Use the ARP Command to Find IP to MAC Address Mappings
ARP is a protocol used to assign a MAC address (or hardware address) to an IP address, which implies the “Address Resolution Protocol.” During network contact, the IP address is resolved at the MAC address of your destination computer or device. The MAC address is used to decide where the information will be sent. Bear in mind that if the target device is not on the same network then the ARP must learn the MAC address from the next hop, used to access the next network. Once this information is accessed, it will be stored in the ARP table or cache for the future communication of the network.
If a computer has to connect with a human, it will use the IP address of the destination computers to decide whether that computer is on the same network or sub-net. Once the device is located on the same network, it sends an ARP broadcast to the target machine’s MAC address. When not on the same network, the broadcast is transmitted via its routing table to the default gateway or router to decide where to deliver the packet using the target IP address. The IP address of the destination computer to be accessed is still included in the packet. The diagram below illustrates an ARP on the same network for computers.
Using the ARP command
When a computer resolves a MAC address at an IP address, the mapping data is kept in its memory for a short period of time. This ARP cache doesn’t take you too long because the network’s changes and you don’t have the most up-to-date information. You can use the ARP command in the ARP cache or table to view and modify those entries. Use ARP to locate duplicate IP addresses and find invalid entries in the ARP table can also be used.
For different functions, the ARP command uses various switches. The Windows ARP command switches are available here.
- -a -Show the ARP entries in the current protocol by questioning their data. If inet addr is specified, only the specified computer displays the IP and physical addresses. If ARP is used by more than one network interface, entries will be shown for each table of ARP.
- -g -Just like -a.
- -v -Shown in verbose mode latest ARP entries. All invalid loop-back interface entries and entries will be shown.
- inet_addr -Specifies an url for the website.
- -N if_addr -Shows the ARP inputs for the if addr network interface.
- -d -Removes the inet addr defined host. The wildcard inet addr can be * to delete all hosts.
- -s -Adds the host to the physical eth addr and associates the Internet address inet addr with it. 6 hexadecimal bytes separated by hysphens shall be given the physical address. The entry is continuous.
- eth_addr -Specifies an address for practical use.
- if_addr -If present, the web address of the interface whose address tables should be modified is indicated. The first interface would be used if it is not present.
There are several features you can execute using ARP, as you will see in the list of switches. One of the most commonly used switches is–one that lists all of your computer’s cached ARP entries. You will use the –N option if you want to locate entries from a certain network interface if you have more than one. Use the -s command and specify IP address and MAC address to add a permanent entry to the ARP table.
Here’s an example of the output of the -a switch ARP command.
ARP isn’t too effective on your home network because it’s basic, but it can be easy to find trouble-solving host to host communication problems in a corporate environment with several networks\subnets.