What is ARP and How does it work?

A per-requisite to understanding the concept explained in this article would be a basic understanding of the OSI model of networking. In case you haven’t already read up on that, be sure to check out Layers of OSI model. 

What is ARP?

ARP stands for Address Resolution protocol. It is a protocol that is used in the OSI model to allow for communication over the networks.

Why do we need ARP?

Most devices use the internet protocol (IP) packets to communicate and exchange information. IP is a layer three protocol. This communication uses logical address to identify the host. In reality however, the packets are being transmitted over a physical medium.

Each network device comes with an embedded with a NIC adapter (Network Interface Controller) which is the hardware component that allows a network device to be a part of the network.

Each NIC adapter has a 48-bit (6 byte) physical address (MAC Address) that uniquely identifies the device it resides in. These are the components that actually allow for the exchange of packets to take place. Thus, there is a need to map this physical address used by the NIC to the logical addresses used in the IP protocol.

This is where the ARP protocol comes in. The ARP resolves the logical IP address from the Layer 3 to the physical IP address on the layer 2, so that actual communication between network devices becomes possible.

There is another protocol that deals with the reversal of this process called RARP (Reverse Address Resolution Protocol). As the name suggests, it does the reverse of what ARP does. It resolves the Layer 2 address to the Layer 3 address.

How does ARP Work?

ARP works on a Request-Reply model. Let’s take a practical example here and see how it works. Let’s take a topology where we are using a PC to communicate to a router on our network. For the communication between the PC and Router we need ARP.

Eth0/0 and eth0/1 are interface names.

The goal we are trying to achieve is to make the PC be able to communicate with the Router.

What the PC knows so far is –

1. It’s own IP address (Logical Address) – e.g.
2. It’s own MAC address (Logical Address) – e.g.

3. The router’s IP address (Physical Address) – e.g. 00:AF:12:11:22:33
What the PC doesn’t know – 

1. The router’s MAC address (Physical Address) – ???

Since we need to have the physical address of the router to be able to actually transfer the packets on a physical level, the PC needs to find out the Router’s MAC address to be able to communicate with it.

Here’s where ARP comes in. The PC will send out an ARP Request packet with the Destination MAC set to FF:FF:FF:FF:FF:FF:FF. This indicates that, this is a broadcast packet, which means that it has to be flooded out through all the interface (broadcasted).

The contents of the ARP Request would look something like this –

When the switch receives this packet, it sees that the destination MAC is set to FF:FF:FF:FF:FF:FF. This tell the switch that it is a broadcast packet. Hence the switch will now flood out this packet through all of its connected interfaces. The switch will also update it’s MAC table that this packet has come from this particular interface.

Now when the packet reaches the end device, the device will check if the destination IP in the ARP request is its own. If the IP address in the ARP Request matches its own, the device sends out an ARP Reply.

The ARP Reply packet looks something like this –

The Router sends out a packet with the destination IP and MAC as that of the PC that had requested it, and the source MAC and IP of its own.

When this packet reaches the switch, it checks the destination MAC in the packet. It then looks up  its MAC table to look for the interface to send it out of. Based on the MAC table the packet is sent back to the PC requesting the Router’s MAC. The PAC now knows the routers MAC address and can hence communicate with the router. 

This is how the ARP protocol works.

Further References

Here’s a good list of references to read up more on ARP –

An explanation of ARPs functioning explained with the help of WireShark captures –

Detailed explanation of how ARP works along with its advantages and disadvantages –

An overview of ARP with some basics on the types of attacks on ARP –

Basic Explanation of ARP from CCNA perspective –

Explanation of how ARP works and case scenarios where it can be used –

Video References 

This video from CBTNuggets explains in the working of ARP in 5 minutes with simulation shown–

This video also explains the working of ARP in 5 mins, but does it so on a whiteboard –


Post a Comment