• Articles
  • Tutorials
  • Interview Questions

Unraveling the Address Resolution Protocol (ARP)

Unraveling the Address Resolution Protocol (ARP)

Table of content

Show More

In the digital world, communication is supposed to be seamless. Protocols, such as ARP, DHCP, and DNS, can aid in making this happen. Address Resolution Protocol (ARP) matches IP addresses with MAC addresses; Dynamic Host Configuration Protocol (DHCP)  assigns IP addresses dynamically, while Domain Name System (DNS) converts domain names into IP addresses. Together, they ensure effective information sharing but raise issues around security, thereby involving strong network protection measures. According to the Datareportal “In 2023, there are approximately 5.16 billion internet users worldwide, accounting for around 64.4% of the global population.”

Understanding ARP: The Backbone of Networking

Address Resolution Protocol (ARP) is a protocol used to connect IP addresses with MAC addresses and allow local networks to communicate. This protocol sends broadcast requests and temporarily stores the responses to expedite further communication. Given below are the important features of ARP:

  • ARP resolves IP addresses into their corresponding MAC addresses.
  • It broadcasts the request messages on the network and receives unicast replies from them. 
  • It stores mappings on an ARP cache temporarily.

How Does ARP Work?

Address Resolution Protocol (ARP) works by associating IP addresses with MAC addresses for local area network data transmission. In case a device has information to send to another, it broadcasts an ARP request with its own IP and MAC addresses, in which it looks for the MAC address that is associated with this IP address of the recipient. This request reaches all other devices on the LAN until the one with a similar IP replies back with its MAC address. The sender then encapsulates the data packet using this MAC address and facilitates its proper transmission. Also, other devices receiving the ARP request refresh their ARP caches with the sender’s information for future communications.

How Does ARP Work Diagram

Furthermore, routers are able to perform proxy ARP, which responds to ARP requests from devices located in different networks, facilitating inter-network communication.

For example: 
Computer A, which has the IP address of 192.168.1.10 and MAC address of AA:BB:CC:DD:EE, wants to mail some data to Computer B with its own identity as “192.168.1.20” that is stamped in an ARP request broadcast by Computer A that asks “Who has IP 192.168.1.20?”.

How Does ARP Work Example

When this request reaches a certain computer B with an IP address of 192.168.1.20 and a MAC address of 11:22:33:44:55:66, it responds by revealing its MAC address number. On the other hand, Computer A reads this information from a cache and adjusts it at once—now all the subsequent packets will be sent directly to Computer B’s MAC address (11:22:33:44:55:66). This ensures that the data gets safely delivered to Computer B because only when we know who owns it can we send it there!

Get 100% Hike!

Master Most in Demand Skills Now!

DHCP and DNS With ARP

DHCP With ARP

In networking, Address Resolution Protocol (ARP) and Dynamic Host Configuration Protocol (DHCP) play different roles, but they work together to enable communication in a network.

DHCP

An IP address is required for a device to communicate with others when it joins a network. This is accomplished by assigning an IP address dynamically to the devices through the DHCP server which provides an IP address for some specified time known as the DHCP lease period.

ARP

After obtaining of an IP address via DHCP, a device should then find out the MAC address of the target device that it wants to communicate with. ARP links MAC addresses associated with an IP address; when one device on a local network needs to communicate with another, it sends an ARP request to learn the MAC address of this target device.

In short, ARP translates IP addresses into MAC addresses so as to enable communication within the network, DHCP assigns IPs dynamically across devices in a network. These two protocols combine forces for devices to obtain their IPs and effectively communicate over LANs.

DNS With ARP

Domain Name System (DNS) and Address Resolution Protocol (ARP) are different protocols that work together to communicate between IP addresses and other types of addresses.

DNS

DNS helps us translate domain names into IP addresses, which the TCP/IP suite uses to route packets. For example, DNS changes a human-readable hostname “intellipaat.com” into an IP address.

ARP

ARP changes IP addresses into MAC addresses that are used as unique physical addresses by networking devices. Whenever you want to send a packet from one host to another within the same network or even across networks, then ARP is what you need.

DNS With ARP diagram

In short, DNS and ARP have different functions in networking. The role of DNS is usually to translate user-friendly domain names into their corresponding IP addresses, thereby making website and service retrieval easier. In conclusion, this also involves taking these IP addresses and resolving them so they refer to MAC addresses with ARP, hence ensuring the correct delivery of packets within local networks. Thus, the integration of DNS and ARP guarantees seamless communication and connectivity across various types of networks.

Types of ARP

There are four types of ARP: proxy ARP, gratuitous ARP, RARP, and InARP. Let us learn about them in detail.

  1. Proxy ARP

In proxy ARP, a router or network device responds to ARP requests from another device. This permits one network’s devices to communicate with those on different networks without configuring routing or knowing the MAC address of devices on that other network.

  1. Gratuitous ARP

Gratuitous ARP is an Address Resolution Protocol (ARP) request or reply that is not in response to any request. It is generally employed by a node to reveal its IP to MAC mapping within the network, thereby aiding in the detection of IP conflicts or updating other nodes’ ARP caches with its current MAC address.

  1. Reverse ARP (RARP)

A gateway server uses Reverse Address Resolution Protocol (RARP) to enable a machine to obtain its IP address. This was used by diskless workstations in the past, for these machines only knew their MAC addresses but needed an IP address from the server. RARP has been largely replaced by DHCP.

  1. Inverse ARP (InARP)

The protocol called Inverse Address Resolution Protocol (InARP) is used to find out an IP number given a MAC address. It is basically applied in frame relay and ATM networks so as to map virtual circuit identifiers into Internet Protocol addresses.

ARP vs. RARP: Know the Key Differences

Key AspectsARPRARP
Full Form Address Resolution ProtocolReverse Address Resolution Protocol
Definition The objective of the ARP is to find out the physical address of a receiver on a network.RARP helps in discovering the logical address of its computer from an attendant.
Broadcast AddressIn order to broadcast over LAN, ARP employs MAC addresses.For broadcasting purposes, RARP uses IP addresses.
Usages The uses of ARP were designed to include finding out other device addresses on LAN through routers or hosts.RARP enables thin clients with its limited faculties.
Mapping These mappings make sure that each node has a unique IP and MAC address combination.RARP maps MAC addresses (48-bit physical) into Internet Protocol Addresses (32-bit logical).
AddressesIP addressesMAC addresses
Operation With a known IP address obtain the MAC address With a known MAC address obtain the IP address 
Fetching MAC address fetched by the receiver’s IP address fetched by the receiver’s 

ARP in Networking

Address Resolution Protocol (ARP) is a networking protocol used for mapping IP addresses to MAC addresses for better communication between devices. 
For example, imagine that a computer with an IP address of 192.168.1.2 wants to communicate with another device within that network but only has an IP address like 192.168.1.3. Then the computer broadcasts an ARP request that says, “Who has IP address 192.168.1.3?” In response, the device with such an IP will provide its MAC address of like “00:1A:2B:3C:4D:5E”. Now, using a MAC address, the computer may send data directly to a specific device, thus ensuring expedient communication on a network between them.

ARP in Networking

ARP Spoofing

ARP spoofing, also called ARP cache poisoning, is an attack in which a criminal sends incorrect Address Resolution Protocol (ARP) messages across a local area network (LAN). The goal is to link the hacker’s MAC address with a valid IP address of any other network resource, like a router or server. This way, the attacker can intercept, alter, or redirect traffic destined for such a genuine resource, leading to many security issues, including eavesdropping, session hijacking, and denial of service (DoS) attacks.

ARP Spoofing

Conclusion

These vital protocols ARP, DHCP, and DNS are found in complex computer networks to guarantee continuous device-to-device communication. ARP is an IP address to MAC address mapping protocol, while DHCP assigns IP addresses dynamically and DNS translates domain names into IP addresses. These help in ensuring efficient data transfers among network computers but the need for robust security measures is highlighted by threats like ARP spoofing. Hence, it is important that we understand how these protocols relate to each other in order to establish a secure and operational network.

Course Schedule

Name Date Details
Cyber Security Course 14 Dec 2024(Sat-Sun) Weekend Batch View Details
21 Dec 2024(Sat-Sun) Weekend Batch
28 Dec 2024(Sat-Sun) Weekend Batch

About the Author

Lead Penetration Tester

Shivanshu is a distinguished cybersecurity expert and Penetration tester. He specialises in identifying vulnerabilities and securing critical systems against cyber threats. Shivanshu has a deep knowledge of tools like Metasploit, Burp Suite, and Wireshark.