Search

Home >> Knowledgebase >> TCP/IP >> Address Resolution Protocol (ARP)

Address Resolution Protocol Tutorial, How ARP work, ARP Message Format

Address Resolution Protocol (ARP) is one of the major protocol of the TCP/IP protocol suite. The purpose of Address Resolution Protocol (ARP) is to resolve an IPv4 address (32 bit Logical Address) to the corresponding physical address (48 bit MAC Address). Network Applications at the Application Layer use IPv4 Address to communicate with another device. But at the Datalink layer, the addressing is MAC address (48 bit Physical Address), and this address is burned into the network card permanently. To understand this concept clearly, you need to visit the Ethernet frame format, which is the data packet generated at the Datalink layer. You can view your network card’s hardware address by typing the command "ipconfig /all" at the command prompt (without double quotes using Windows Operating Systems).

In other words, there are two types of addresses used for IPv4 communication. The address used at layer 3 (Network layer) is IPv4 address (32 bit Logical Addresses) and the address used at layer 2 (Datalink layer) is MAC address (48 bit Physical Address). When a computer encapsulates an IPv4 datagram, it needs source IPv4 address, destination IPv4 address, source MAC address and destination MAC address. Source IPv4 address, destination IPv4 address, source MAC address are already available, because source IPv4 address and destination IPv4 addresses are available locally and the destination IPv4 address is where we are trying to communicate. At the layer 2 (Datalink layer) of the sending computer, if the computer want to encapsulate an IPv4 datagram inside an Ethernet frame, it needs destination MAC address. Address Resolution Protocol (ARP) is used to resolve layer 2 MAC Address of the receiver (destination MAC address).

find-destination-mac-address.gif

The purpose of Address Resolution Protocol (ARP) is to find out the MAC address of a device in your Local Area Network (LAN), for the corresponding IPv4 address, which network application is trying to communicate.

Address Resolution Protocol (ARP) Message Format

Address Resolution Protocol ARP Message Format

Address Resolution Protocol (ARP) Message Format

Following are the fields in the Address Resolution Protocol (ARP) Message Format.

Hardware Type : Hardware Type field in the Address Resolution Protocol (ARP) Message specifies the type of hardware used for the local network transmitting the Address Resolution Protocol (ARP) message. Ethernet is the common Hardware Type and he value for Ethernet is 1. The size of this field is 2 bytes.

Protocol Type : Each protocol is assigned a number used in this field. IPv4 is 2048 (0x0800 in Hexadecimals).

Hardware Address Length : Hardware Address Length in the Address Resolution Protocol (ARP) Message is length in bytes of a hardware (MAC) address. Ethernet MAC addresses are 6 bytes long.

Protocol Address Length : Length in bytes of a logical address (IPv4 Address). IPv4 addresses are 4 bytes long.

Opcode : Opcode field in the Address Resolution Protocol (ARP) Message specifies the nature of the ARP message. 1 for ARP request and 2 for ARP reply.

Sender Hardware Address : Layer 2 address (MAC Address) of the device sending the message.

Sender Protocol Address : The protocol address (IPv4 address) of the device sending the message

Target Hardware Address : Layer 2 (MAC Address) of the intended receiver. This field is ignored in requests.

Target Protocol Address : The protocol address (IPv4 Address) of the intended receiver.

Working of Address Resolution Protocol (ARP)

Step 1: When a source device want to communicate with another device, source device checks its Address Resolution Protocol (ARP) cache to find it already has a resolved MAC Address of the destination device. If it is there, it will use that MAC Address for communication. To view your local Address Resolution Protocol (ARP) cache, Open Command Prompt and type command "arp -a" (without double quotes using Windows Operating Systems).

Step 2: If ARP resolution is not there in local cache, the source machine will generate an Address Resolution Protocol (ARP) request message, it puts its own data link layer address as the Sender Hardware Address and its own IPv4 Address as the Sender Protocol Address. It fills the destination IPv4 Address as the Target Protocol Address. The Target Hardware Address will be left blank, since the machine is trying to find Target Hardware Address.

Step 3: The source broadcasts the Address Resolution Protocol (ARP) request message to the local network.

Step 4: The message is received by each device on the LAN since it is a broadcast. Each device compare the Target Protocol Address (IPv4 Address of the machine to which the source is trying to communicate) with its own Protocol Address (IPv4 Address). Those who do not match will drop the packet without any action.

Step 5: When the targeted device checks the Target Protocol Address, it will find a match and will generate an Address Resolution Protocol (ARP) reply message. It takes the Sender Hardware Address and the Sender Protocol Address fields from the Address Resolution Protocol (ARP) request message and uses these values for the Targeted Hardware Address and Targeted Protocol Address of the reply message.

Step 6: The destination device will update its Address Resolution Protocol (ARP) cache, since it need to contact the sender machine soon.

Step 7: Destination device send the Address Resolution Protocol (ARP) reply message and it will NOT be a broadcast, but a unicast.

Step 8: The source machine will process the Address Resolution Protocol (ARP) reply from destination, it store the Sender Hardware Address as the layer 2 address of the destination.

Step 9: The source machine will update its Address Resolution Protocol (ARP) cache with the Sender Hardware Address and Sender Protocol Address it received from the Address Resolution Protocol (ARP) reply message.

Address Resolution Protocol Explained with an example

Let us take an example of below topology.

arp 01

I am sitting at 192.168.0.84. I want to ping to 192.168.0.122, to check the network connectivity. While running the ping command, we never specify the MAC Address of the destination device (192.168.0.122).

arp 02

We know that ping command works using ICMP. ICMP is encapsulated inside IP datagram and IP datagram is encapsulated within Ethernet Frame. We need Source IP Address (my IP Address, 192.168.0.84), destination IP Address (192.168.0.122), Source MAC Address (my MAC Address 08:00:27:58:58:98) and destination MAC Address to make the Ethernet Frame for ICMP message. Source IP Address, destination IP Address, Source MAC Address are known at this instance, but the destination MAC Address unknown at this instance.

To assemble the Ethernet Frame, my device must have the destination MAC Address corresponding to the IP Address 192.168.0.122.

We need to resolve the destination MAC Address corresponding to the IP Address 192.168.0.122.

Step 1: Before resolving the destination MAC Address corresponding to the IP Address 192.168.0.122, using Address Resolution Protocol (ARP), source device checks its Address Resolution Protocol (ARP) cache to find it already has a resolved MAC Address of the destination device. We can view the ARP cache by using the command arp -a

The ARP cache in my computer is empty. There are no entries in my ARP cache.

arp 03

Step 2: Now my computer need to resolve the destination MAC address using ARP. My computer will prepare an ARP Request message and send it with a destination MAC Address as FF:FF:FF:FF:FF:FF (Broadcast MAC Address) to LAN Switch.

arp 04

Step 3: Since the destination MAC Address is FF:FF:FF:FF:FF:FF (Broadcast MAC Address), the LAN Switch will flood it to all the connected ports and every device in the LAN will get a copy of it.

Following screen shot shows the Wireshark capture window of ARP Request message. You must compare the below screen shot with ARP message format image at the beginning of this lesson. We can see from the below screen shot that the destination MAC Address is FF:FF:FF:FF:FF:FF (Broadcast MAC Address), ARP opcode is 1 (for ARP Request), and the Target MAC Address is 00:00:00:00:00:00, which is unknown at this instance.

We can also see from the below screen shot that the Source IP Address is 192.168.0.84, destination IP Address is 192.168.0.122, Source MAC Address 08:00:27:58:58:98 and destination MAC Address is 00:00:00:00:00:00.

ARP Request Wireshark Capture

Step 4: The ARP Request message is received by each device on the LAN since it is a broadcast. Each device compare the Target Protocol Address (192.168.0.122), with its own IP Address. Those who do not match will drop the packet without any action.

Step 5: When the computer with the IP Address 192.168.0.122 receives the ARP Request, it must prepare an ARP Reply and send back to the computer who sent the ARP Request. ARP Reply will be a unicast, to save Network Resources.

arp 05

Note that the ARP Reply has the Opcodef filled as 2, which is used to identify it as a ARP Reply.

The "Sender MAC Address" field (which is marked below) in ARP Reply is the answer for ARP Request.

ARP Reply wireshark capture

Now both the computers can update their ARP cache, so that the MAC Address to IP Address mappings can be used for a future communication. However, after a small period of time, ARP cache is flushed to avoid incorrect mappings (IP Address of any device can change at any time)

The ARP cache filled with a MAC address to IP Address mapping is shown below.

ARP Cache

You have learned Address Resolution Protocol (ARP), Address Resolution Protocol (ARP) Message Format and how Address Resolution Protocol (ARP) operate in a LAN. Click "Next" to continue.

 

<< How to find out the Network Address and Broadcast Address of a subnetted IPv4 address
What is Gratuitous ARP >>
Related Tutorials
Introduction to TCP/IP, Features of TCP/IP, TCP/IP History, What is RFC (Request for Comments)
Seven Layers of OSI Model and functions of seven layers of OSI model
Five layered TCP/IP model
Network Layer (Layer 3)
TCP/IP Data Encapsulation and Decapsulation
Datalink Layer (Layer 2)
Ethernet Frame Format
What is MAC address or Layer 2 address or physical address
IPv4 Protocol, IPv4 header and fields of IPv4 header
IPv4 addresses, IPv4 Address Classes, IPv4 Address Classifications
What is Subnet Mask
What is network address
Limited broadcast address
Directed broadcast address
What is limited broadcast in IPv4 and how limited broadcast works
What is directed broadcast in IPv4 and how directed broadcast works
What is default gateway
What are private IP addresses - RFC 1918 private addresses
APIPA Addresses (Automatic Private IP Addresses)
What is loopback address in IPv4
What is localhost
Class A networks and Class A IP addresses
Class B networks and Class B IP addresses
Class C networks and Class C IP addresses
Class D multicast IP addresses
Subnetting - Part 1
Subnetting - Part 2
Subnetting - Part 3
Subnetting - Part 4
Subnetting - Part 5
Subnetting - Part 6
Variable Length Subnet Masking, VLSM, IP V4 Subnetting, subnetting tutorials, IP study guides, IP documentation, IP tutorials
Supernetting, IP Supernetting, IP Supernetting tutorial, How to Supernet, Supernetting Guide, Supernetting Concepts
How to find out the Network Address and Broadcast Address of a subnetted IPv4 address
Address Resolution Protocol Tutorial, How ARP work, ARP Message Format
What is Gratuitous ARP