Thursday, February 13, 2014

ARP : Address resolution protocol

Address resolution protocol (arp) , arp is a protocol used to map IP network address to the hardware address. The term address resolution actually means to a process of finding the address of a computer in a network. So consider when we run a ping command on a remote machine, the ARP request message like “who is X.X.X.X tell Y.Y.Y.Y” is sent using the Ethernet broadcast address. The remote machine with the IP address responds to the message by sending back a ARP response like “X.X.X.X is hh:hh:hh:hh:hh:hh” and sends to the requesting machine.

The response obtained is stored in a file /proc/net/arp for a shorter period to avoid the need to continuously re-establish the mapping between the Hardware Ethernet address and the actual IP address.

A broadcast address is an IP address that is used to target all systems on a specific subnet network instead of single hosts. This can be calculated, if the IP address is and subnet mask as then broadcast address can be deduced in following manner.

 IP Address:               11000000.10101000.00001100.11011100
 Reverse Mask:           00000000.00000000.00000000.01111111
Bitwise OR                 ----------------------------------------------------------
Broadcast Address:     11000000.10101000.00001100.11111111

Ethernet address or also called as MAC (Media access address) like  802.11a/b/g wireless or the more traditional CAT5/CAT6 wired networks .every Ethernet device has a unique six-byte ID in it.

  • Ethernet address, also called MAC address, is a 48-bit number used to uniquely identify each computer in a network. The address is usually written in hexadecimal form. An IP address is the identifier for a computer or device on a TCP/IP network. In computer networking a Media Access Control address (MAC address) serves as an identifier for a particular network adapter. Thus network cards  in two different computers will have different MAC 
  • Mac addresses are not the same. MAC (Media access control) address is a unique id of a network interface. The most commonly used network interface is Ethernet and hence called as Ethernet address.
Find Your system MAC address

[root@vx111a ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 78:AC:C0:B1:7B:BD
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::7aac:c0ff:feb1:7bbd/64 Scope:Link
          RX packets:3090 errors:0 dropped:0 overruns:0 frame:0
          TX packets:165 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:339816 (331.8 KiB)  TX bytes:16361 (15.9 KiB)
          Interrupt:20 Memory:fe500000-fe520000 

The arp command in linux allows to examine the mapping. When we execute the command arp , we see

[root@vx111a ~]# arp -n
Address                  HWtype   HWaddress           Flags Mask            Iface           ether   02:17:c5:98:7c:f0   C                       eth0

This tells that the hardware address mapped to the IP address is 02:17:c5:98:7c:f0. As we said earlier that arp mapping are saving for a short period and hence we see only 1 mapping here. Consider if you ping a IP address like,
[root@vx111a ~]# ping -c 1
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=128 time=1.91 ms

--- ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 1ms
rtt min/avg/max/mdev = 1.919/1.919/1.919/0.000 ms

And now when we run arp command again, we see

[root@vx111a ~]# arp -n
Address                  HWtype    HWaddress           Flags Mask            Iface           ether   40:61:86:f0:b1:9f   C                        eth0           ether   02:17:c5:98:7c:f0   C                        eth0

The arp search are saved for a shorter period.By caching an ARP record for a short time, a new request should not be necessary during most client/server application sessions. Consider if we do a ping for,

[root@vx111a ~]# ping -c 1
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=57 time=24.9 ms

--- ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 94ms
rtt min/avg/max/mdev = 24.975/24.975/24.975/0.000 ms

And check arp command again, we don’t see any listing for

[root@vx111a ~]# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface           ether   40:61:86:f0:b1:9f   C                       eth0           ether   02:17:c5:98:7c:f0   C                      eth0

Because even though is reachable but it is configured on a different network and hence the mappings are not added to the arp table in the local network.

More to Come , Happy learning
Read More