Using the Address Resolution Protocol (ARP)

Previous page
Table of content
Next page

The Address Resolution Protocol, or ARP, is part of the TCP/IP (Transmission Control Protocol/Internet Protocol) protocol stack; it is used to translate TCP/IP addresses to MAC (media access control) addresses using broadcasts. When a machine running TCP/IP wants to know which machine on an Ethernet network uses a particular IP address, it will send an ARP broadcast that says, in effect, “Hey! Who is IP address xxx.xxx.xxx.xxx ?” The machine that owns the specific address will respond with its own MAC address. The machine that made the inquiry then adds that information to its own ARP table.

In addition to the normal usage, the ARP designation refers to a utility in Windows 95/98 and NT that you can use to manipulate and view the local workstation’s ARP table.

The Windows ARP Table

The ARP table in Windows 95/98 and NT is a list of TCP/IP addresses and their associated physical (MAC) addresses. This table is cached in memory so that Windows doesn’t have to perform ARP lookups for frequently accessed TCP/IP addresses (for example, servers and default gateways). Each entry contains not only an IP address and a MAC address, but a value for Time to Live (TTL), which indicates how long each entry stays in the ARP table.

The ARP table contains two kinds of entries:

  • Dynamic

  • Static

Dynamic ARP table entries are created whenever the Windows TCP/IP stack makes an ARP request and the MAC address is not found in the ARP table. The ARP request is broadcast on the local segment. When the MAC address of the requested IP address is found, that information is added to the ARP table.

Note 

Periodically the ARP table is cleared of dynamic entries whose TTL has expired to ensure that the entries are current.

Static ARP table entries serve the same function as dynamic entries, but are made manually using the ARP utility.

The ARP Utility

To start the ARP utility in Windows 95/98, follow these steps:

  1. Choose Start Ø Programs Ø MS-DOS Prompt to open the MS-DOS Prompt window.

  2. At the command prompt, type ARP and any switches you need.

To start the ARP utility in Windows NT, follow these steps:

  1. Choose Start Ø Programs Ø Command Prompt to open the Command Prompt window.

  2. At the command prompt, type ARP and any switches you need.

Note 

Entered alone, the ARP command lists only the switches you must use in order to use the ARP utility correctly.

The ARP utility is primarily useful for resolving duplicate IP addresses. For example, your workstation receives its IP address from a DHCP (Dynamic Host Configuration Protocol) server, but it accidentally receives the same address as another workstation. When you try to ping it, you get no response. Your workstation is trying to determine the MAC address, and it can’t do so because two machines are reporting that they have the same IP address. To solve this problem, you can use the ARP utility to view your local ARP table and see which TCP/IP address is resolved to which MAC address. To display the entire current ARP table, use the ARP command with the –a switch, like this: 

ARP -a

You’ll see something similar to the following: 

Interface: 204.153.163.3 on Interface 2 Internet Address         Physical Address          Type 204.153.163.2            00–a0–c9–d4–bc–dc         dynamic 204.153.163.4            00–a0–c0–aa–b1–45         dynamic
Tip 

The –g switch will accomplish the same result.

From this output, you can tell which MAC address is assigned to which IP address. Then, by examining your network documentation (you do have it, don’t you?), you can tell which workstation has the IP address and if it is indeed supposed to have it.

Note 

If the machine has more than one network card (as may happen in Windows NT machines), each interface will be listed separately.

In addition to displaying the ARP table, you can use the ARP utility to manipulate it. To add static entries to the ARP table, use the ARP command with the –s switch. These entries stay in the ARP table until the machine is rebooted. A static entry hard-wires a specific IP address to a specific MAC address so that when a packet needs to be sent to that IP address, it is sent automatically to that MAC address. Here’s the syntax: 

ARP -s [IP Address] [MAC Address]

Simply replace the [IP Address] and [MAC Address] sections with the appropriate entries, like so: 

ARP -s 204.153.163.5 00-a0-c0-ab-c3-11

You can now take a look at your new ARP table by using the ARP -a command. You should see something like this: 

Interface: 204.153.163.3 on Interface 2 Internet Address         Physical Address         Type 204.153.163.2            00–a0–c9–d4–bc–dc        dynamic 204.153.163.4            00–a0–c0–aa–b1–45        dynamic 204.153.163.5            00–a0–c0–ab–c3–11        static

Finally, if you want to delete entries from the ARP table, you can either wait until the dynamic entries time out, or you can use the –d switch with the IP address of the static entry you’d like to delete, like so: 

ARP -d 204.153.163.5

This deletes the entry from the ARP table in memory.

Note 

The ARP utility doesn’t confirm successful additions or deletions, but it will give you an error message if you use incorrect syntax.



Previous page
Table of content
Next page
Network+ Study Guide
Network+ Study Guide
ISBN: 470427477
EAN: N/A
Year: 2002
Pages: 151
BUY ON AMAZON
Java I/O
Adobe After Effects 7.0 Studio Techniques
SQL Hacks
An Introduction to Design Patterns in C++ with Qt 4
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy