search

When your PC wants to send a packet to a host within your network by which protocol does your PC get the MAC address of the host?

1 years ago
Comments: 0
Views: 64

ARP (Address Resolution Protocol) is a network protocol used to find out the hardware (MAC) address of a device from an IP address. It is used when a device wants to communicate with some other device on a local network (for example on an Ethernet network that requires physical addresses to be known before sending packets). The sending device uses ARP to translate IP addresses to MAC addresses. The device sends an ARP request message containing the IP address of the receiving device. All devices on a local network segment see the message, but only the device that has that IP address responds with the ARP reply message containing its MAC address. The sending device now has enough information to send the packet to the receiving device.

Show

ARP request packets are sent to the broadcast addresses (FF:FF:FF:FF:FF:FF for the Ethernet broadcasts and 255.255.255.255 for the IP broadcast).

Here is the explanation otf the ARP process:

When your PC wants to send a packet to a host within your network by which protocol does your PC get the MAC address of the host?

Let’s say that Host A wants to communicate with host B. Host A knows the IP address of host B, but it doesn’t know the host B’s MAC address. In order to find out the MAC address of host B, host A sends an ARP request, listing the host B’s IP address as the destination IP address and the MAC address of FF:FF:FF:FF:FF:FF (Ethernet broadcast). Switch will forward the frame out all interfaces (except the incoming interface). Each device on the segment will receive the packet, but because the destination IP address is host B’s IP address, only host B will reply with the ARP reply packet, listing its MAC address. Host A now has enough information to send the traffic to host B.

All operating systems maintain ARP caches that are checked before sending an ARP request message. Each time a host needs to send a packet to another host on the LAN, it first checks its ARP cache for the correct IP address and matching MAC address. The addresses will stay in the cache for a couple of minutes. You can display ARP entries in Windows by using the arp -a command:

When your PC wants to send a packet to a host within your network by which protocol does your PC get the MAC address of the host?

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training:

When your PC wants to send a packet to a host within your network by which protocol does your PC get the MAC address of the host?

Prerequisite – How ARP works? 
To transfer a packet from source to destination, both the MAC address and IP address of the destination should be known. If the destination MAC address is not present then ARP will resolve this issue first then the packet will be delivered to a destination host. 

There are simple rules for a packet flow in a network: 



  1. If the destination host is present in the same network as the source host then the packet will be delivered directly to the destination host using MAC address.
  2. Within a network, the packet will be delivered on the basis of MAC address.
  3. MAC address never crosses its broadcast domain.

Now, first, we have to take an idea about ARP. 

Address Resolution Protocol – 
Address Resolution Protocol is a layer 2(Data link layer) protocol that is used to find the MAC address of the known IP address. 

There are some important terms associated with ARP: 

ARP cache is a table maintained by ARP that contains an IP address with its associated MAC address and type. If MAC address is learned dynamically then the type will be dynamic and if MAC address is added manually then the type will be static. 

ARP request is a broadcast message generated by the source to find the destination MAC address if the ARP is not resolved initially. 

ARP reply is a unicast message from destination to source device containing the destination MAC address. 

Explanation –  

The steps included in the ARP process are as follows:- 

When a source wants to send a packet to the destination device then, 

1. The source ARP cache is checked if the ARP is resolved or not. If the ARP is not resolved, it puts the packet on hold and generates an ARP request. 

2. If the ARP is already resolved then the packet will be delivered to the destination host.

3. The ARP request is broadcast all over the network to find out the device has a destination IP address. 
Note – If the destination is present in the same network then ARP will find out destination MAC address but if it is present in a different network then ARP will find out default gateway MAC address. 

4. When the device having the destination IP address receives the ARP request, it updates its own ARP cache.

5. The destination host machine generates an ARP reply containing its own MAC address.

6. Now, the device having the source IP address receives the ARP reply and updates its ARP cache. 

7. Since, both source and destination IP address and MAC address are available now, therefore, the packet is delivered to the destination host.

Now, we have taken an idea about the ARP protocol. Let’s see about the packet flow

Now we will understand how the packet is delivered to the destination when the destination is present in the same network(network of the source). 

Here is the topology in which host A has IP address 192.168.1.1, host B has IP address 192.168.1.2, and the router has IP address 192.168.1.3 on interface fa0/0. 

Now how to source device will know that the destination is present in the same or different network. Let us understand:- 

AND operation is performed between the source IP address, source subnet mask and destination IP address, source subnet mask. If the resultant of both are the same then the destination is present in the same network otherwise in a different network. 

Let us try to ping host B from host A. 

As you can see 2 packets are generated, one of ICMP and the other of ARP(green). ARP frame is generated because host A has not yet communicated to host B i.e. the ARP has not been resolved i.e ARP will be resolved first so that host A has an entry for host B MAC address. 

As already explained the ARP request will be broadcast first for the target IP address within the network because routers do not forward broadcast packets. The broadcast request is received by the switch as shown in the above figure. 

The switch broadcasts the ARP request as the entry in the ethernet header is FFFF.FFFF.FFFF (broadcast MAC address). 

The request is received by Host B as shown in the above figure. Host B generates an ARP reply immediately specifying its own MAC address. 

Now the host B unicast the ARP reply to host A which is received by the switch which in turn forward it to host A as shown in the above 2 figures. 

Note – 
The switch is able to unicast the reply because the switch has put an entry for host A in its MAC table when hosting A broadcasts the ARP request.in the same way, a switch has also put an entry for the host B when the switch receives

 the ARP reply. 

Now the ARP has been resolved and the ICMP will be unicast to the host B from host A(as shown above).  

Now the ICMP acknowledgement packet will be unicast from host B to host A i.e. host B is successfully pinged from host A as shown in the above figures. 

Article Tags :

Address Resolution Protocol (ARP) is a procedure for mapping a dynamic IP address to a permanent physical machine address in a local area network (LAN). The physical machine address is also known as a media access control (MAC) address.

The job of ARP is essentially to translate 32-bit addresses to 48-bit addresses and vice versa. This is necessary because IP addresses in IP version 4 (IPv4) are 32 bits, but MAC addresses are 48 bits.

ARP works between Layers 2 and 3 of the Open Systems Interconnection model (OSI model). The MAC address exists on Layer 2 of the OSI model, the data link layer. The IP address exists on Layer 3, the network layer.

ARP can also be used for IP over other LAN technologies, such as token ring, fiber distributed data interface (FDDI) and IP over ATM.

How ARP works

When a new computer joins a LAN, it is assigned a unique IP address to use for identification and communication. When an incoming packet destined for a host machine on a particular LAN arrives at a gateway, the gateway asks the ARP program to find a MAC address that matches the IP address. A table called the ARP cache maintains a record of each IP address and its corresponding MAC address.

All operating systems in an IPv4 Ethernet network keep an ARP cache. Every time a host requests a MAC address in order to send a packet to another host in the LAN, it checks its ARP cache to see if the IP to MAC address translation already exists. If it does, then a new ARP request is unnecessary. If the translation does not already exist, then the request for network addresses is sent and ARP is performed.

ARP broadcasts a request packet to all the machines on the LAN and asks if any of the machines are using that particular IP address. When a machine recognizes the IP address as its own, it sends a reply so ARP can update the cache for future reference and proceed with the communication.

Host machines that don't know their own IP address can use the Reverse ARP (RARP) protocol for discovery.

ARP cache size is limited and is periodically cleansed of all entries to free up space. Addresses tend to stay in the cache for only a few minutes. Frequent updates enable other devices in the network to see when a physical host changes their requested IP addresses. In the cleaning process, unused entries are deleted along with any unsuccessful attempts to communicate with computers that are not currently powered on.

ARP translates IP addresses and MAC addresses so devices can properly communicate and send data.

Proxy ARP

Proxy ARP enables a network proxy to answer ARP queries for IP addresses that are outside the network. This enables packets to be successfully transferred from one subnetwork to another.

When an ARP inquiry packet is broadcast, the routing table is examined to find which device on the LAN can reach the destination fastest. This device, which is often a router, acts as a gateway for forwarding packets outside the network to their intended destinations.

ARP spoofing and ARP cache poisoning

LANs that use ARP are vulnerable to ARP spoofing, also called ARP poison routing or ARP cache poisoning.

ARP spoofing is a device attack in which a hacker broadcasts false ARP messages over a LAN in order to link an attacker's MAC address with the IP address of a legitimate computer or server within the network. Once a link has been established, the target computer can send frames meant for the original destination to the hacker's computer first as well as any data meant for the legitimate IP address.

ARP spoofing can seriously affect enterprises. When used in their simplest form, ARP spoofing attacks can steal sensitive information. However, the attacks can also facilitate other malicious attacks, including the following:

  • man-in-the-middle attacks
  • denial-of-service attacks
  • session hijacking

History and future of ARP

ARP was first proposed and discussed in Request for Comments (RFC) 826, published in November of 1982 by David C. Plummer. The problem of address resolution was immediately evident in the early days of the IP suite, because Ethernet quickly became the preferred LAN technology, but Ethernet cables required 48-bit addresses.

IPv6 addresses, which are 128 bits, use the Neighbor Discovery protocol acquire configuration information instead of ARP. While IPv4 addresses are currently more common, the use of IPv6 is increasing. This increase is largely due to the influx of IoT devices that require IP addresses. Neighbor Discovery operates in the Layer 2 of the OSI model and uses Internet Control Message Protocol (ICMP) version 6 to discover neighboring nodes.

Q&A When

Related Posts

Who was singing in the 5 heartbeats?
Who was singing in the 5 heartbeats?

The radius of a circle is 3 millimeters. what is the circles area?
The radius of a circle is 3 millimeters. what is the circles area?

Is it important to follow correct procedures when running electrical cables next to data cables in order to protect against which environmental concern?
Is it important to follow correct procedures when running electrical cables next to data cables in order to protect against which environmental concern?

What age must you wear a life jacket?
What age must you wear a life jacket?

What is the most effective nursing leadership style?
What is the most effective nursing leadership style?

What immediate decision needs to be made regarding post resuscitation care
What immediate decision needs to be made regarding post resuscitation care

What is the volume of regular pyramid below?
What is the volume of regular pyramid below?

How to fix bathroom tiles
How to fix bathroom tiles

When completing a sales contract, licensees may only alter standard language with ______ review.
When completing a sales contract, licensees may only alter standard language with ______ review.

A nurse is developing a teaching plan for a client who has dysphagia and is being discharged home
A nurse is developing a teaching plan for a client who has dysphagia and is being discharged home

How long can koi fish live in a bucket
How long can koi fish live in a bucket

¿Qué hacer cuando la computadora no encuentra la impresora?
¿Qué hacer cuando la computadora no encuentra la impresora?

Your Lie in April characters age
Your Lie in April characters age

What part of Vermont is closest to New York?
What part of Vermont is closest to New York?

Why are my Mods not working Vortex?
Why are my Mods not working Vortex?

Galaxy note 8 qualcomm vs exynos
Galaxy note 8 qualcomm vs exynos

Average cost of living in California per year
Average cost of living in California per year

Who is the real king of country music?
Who is the real king of country music?

How do you say chief in spanish
How do you say chief in spanish

What triggers the final mission in me3?
What triggers the final mission in me3?

LATEST NEWS

There are three phases of gastric secretion. the cephalic phase occurs
1 years ago . by OperativeApologise
How was the Battle of Saratoga won?
1 years ago . by SubtleSolicitation
How does a Taurus man text when he likes you
1 years ago . by UrinaryLigament
What is the distance covered by the athlete?
1 years ago . by GeopoliticalSchooner
At which value will the graph of have a zero
1 years ago . by InsatiableAnomaly
How long does it take to go from Texas to Mexico border?
1 years ago . by UndecidedMouthful
Why are t statistics more variable than z scores
1 years ago . by SubstantialResurgence
How much water at 32°c is needed to just melt 1.5 kg of ice at -10°c?
1 years ago . by ErsatzNursery
What was created to prevent similar banking disasters?
1 years ago . by Ground-floorCorpus
A client has answered some questions in a query, so you’re able to edit the _________ ones.
1 years ago . by MaroonRodeo

Populer

About

Legal

Help

Social

Copyright © 2024 ShotOnMac Inc.