Networking Basics – Address Resolution Protocol (ARP)

Last Updated on

The core function of this website is not to become some geeky networking site.  Although my background is working with networks, I now make my living online. So the focus here is hiding your identity online for two core reasons – privacy and making money!  You don’t need to be a Cisco certified engineer to accomplish this, yet knowing something about networking basics does help.  

It helps you understand TCP/IP, IP addresses and how proxies and VPNs function.  If you’re paying for a residential addresses and private proxies then it helps to know some of this stuff.  A little technology knowledge, also helps you when proxy and VPN providers start making overblown claims about their services.  However as stated learning this stuff is not mandatory only useful and there are plenty of great technology sites if you want to study more.   So if you’re just into online money making schemes and managing multiple digital identities through proxies then feel free to ignore these posts (what do you mean you already have!).

ARP – Address Resolution Protocol

To understand ARP we have to move down to the lower layer of the OSI model.   The reason for the existence of ARP is the fact that logical and physical addresses are used for communication on most networks.  Using logical addresses (IP) means that we can communicate between multiple networks and devices which are not directly connected.  Whereas the use of physical addresses (MAC) allows fast and efficient communication in single network segments e’g devices connected to a single switch. 

In reality both these sorts of communication and addressing must work together across networks.   Let’s consider a simple example by means of illustration.  We’re looking to communicate with a device on our local network, perhaps a file server or even a computer with a shared drive.   We’re using an application to initiate communication which is aware of the IP address of the remote device.  It’s obtained this address by using the protocol DNS covered elsewhere in this site.   

ARP packet format

In this situation we have all the information we need to build through layers 3 – 7 of the packet it needs to transmit.  There is only one piece of information missing and that the layer 2 data link data which contains the physical (MAC) address of the target device.

Why do we need MAC addresses? Well simply because switches need this information in order to route your data in the right direction.  A switch that interconnects across networks contains something called a CAM (Content Addressable Memory) table.  This contains the physical addresses of all the devices which are actually plugged directly in it’s ports.  When data is received by the switch it will check it’s table for the matching MAC address and send directly to it’s port if it’s connected.  If the destination MAC address is unknown then, the transmitting device will check it’s cache for the address.  If this is not present then the address must be located in another method across the network.

For TCP/IP communication then to resolve an IP address to a MAC address the Address Resolution Protocol (ARP) will be used.   It’s actually quite a simple protocol and only uses two distinct packets – ARP request and ARP response.  

Summary of ARP Process

Firstly the transmitting device will send out an ARP request which basically follows this standard structure – 

  • My IP address is – XX.XXX.XXX.XXX
  • My MAC address is XX:XX:XX:XX:XX:XX:XX:XX

It will then announce that it needs to send some data to a specific IP address, with a request for the MAC address that is associated with this address.  Remember though this is dynamic, a MAC address won’t change over time but the IP address associated with it could switch at any moment (see Gratuitous ARP)

This packet will be broadcast to every device on that particular network segment.  Any device which does not have this IP address recorded simply discards the packet.  If a device does have this IP address then it will send an ARP reply with a positive answer.  Basically something like , I’m the intended destination I have IP address XX.XXX.XXX.XXX and my MAC address is XX:XX:XX:XX:XX:XX:XX:XX.

After this process is completed the transmitting device will update it’s cache with that specific MAC to IP address association and the data transfer can begin.   If you want to see an example of this cache, then there’s a ARP table stored on most IP enabled devices.  If you’re on a Windows based computer for example just try typing arp -a, here’s mine 

Gratuitous ARP

As mentioned previously the IP address of any device can change.  For example a mobile phone being used to browse the internet may have lot of different IP addresses.  This is why mobile proxies are so great at hiding your location because these addresses will keep switching and changing.  This could obviously cause a problem as devices may have incorrect IP to MAC mappings stored in their caches.  To prevent this causing lots of communication errors,  then something called a gratuitous ARP packet is transmitted on the network to force any device that receives it to update it’s cache with the new information when it changes.

There are actually a few situations which can cause a gratuitous ARP packet to be generated – 

  • When an IP address is changed.
  • Some Devices Generate these packets on start up.
  • Some Systems Generate these for load balancing traffic.

To increase network performance there is one more concept that you should be aware of and that’s Proxy ARP.  This is the technique where a host (usually a router or switch) is set up to answer ARP requests for other devices.  The proxy will then offer it’s own address as a destination for the actual address and route the packet onto it’s intended destination.  It effectively acts as a proxy for the real device by accepting responsibility for the packet.

Leave a Reply