What is ARP (Address Resolution Protocol)?

ARP (Address Resolution Protocol) is a network protocol used to map an IP address to a MAC (Media Access Control) address within a local network (LAN). It operates at Layer 2 (Data Link Layer) of the OSI model and is essential for devices to communicate over Ethernet and Wi-Fi networks.

How ARP Works

When a device wants to communicate with another device on the same network, it follows these steps:

1. ARP Request:
   • The sender broadcasts an ARP request packet on the network asking, "Who has this IP address? Tell me your MAC address."
   • This request is sent to FF:FF:FF:FF:FF:FF (the broadcast MAC address).
2. ARP Reply:
   • The device with the requested IP address responds with an ARP reply, providing its MAC address to the sender.
   • This reply is sent directly (unicast) to the requester.
3. Caching:
   • The sender stores the IP-MAC mapping in its ARP cache to avoid repeating the request for future communications.

Types of ARP

1. Normal ARP – Resolves IP addresses to MAC addresses in the local network.
2. Gratuitous ARP – A device announces its IP-MAC mapping to update other devices (used in failover scenarios or IP conflict detection).
3. Proxy ARP – A router responds to an ARP request on behalf of another device in a different subnet.
4. Inverse ARP (InARP) – Used in ATM or Frame Relay networks to map MAC addresses to IP addresses.

ARP Spoofing (Poisoning) Attack

• Attackers send fake ARP replies, associating their MAC address with another device’s IP, leading to MITM (Man-in-the-Middle) attacks.
• Prevention methods include Dynamic ARP Inspection (DAI), static ARP entries, and ARP monitoring tools.

Commands to View ARP Table

• Linux/macOS: arp -a or ip neigh show
• Windows: arp -a