Tuesday, September 6, 2011

What is arp?

■ Requirement : Details on arp
■ OS Environment : Linux, RHEL, Centos
■ Resolution: 

What is arp?

Ans : This is a command to manipulate the system ARP cache. Arp manipulates the kernel’s ARP cache in various ways. The primary options are clearing an address mapping entry and manually setting up one. For debugging purposes, the arp program also allows a complete dump of the ARP cache.
Note : This program is obsolete. For replacement check ip neighbor

Add entry of another machine's IP and MAC address :

#arp -s
arp -i eth0 -s 00:16:3e:74:8d:85 pub

View the arp cache :

#arp -n
#arp -v

Delete arp cache entry :

#arp -d

Cache stored in /proc/net/arp file.

Note : Each complete entry in the ARP cache will be marked with the C flag. Permanent entries are marked with M and published entries have the P flag.
files :


How to atomatic update arp cache usign arping ?

arping - we can use this command to send ARP REQUEST to a neighbour host.

$ arping -I
arping -c 1 -I eth0

How arp works?

Ans : In an Ethernet environment, ARP is used to map a MAC address to an IP address. ARP dynamically binds the IP address (the logical address) to the correct MAC address. Before IP unicast packets can be sent, ARP discovers the MAC address used by the Ethernet interface where the IP address is configured. Hosts that use ARP maintain a cache of discovered Internet-to-Ethernet address mappings to minimize the number of ARP broadcast messages. To keep the cache from growing too large, an entry is removed if it is not used within a certain period of time. Before sending a packet, the host looks in its cache for Internet-to-Ethernet address mapping. If the mapping is not found, the host sends an ARP request.

arping sends request to nearest host or router and get's their MAC and IP and keeps in cache. Then router sends to its nearest subnet and find out desried IP and MAC. If it gets then it sends to first host. Now first host keeps these in its cache. IP vs MAC mapping.

Set timeout value of arp ?

$ arp timeout 8000

How to clear arp?

$ clear arp

Why MAC address validation ?

MAC address validation is a verification process performed on each incoming packet to prevent spoofing on IP Ethernet-based interfaces, including bridged Ethernet interfaces. When an incoming packet arrives on a layer 2 interface, the validation table is used to compare the packet's source IP address with its MAC address. If the MAC address and IP address match, the packet is forwarded; if it does not match, the packet is dropped.

How to validate arp ?

$ arp validate

No comments:

Post a Comment