if>] -d <host> [pub] <- Удалить элемент ARP arp [-vnD] [<HW>] [-i <интерфейс>] -f [<имя_файла>] <- Добавить запись в arp из файла arp [-v] [<HW>] [-i <if>] -s <host> <hwaddr> [temp] <- Добавить элемент arp [-v] [<HW>] [-i <if>] -Ds <host> <if> [netmask <nm>] pub -a показать (все) хосты в альтернативном (BSD) стиле -e display (all) hosts in default (Linux) style -s, --set установить новую запись ARP -d, --delete удалить определенную запись -v, --verbose более детальный вывод -n, --numeric не преобразовывать адреса в имена -i, --device указание сетевого интерфейса (например, eth0) -D, --use-device прочитать <hwaddr> из заданного устройства -A, -p, --protocol указание семейства протоколов -f, --file считать новые записи из файла или из /etc/ethers <HW>=Используйте '-H <hw>' для указания типа аппаратного адреса. По умолчанию: ether Список всех возможных типов HW (которые поддерживают ARP) ash (Ash) ether (Ethernet) ax25 (AMPR AX.25) netrom (AMPR NET/ROM) rose (AMPR ROSE) arcnet (ARCnet) dlci (Frame Relay DLCI) fddi (Fiber Distributed Data Interface) hippi (HIPPI) irda (IrLAP) x25 (универсальный X.25) eui64 (Универсальный EUI-64)
Создать запись в ARP-таблице:
> sudo arp -s IP-адрес MAC-адрес
Вывести записи ARP-таблицы:
$ arp Адрес HW-тип HW-адрес Флаги Маска Интерфейс 192.168.110.13 ether 08:00:27:78:7a:c2 C enp0s3 192.168.110.2 ether 1c:1b:0d:e6:14:bd C enp0s3 _gateway ether 04:bf:6d:9a:c7:a8 C enp0s3
Альтернативный способ просмотра записей таблицы — команда
$ ip neigh 192.168.110.3 dev enp0s3 lladdr 08:00:27:78:7a:c2 REACHABLE 192.168.110.2 dev enp0s3 lladdr 1c:1b:0d:e6:14:bd STALE 192.168.110.1 dev enp0s3 lladdr 04:bf:6d:9a:c7:a8 STALE
Поиск:
Linux • Windows • Команда • Локальная сеть • ARP • IP адрес • MAC адрес • Протокол • Protocol • Ethernet
Каталог оборудования
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Производители
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Функциональные группы
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
The Windows CMD `arp` command is used to view and manage the Address Resolution Protocol (ARP) cache, which maps IP addresses to MAC addresses on your local network. Here’s an example of how to display the ARP cache:
arp -a
Introduction to ARP
What is ARP?
Address Resolution Protocol (ARP) is a crucial networking protocol used for the resolution of Internet Protocol (IP) addresses into physical machine (MAC) addresses within a local network. Essentially, ARP serves as a bridge between the network layer (IP address) and the data link layer (MAC address) of the OSI model, enabling effective communication between devices on a local network.
Understanding ARP in Windows CMD
The Windows Command Prompt (CMD) is a powerful tool for interacting with the operating system. The use of Windows CMD commands, including ARP commands, plays a significant role in troubleshooting connectivity issues and managing network settings. By mastering ARP, you can greatly enhance your network management skills.
Mastering Windows Cmd Route: A Concise Guide
Accessing the ARP Command in Windows CMD
How to Open Command Prompt
To begin using ARP commands, you must first access the Windows Command Prompt. Here’s how to do it on various Windows systems:
- Windows 10/11: Click on the Start menu, type «cmd,» and press Enter. Alternatively, you can right-click the Start button and select «Windows Terminal» or «Command Prompt.»
- Windows 7: Click on the Start button, navigate to «All Programs,» then «Accessories,» and select «Command Prompt.»
Additionally, you can access CMD using keyboard shortcuts such as `Win + R`, then typing `cmd` and hitting Enter.
Basic Syntax of the ARP Command
The general syntax for the ARP command is fairly straightforward:
arp [options]
This structure allows for several options that enable you to perform various functions related to ARP.
Windows Cmd Grep: Your Essential Guide to Text Searching
Common ARP Commands and Their Uses
Displaying the ARP Table
One of the primary functions of the ARP command is to display the current ARP table. This is achieved with the command:
arp -a
When you execute this command, you’ll see a list of IP addresses and their corresponding MAC addresses, along with the type of ARP entry (dynamic or static). The output typically looks something like this:
Interface: 192.168.1.2 --- 0x2
Internet Address Physical Address Type
192.168.1.1 00-1A-2B-3C-4D-5E dynamic
192.168.1.5 00-1F-2D-3B-4C-6D dynamic
Viewing ARP Entries for a Specific Interface
If you want to focus on the ARP entries associated with a specific network interface, you can use:
arp -a <interface>
Replace `<interface>` with the specific interface you want to query (e.g., Ethernet, Wi-Fi). This command is particularly useful for identifying entries related to a specific connection, ensuring that you’re troubleshooting the right network segment.
Adding a Static ARP Entry
Static ARP entries can be added for devices with fixed IP addresses to improve network efficiency:
arp -s <IP Address> <MAC Address>
For example, if you want to add a static ARP entry for a printer with IP address `192.168.1.10` and MAC address `00-11-22-33-44-55`, you would enter:
arp -s 192.168.1.10 00-11-22-33-44-55
This ensures that your device will always resolve the IP address to the specified MAC address, potentially reducing network latency in specific scenarios.
Deleting an ARP Entry
You might need to clear outdated or incorrect entries from your ARP table. This can be done using:
arp -d <IPAddress>
For instance, to delete the ARP entry for the printer mentioned earlier, you would type:
arp -d 192.168.1.10
This action helps maintain an accurate ARP table, which is crucial for efficient network communication.
Windows Cmd Repair: Quick Fixes You Need to Know
Advanced ARP Usage Tips
Troubleshooting with ARP Commands
ARP commands can be invaluable when diagnosing network issues.
Detecting Duplicate IP Addresses
Duplicate IP addresses can disrupt network connectivity, and ARP can help identify them. When you run the `arp -a` command, pay attention to any duplicates that may show up in the output. If the same IP address has different MAC addresses, it indicates a potential IP conflict.
Resolving Network Connectivity Issues
Network problems often stem from erroneous ARP entries. If you’re unable to connect to a device, check the ARP table to see if the MAC address is correct. You can use the commands mentioned above to diagnose and rectify errors effectively.
Working with Different Network Protocols
ARP primarily works with IPv4; however, with the advent of newer protocols like IPv6, understanding ARP’s role is essential. While IPv6 utilizes Neighbor Discovery Protocol (NDP) instead of ARP, being aware of how ARP operates in conjunction with various network protocols remains relevant for comprehensive network administration.
Mastering Windows Cmd Attrib: A Quick Guide
Security Considerations
ARP Spoofing and Security Threats
While ARP is a powerful tool, it is also vulnerable to security threats, particularly ARP spoofing. This attack involves sending false ARP messages over a local network, allowing an attacker to associate their MAC address with the IP address of a legitimate device. Consequently, this can lead to data interception and man-in-the-middle attacks.
Mitigating ARP Spoofing Risks
To protect your network against ARP spoofing, consider implementing best practices:
- Use Static ARP Entries: For critical devices, use static ARP entries to prevent unauthorized MAC addresses from being associated erroneously.
- Monitor ARP Traffic: Utilize network monitoring tools to detect unusual ARP activity and immediately investigate any discrepancies.
- Educate Users: Awareness among users can also help in recognizing potential network threats.
Mastering Windows Cmd Alias for Effortless Command Shortcuts
Conclusion
Key Takeaways
The `windows cmd arp` command is a vital tool for managing and troubleshooting network connections. By mastering its various commands and understanding ARP’s role in your network, you can enhance your effectiveness as a network administrator or an informed user.
Further Reading and Resources
For those eager to delve deeper into CMD commands, consider exploring additional resources that cover various aspects of network management and troubleshooting.
Windows Cmd Repair Commands: A Quick Guide
FAQs
What is the difference between dynamic and static ARP entries?
Dynamic ARP entries are automatically created when a device communicates with another on the network, but they can expire. Static ARP entries, on the other hand, do not expire and are set manually, offering consistent IP-to-MAC mapping.
Can I use ARP commands remotely?
ARP commands are generally used on a local device. However, you can remotely manage ARP with tools like PowerShell or dedicated network management software, which can give you access to ARP tables on remote devices.
How does ARP work in a virtualized environment?
In virtualized environments, ARP operates similarly to physical networks, allowing virtual machines to communicate through virtual switches. Understanding ARP’s function within these contexts is critical for effective network management in these increasingly popular setups.
ARP stands for “Address Resolution Protocol” is a protocol for mapping an IP address to a physical MAC address on a local area network.
Basically, ARP is a program used by a computer system to find another computer’s MAC address based on its IP address.
Now you have a question “why do we need MAC address?”
The reason is simple, any local communications would use MAC address, not IP address.
When a computer wants to communicate with another computer on a different network, the IP address would be used. The IP address is like your mailing address while MAC address is like your name.
On a TCP/IP network, every computer is assigned IP address and some local server’ IP addresses are also given to a network client.
Now you’re probably wondering – “How often does your computer use ARP?”.
To demonstrate how ARP works let’s take an example.
ARP Command Example
On a local area network, a client computer tries to contact a server.
Here we are talking about communication between two computers on the same broadcast domain means a local area network. First, the client checks its ARP cache.
ARP cache is a table of IP addresses with their corresponding MAC addresses.
To view a Windows computer’s ARP table, open a command prompt and enter the following command:
arp -a
You can see your computers ARP table in the following output:
Interface: 208.117.86.63 --- 0x5
Internet Address Physical Address Type
208.117.86.1 00-00-5e-00-01-02 dynamic
208.117.86.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
The first column is IP address, a second column is corresponding to the MAC address.
The ARP entry is either static or dynamic.
Static ARP entry is manually added to the ARP cache table. Dynamic entries are what the ARP program gets.
They stay there until the ARP cache timeout has expired. Suppose no entry has been found for the server, the client computer will use ARP to send a message through the whole network.
This is a broadcast message to the local network that says who has the IP address so and so, and whats your MAC address.
When a server hears the broadcast message, they respond “yes” i have that IP address and here is my MAC address.
Now, let’s Break down the ARP Process Step by Step:
- The client sends a broadcast message because the destination MAC address is a broadcast address. Simply saying hello! anyone has IP address 192.168.0.10 if you hear me would you please give me your MAC address?, and here is my IP address and MAC address. Other devices hear the broadcast message and discard the ARP packet silently.
- When a server hears the message, it sends a unicast message to the client because the destination MAC address and IP address belong to the client.
- The client cache the servers MAC address. At the same time, the client updates its cache table for future reference.
ARP Summary
- It is a layer 2 protocol that uses a layer 3 IP address to find layer 2 MAC address.
- It operates on a LAN or the same broadcast domain because ARP relies on broadcasting.
- It uses the ARP table.
ARP Announcements
ARP Announcements are a way to officially “claim” the IP address on the network.
ARP announcement to update other hosts ARP tables without the need for an ARP request. It helps update the network faster when there was a recent change to hosts IP address.
Reverse ARP
A diskless computer that doesn’t have permanent storage would not be able to find its IP address because the IP addresses kept on the computer’s secondary storage.
So how does a diskless computer would determine its IP address?
The RARP protocol uses a physical network address to obtain the computer’s internet address.
RARP is a network layer protocol and It allows any host to obtain its IP address from the server.
The RARP mechanism supplies the target machine’s physical address to uniquely identify the processor and broadcast a RARP request. The server on the network then receives the message, look up the mapping table and replies to the sender.
Once the machine obtains its IP address, it stores the address in the memory. It does not use RARP until its reboot.
Maintenance of the IP addresses is difficult in RARP as each server must be configured with a table of static mapping between the hardware addresses and IP addresses.
RARP is outdated and is replaced by BOOTP and DHCP protocols.
Inverse ARP
Instead of using layer 3 that uses a IP address to find a MAC address, Inverse ARP uses MAC address to find IP addresses.
As this name suggests, Inverse ARP is just inverse of ARP.
It is used for device configuration and is enabled by default in ATM (Asynchronous Transfer Mode) Networks.
It is used to find layer 3 address from layer 2 address like, DLCI in frame relay.
It dynamically maps local DHCP or remote IP addresses when you configure frame relay. When using inverse ARP we know the DLCI or remote router but don’t know its IP address.
ARP Command is a TCP/IP utility used for viewing and modifying the local Address Resolution Protocol (ARP) cache.
ARP Cache contains recently resolved MAC addresses of Internet Protocol (IP) hosts on the network.
Run ARP command without any arguements will display a list of the command’s parameters.
arp
You should see the following screen:
You can display the complete ARP cache by running the following command:
arp -a
You should see the following output:
Interface: 208.117.86.63 --- 0x5
Internet Address Physical Address Type
208.117.86.1 00-00-5e-00-01-02 dynamic
208.117.86.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
You can also find the ARP cache entry for a specific IP address by specifying the IP address with arp command:
arp -a 208.117.86.1
You should see the following output:
Interface: 208.117.86.63 --- 0x5
Internet Address Physical Address Type
208.117.86.1 00-00-5e-00-01-02 dynamic
Conclusion
In the above guide, we’ve learned what is ARP and how it works. You also learned how to find the ARP cache of your local network and specific IP address.
We hope this will help you to troubleshoot network related problems and if you have any questions, please feel free to leave them below in the comments section!
An ARP (Address Resolution Protocol) is a communication protocol that works on a “Physical (Data-Link)” layer of a TCP/IP stack and is used to discover a MAC address of a device on a LAN (local-area network) based on its IP address.
An ARP table is used to store the discovered pairs of the MAC and IP addresses.
In this note i will show how to display the ARP table and how to clear the ARP cache using the Windows arp command.
Cool Tip: How to show a routing table in Windows! Read more →
Show ARP Table
To display the current ARP table in Windows, use the arp command with the -a option:
C:\> arp -a Interface: 192.168.1.31 --- 0x7 Internet Address Physical Address Type 192.168.1.1 60-35-c0-6b-a2-b7 dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.252 01-00-5e-00-00-fc static
Show the ARP table in a verbose mode:
C:\> arp -av
To record an IP and MAC address of a device on a LAN to the ARP table, simply ping it:
C:\> ping 192.168.1.95 Pinging 192.168.1.95 with 32 bytes of data: Reply from 192.168.1.952: bytes=32 time=18ms TTL=64 C:\> arp -a Interface: 192.168.1.31 --- 0x7 Internet Address Physical Address Type 192.168.1.1 60-35-c0-6b-a2-b7 dynamic 192.168.1.95 d6-58-01-33-dd-bc dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.252 01-00-5e-00-00-fc static
To discover all the devices on a LAN, you can ping them all using this one-liner (adjust the IP of your network):
C:\> FOR /L %i IN (1,1,254) DO ping -n 1 -w 100 192.168.1.%i | FIND /i "Reply"
Clear ARP Cache
To clear an ARP cache it is required to open an elevated command prompt, otherwise you may receive an error as follows: “The ARP entry deletion failed: The requested operation requires elevation.”
To start the elevated command prompt, press the ⊞ Win keybutton to open the start menu, type in cmd to search for the command prompt and press the Ctrl + Shift + Enter to start the command prompt as an administrator.
To clear the ARP cache in Windows, use the arp command with the -d option:
C:\> arp -d
How Does ARP Work – Explained
When one computer wants to communicate with another computer on the same LAN, it creates an IP packet with the source and destination IP addresses carrying the data from an application and encapsulates it in an Ethernet frame with the source and destination MAC addresses.
Address Resolution Protocol: The sending computer obviously knows its source MAC address, but how does it know the destination MAC address? That’s where ARP comes into play!
To find out a MAC address of the destination computer (if it is not in the ARP cache yet), it sends an ARP request to the broadcast MAC address ff:ff:ff:ff:ff:ff (to the all devices on the LAN), and is basically asking:
Who has IP
192.168.1.95and what is your MAC address?
The destination computer receives the message and replies with an ARP reply:
That’s me! And my MAC address is
xx:xx:xx:xx:xx:xx
The source computer adds the MAC and IP addresses of the destination computer to its ARP table and starts sending the data.
Cool Tip: Check if TCP port is opened in PowerShell! Read more →
Was it useful? Share this post with the world!