Address Resolution Protocol (ARP)

Network devices use physical addresses (MACs) to send Ethernet frames between each other. TCP/IP application use IP addresses. The Address Resolution Protocol (ARP) is used to bridge the gap and translate IP addresses to MACs.

ARP assumes all hosts in the same subnet are on the same local network. That means only hosts in the same subnet can communicate. If an IP packet is addressed outside of the subnet, it will instead be sent to the default gateway. So ARP will determine the MAC of the gateway IP instead.

ARP will broadcast and ask who owns a given IP. The ARP response by someone on the network contains the MAC address of the host who owns it, which is then use for future communication.

ARP Request (Pseudo Text)

 From: 02:42:5f:d2:10:ab
 To:   ff:ff:ff:ff:ff:ff (everyone)

 I'm looking for IP 192.168.1.1

ARP Response (Pseudo Text)

 From: 02:42:5f:d2:20:ca
 To:   02:42:5f:d2:10:ab

 I have IP 192.168.1.1

Manual ARP requests

The arping command allows you to initiate a manual ARP request and see if any host on the network answers.

$ arping -c 3 -I em3 192.168.1.1
ARPING 192.168.1.1 from 192.168.0.1 em3
Unicast reply from 192.168.1.1 [84:7B:EB:D9:35:2A]  0.705ms
Unicast reply from 192.168.1.1 [84:7B:EB:D9:35:2A]  0.728ms
Unicast reply from 192.168.1.1 [84:7B:EB:D9:35:2A]  0.701ms
Sent 3 probes (1 broadcast(s))
Received 3 response(s)

ARP Cache on Linux

To reduce the number of ARP requests operating systems maintain an ARP cache that contains the mapping of IP addresses to MACs. On Linux you can inspect and manipulate the ARP cache with the arp command:

$ arp -n
Address           HWtype  HWaddress            Iface
192.168.20.153    ether   7c:d3:0a:c7:36:a4    em1
192.168.19.11     ether   84:7b:eb:f4:fd:5c    em1
192.168.20.56     ether   7c:d3:0a:c7:29:f6    em1
192.168.0.80      ether   24:8a:07:51:a7:82    em3
...

Note

This becomes relevant if you accidentally assigned the same IP address to two different network devices in your network. Whoever responds to the ARP request first will be stored in the ARP cache. Subsequent communication will only contact the MAC address in the cache. The other host is essentially invisible. To clean up this situation, you either wait for the ARP cache(s) on your systems to expire or manually flush them with the arp command.