16/01/2024, 11:14 What is Address Resolution Protocol (ARP)?

Definition from SearchNetworking

ARP broadcasts a request packet to all the machines on the LAN and asks if any of the machines
are using that particular IP address. When a machine recognizes the IP address as its own, it
sends a reply so ARP can update the cache for future reference and proceed with the
communication.

Host machines that don't know their own IP address can use the Reverse ARP protocol for
discovery.

ARP has a limited cache size, and ARP periodically cleanses entries to free up space. Addresses
tend to stay in the cache for only a few minutes. Frequent updates enable other devices in the
network to see when a physical host changes their requested IP addresses. When ARP cleanses
its cache, it detects unused entries along with any unsuccessful attempts to communicate with
computers that aren't currently powered on.

Diagram that shows how ARP works to match IP addresses to MAC addresses

k ARP translates IP addresses and MAC addresses so devices can properly communicate and s
data.

Proxy ARP
Proxy ARP enables a network proxy to answer ARP queries for IP addresses that are outside the
network. This enables the successful transfer of packets from one subnet to another.

When ARP broadcasts an inquiry packet, a router examines the routing table to find which device
on the LAN can reach the destination fastest. This device, which is often also a router, acts as a
gateway for forwarding packets outside the network to their intended destinations.

ARP spoofing
LANs that use ARP are vulnerable to ARP spoofing, also called ARP poison routing or ARP cache
poisoning.

ARP spoofing is a device attack in which a hacker broadcasts false ARP messages over a LAN to
link an attacker's MAC address with the IP address of a legitimate computer or server within the
network. Once a link has been established, the target computer can send frames meant for the
original destination to the hacker's computer first, as well as any data meant for the legitimate IP
address.

ARP spoofing can have unfavorable effects on an enterprise. In their simplest form, ARP spoofing
attacks can steal sensitive information. However, the attacks can also facilitate other malicious
attacks, including the following:

Man-in-the-middle attacks.

Denial-of-service attacks.

Session hijacking.

History and future of ARP

ARP was first proposed and discussed in Request for Comments 826, published in November
1982 by David C. Plummer. The problem of address resolution was immediately evident in the
early days of the IP suite because Ethernet quickly became the preferred LAN technology but
Ethernet cables required 48-bit addresses.

IP version 6 (IPv6) addresses, which are 128 bits, use the Neighbor Discovery protocol acquire
configuration information instead of ARP. While IPv4 addresses are currently more common, the

https://www.techtarget.com/searchnetworking/definition/Address-Resolution-Protocol-ARP 2/5