It’s Time to Reconsider ARP

It’s Time to Reconsider ARP

The Quiet Protocol is also one of the Most Critical. Here’s what tech managers need to know.

ARP (Address Resolution Protocol) is one of the least discussed protocols in the TCP/IP suite. However, in version four of IP (IPv4), the current version, ARP is critical to the correct operation of end devices, servers, routers and firewalls.

Within a single subnet, communications are based on the layer 2 addresses. In Ethernet, these are the interface hardware addresses. We call them mac addresses. On the other hand, software in clients and servers use IP addresses as the source and destination addresses in their messages. So, inevitably, a station might have a message to send to its server and know the IP address but not know the server’s mac address. That’s where ARP comes into play. ARP resolves, or provides the mac address that corresponds to a particular IP address.

Figure 1: Issuing the ARP command Let’s consider an example. An IP camera is powered on. The TCP/IP software is configured with the camera’s mac and IP addresses, the mask, and the local router’s IP address. The first time the camera needs to send a packet to a recorder on another network, the packet must be sent through the router. But, how can it get the mac address to insert into the packet? The camera sends an ARP broadcast that lists the router’s IP address and waits for a reply. The response generally comes from the router and contains the required mac address. The camera stores the entry in a table called its ARP cache. It then creates the packet and sends it to the router. You can see what is in your own Windows computer’s ARP cache by issuing this command at the command line: arp –a. Note that the space that is required in the command. If you try this and find that the cache is empty, the reason may be that Windows only stores the entries for a minute or two and then lets them expire. If you ping your router with the command: ping and then check the ARP cache, you’ll find the router’s mac address has been stored.

ARP is often used as a discovery protocol. Suppose you are on the subnet 192.168.1.0 using the mask 255.255.255.0. Your server could issue ARP broadcast successively to 192.168.1.1, 192.168.1.2, 192.168.1.3, and so forth. Active devices would reply and the server would know which devices are currently up on the network and powered up.

Phil Hippensteel, PhD, a regular columnist with AV Technology, teaches at Penn State Harrisburg.