Everyone who is in the networking field, knows about Address Resolution Protocol (ARP).
In the beginning of my IT career, when I started to study the networking, I struggled to understand and remember the definition of ARP. I had some questions frequently arising in my mind, e.g.,
- What is ARP exactly?
- How does it work?
- How to test it's working?
- What is the easy way to remember it?
Here I take this opportunity to present you a good explanation of ARP and how it works.
What is ARP?
Address Resolution Protocol (ARP) is a protocol used by the Internet Protocol (IP) [RFC826], specifically IPv4, to map IP network addresses to the hardware addresses (MAC Address) used by a data link protocol.
This definition of ARP has 2-main aspects:
- Used by Internet Protocol (IP)
- To map IP network address (IP Address) to hardware address (MAC Address)
We will explore these two main aspects of ARP with the help of following topology which consists of 1-Hub and 3-PCs.
Step 1
Design the topology in the Cisco Packet Tracer, assign the IP addresses to PCs and noted down the MAC addresses as shown in the below-given figure:
Step 2
Check the ARP table of PC-1, PC-2, and PC-3 with the help of arp –a command on the ‘Command Prompt’. If you find any entry in it, then use the command arp –d to clear the entry or entries of ARP table.
Step 3
In this step, we will ping the PC-1 from PC-3. On the PC-3 open the ‘Traffic Generator’.
Fill the following information in the Traffic Generator:
- Destination IP Address: 192.168.1.1
- Source IP Address:192.168.1.3
- Sequence Number: 1 and then click on ‘Send’
Traffic Generator will send the traffic (ping) to the destination.
From Step-4 to Step-10, we will observe that --how the ARP is working actually.
Step 4
To observe the traffic closely, select the ‘Simulation Mode’ and in the Simulation Panel click on ‘Capture/Forward’ button.
Observe the main window of Packet Tracer and the Event List of Simulation Panel.
Two types of packets will appear on PC-3:
- ARP Packet
- ICMP (ping) Packet
We intended to generate ping traffic only. Right! BUT why does ARP Packet come along with it.....??.....???
This is because, before sending the ICMP packets to the destination (PC-1 here) on the LAN, the MAC address of the destination device, should be in the ARP table of the source device (PC-3 here).
As we know the ARP table of the PC-3 is empty, that's why ARP will first collect the MAC address of the destination device, only then the ICMP will be able to send its traffic to destination device.
Let us click on the blue square in Simulation Panel, which is representing ICMP. It will open PDU Information box.
In the PDU information at Device PC-3, you can see how the PDUs are traversing between the OSI Layers.
It clearly shows--what is happening at 'Out Layer 3' of PC-3:
- The Ping process starts the next ping request.
- The Ping process creates an ICMP Echo Request message and sends it to the lower process.
- The device sets TTL in the packet header.
- The destination IP address is in the same subnet. The device sets the next-hop to destination.
At Out Layer 2:
- The next-hop IP address is a unicast. The ARP process looks it up in the ARP table.
- The next-hop IP address is not in the ARP table. The ARP process tries to send an ARP request for that IP address and buffers this packet.
- The ARP process constructs a request for the target IP address.
- The device encapsulates the PDU into an Ethernet frame.
Out Layer 1:
- FastEthernet0 sends out the frame.
Step 5
Now we will click on 'Capture/Forward' button to send ARP traffic from PC-3 to Hub-1.
When the Hub will receive the ARP frame, it actually stops here. In order to broadcast it on all ports, we will continue to click on the same 'Capture/Forward' button. As a result, it will broadcast it on all the ports, except the port from which it receives this frame.
NOTE: You need to remember that in real-time, all the movement of traffic happens automatically. It is only for the sake of demonstration, we are making it move step-by-step in the simulation mode
On the Hub-1 the Inbound and Outbound PDUs are same, you can see in the figure:
Step 6
When the PC-2 will receive ARP frame, the following processes will be happening on it:
In Layer 2:
- The frame's destination MAC address matches the receiving port's MAC address, the broadcast address, or multicast address.
- The device decapsulates the PDU from the Ethernet frame.
- The frame is an ARP frame. The ARP process processes it.
- The ARP frame is request.
- The ARP request's target IP address does not match the receiving port's address.
- The ARP process drops the frame.
Step 7
When the PC-1 will receive ARP frame, the following processes will be happening on it:
In Layer 1:
- FastEthernet0 receives the frame.
In Layer 2:
- The frame's destination MAC address matches the receiving port's MAC address, the broadcast address, or multicast address.
- The device decapsulates the PDU from the Ethernet frame.
- The frame is an ARP frame. The ARP process processes it.
- The ARP frame is request.
- The ARP request's target IP address matches the receiving port's IP address.
- The ARP process updates the ARP table with received information.
This is the time, when we will click again on 'Capture/Forward' button in simulation mode. That will trigger the ARP reply from PC-1 to Hub-1.
Out Layer 2 of PC-1:
- The ARP process replies to the request with the receiving port's MAC address.
- The device encapsulates the PDU into an Ethernet frame.
Out Layer 1:
- FastEthernet0 sends out the frame.
Step 8
Hub-1 has already received a ARP Reply from PC-1.
In order to forward this ARP Reply to PC-2 and PC-3, we will click again on 'Capture/Forward' button of simulation mode.
The following processes will be happening on Hub-1:
Step 9
Now the PC-3 has the ARP Reply and it will fill this entry in its ARP table for PC-1.
Next, we will again click on 'Capture/Forward' button of simulation mode, so that PC-3 can send a ICMP packet for PC-1.
Step 10
Now we will again click on 'Capture/Forward' button of simulation mode, so that PC-1 can send a ICMP reply to the PC-3.
Step 11 Testing
This is the final step where we will test the ARP entries in the ARP Tables of PC-1, PC-2, and PC-3.
Did you observe that on PC-2 there is no entry in the ARP Table? Why?
The reason is that the communication happened between PC-1 and PC-3.
You are welcome to share your opinion about this article.
Thanks.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM