KIM COMPUTER

ARP (Address Resolution Protocol) Basics

ARP (Address Resolution Protocol) is a fundamental protocol used to translate a Layer 3 IP Address (logical address) into a Layer 2 MAC Address (physical address).

Since network devices like routers and switches must use MAC addresses to physically transfer data, ARP manages this essential translation process.

1. How ARP Works: Broadcast and Unicast

ARP operates within the same Local Area Network (LAN) and determines the address primarily through two steps:

  1. ARP Request - Broadcast:

    • The sending host (A) broadcasts an ARP Request packet across the network (sent to all devices within the same LAN), asking: "What is the MAC address of the device with IP address X.Y.Z.W?"
    • This request packet includes the sender A's own IP and MAC addresses.

  2. ARP Reply - Unicast:

    • All devices on the network receive the request, but only the receiving host (B) that owns the requested IP address (X.Y.Z.W) responds.
    • Receiving host B sends an ARP Reply packet containing its MAC address back to the sender A using a Unicast (1:1) transmission.

  3. ARP Table Update:

    • The sending host A stores the IP and MAC address pair of host B in its ARP Table (Cache). This allows for faster communication without needing to repeat the request process for subsequent transfers.

2. The ARP Table (ARP Cache)

The ARP Table is a temporary cache that stores the IP-to-MAC address mapping information.

3. Comparison with RARP (Reverse ARP)

While ARP determines the IP address $\rightarrow$ MAC address mapping, RARP (Reverse ARP) determines the opposite: MAC address $\rightarrow$ IP address. (RARP is largely superseded by DHCP, Dynamic Host Configuration Protocol, today.)

4. ARP Security Concern

ARP is a simple protocol that does not verify the authenticity of the communicating party. This vulnerability can be exploited in ARP Spoofing attacks.