ARP

When computer programs send or get messages, they usually use something called an IP
address, which is like a virtual address. But underneath, the real talk happens using another
type of address called a MAC address, which is like a device’s actual home address.
So, our goal is to find out the MAC address of where we want to talk to. That’s where ARP
comes in handy. It helps by turning the IP address into the physical MAC address, so we can
chat with other devices on the network
Most computer programs/applications use logical addresses (IP Addresses) to send/receive
messages. However, the actual communication happens over the Physical Address (MAC
Address) from layer 2 of the OSI model. So our mission is to get the destination MAC Address
which helps communicate with other devices. This is where ARP comes into the picture; its
functionality is to translate IP addresses into physical addresses.

ARP
What is Address Resolution Protocol (ARP)?
The acronym ARP stands for Address Resolution Protocol which is one of the most important
protocols of the Data link layer in the OSI model. It is responsible to find the hardware address
of a host from a known IP address. There are three basic ARP terms.
Note: ARP finds the hardware address, also known as the Media Access Control (MAC)
address, of a host from its known IP address.
Address Resolution Protocol
ARP is essential in mapping IP addresses to MAC addresses, making it a vital networking
concept. If you’re studying for GATE or seeking to deepen your understanding of network
protocols like ARP, the GATE CS Self-Paced Course is designed to cover these concepts
thoroughly with both theory and practical examples.
Important Terms Associated with ARP
• Reverse ARP
• Proxy ARP
• Inverse ARP
Reverse ARP
Reverse Address Resolution Protocol is a protocol that is used in local area networks (LAN)
by client machines for requesting IP Address (IPv4) from Router’s ARP Table. Whenever a
new machine comes, which requires an IP Address for its use. In that case, the machine sends
a RARP broadcast packet containing MAC Address in the sender and receiver hardware field.
Proxy ARP
Proxy Address Resolution Protocol work to enable devices that are separated into network
segments connected through the router in the same IP to resolve IP Address to MAC Address.
Proxy ARP is enabled so that the ‘proxy router’ resides with its MAC address in a local network
as it is the desired router to which broadcast is addressed. In case, when the sender receives the
MAC Address of the Proxy Router, it is going to send the datagram to Proxy Router, which
will be sent to the destination device.
Inverse ARP
Inverse Address Resolution Protocol uses MAC Address to find the IP Address, it can be simply
illustrated as Inverse ARP is just the inverse of ARP. In ATM (Asynchronous Transfer Mode)
Networks, Inverse ARP is used by default. Inverse ARP helps in finding Layer-3 Addresses
from Layer-2 Addresses.
How ARP Works?
Imagine a device that wants to communicate with others over the internet. What does ARP do?
It broadcast a packet to all the devices of the source network. The devices of the network peel
the header of the data link layer from the Protocol Data Unit (PDU) called frame and transfer
the packet to the network layer (layer 3 of OSI) where the network ID of the packet is validated
with the destination IP’s network ID of the packet and if it’s equal then it responds to the source
with the MAC address of the destination, else the packet reaches the gateway of the network
and broadcasts packet to the devices it is connected with and validates their network ID. The
above process continues till the second last network device in the path reaches the destination
where it gets validated and ARP, in turn, responds with the destination MAC address.

ARP
1. ARP Cache: After resolving the MAC address, the ARP sends it to the source where it
is stored in a table for future reference. The subsequent communications can use the
MAC address from the table.
2. ARP Cache Timeout: It indicates the time for which the MAC address in the ARP
cache can reside.
3. ARP request: This is nothing but broadcasting a packet over the network to validate
whether we came across the destination MAC address or not.
• The physical address of the sender.
• The IP address of the sender.
• The physical address of the receiver is FF:FF:FF:FF:FF: FF or 1’s.
• The IP address of the receiver.
 4. ARP response/reply: It is the MAC address response that the source receives from the
destination which aids in further communication of the data.
• CASE-1:
o The sender wants to send a packet to another host on the same network.
o Use ARP to find another host’s physical address.
• CASE-2:
o The sender is a host and wants to send a packet to another host on another
network.
o The sender looks at its routing table.
o Find the IP address of the next hop (router) for this destination.
o Find the IP address of the next hop (router) for this destination.
• CASE-3:
o The sender is a router and received a datagram.
o The router checks its routing table.
o Calculate the IP of the next router.
o Use ARP to find the next router’s physical address.
• CASE-4:
o The sender is a router that has received a datagram destined for a host in the
same network.
o Use ARP to find this host’s physical address.

Types of ARP
A communication protocol called Address Resolution Protocol (ARP) is used to determine a
device’s MAC (Media Access Control) address based on its IP address. There are mainly 4
types of ARP available:
1. Proxy ARP
A Layer 3 device can reply to an ARP request for a target that is on a different network than
the sender by using a technique called proxy ARP. In response to the ARP, the router that has
been set for Proxy ARP maps its MAC address to the target IP address, deceiving the sender
into believing that the message has arrived at destination.
Because the packets have the required information, the proxy router at the backend forwards
them to the correct location.
2. Gratuitous ARP
The host’s ARP request known as “gratuitous ARP” aids in locating duplicate IP addresses.
This is a broadcast request for the router’s IP address. All other nodes are unable to use the IP
address assigned to a switch or router in the event that it sends out an ARP request to obtain its
IP address and receives no ARP answers in return. However, another node uses the IP address
assigned to the switch or router if it sends an ARP request for its IP address and gets an ARP
response.
3. Reverse ARP
In a local area network (LAN), the client system uses this networking protocol to ask the ARP
gateway router table for its IPv4 address. The network administrator creates a table in the
gateway-router that is used to correlate the IP address with the MAC address.
4. Inverse ARP
The purpose of inverse ARP, which is the opposite of ARP, is to deduce the nodes’ IP addresses
from their data link layer addresses. Frame relays and ATM networks, where Layer 2 virtual
circuit addressing is frequently obtained from Layer 2 signalling, are the primary applications
for them. These virtual circuits can be used with the necessary Layer 3 addresses accessible.
Relationship Between ARP , DNS and DHCP
As was previously noted, IP addresses are dynamic by design since doing so protects users’
privacy and security. IP address changes, though, shouldn’t happen at random. An IP address
should be assigned according to rules from a predetermined range of numbers that are available
in a particular network. By doing this, problems like two machines getting the same IP address
are avoided.
The Dynamic Host Configuration Protocol, or DHCP, is the name given to the regulations.
Because IP addresses are required to do an internet search, they are significant as computer
identities. Users utilise alphabetical names while searching for a domain name or Uniform
Resource Locator (URL).
Computers, on the other hand, link a domain name to a server using the numeric IP address. In
order to link the two, an IP address is converted from a bewildering string of digits into a more
legible, intelligible domain name by use of a Domain Name System (DNS) server, and vice
versa.
ARP Spoofing and ARP Cache Poisoning
ARP Spoofing is a type of falseness of a device in order to link the attacker’s MAC Address
with the IP Address of the computer or server by broadcasting false ARP messages by the
hacker. Upon successful establishment of the link, it is used for transferring data to the hacker’s
computer. It is simply called Spoofing. ARP can cause a greater impact on enterprises. ARP
Spoofing attacks can facilitate other attacks like:
• Man-in-the-Middle Attack
• Denial of Service Attack
• Session Hijacking
Local Area Network that uses ARP is not safe in the case of ARP Spoofing, this is simply called
as ARP Cache Poisoning.
History and Future of ARP
ARP was first talked about in a document called Request for Comments 826, written by David
C. Plummer in November 1982. Back then, there was a problem with figuring out addresses
because Ethernet, the popular network technology, needed 48-bit addresses.
But now, with IP version 6 (IPv6) addresses, which are much longer at 128 bits, we use
something called the Neighbor Discovery protocol instead of ARP to get configuration info.
Even though IPv4 addresses are still more common, IPv6 is getting more popular, especially
with the rise of Internet of Things (IoT) devices that need IP addresses. Neighbor Discovery
works in a different layer of the network and uses a protocol called Internet Control Message
Protocol version 6 to find nearby devices.
Advantages of Using ARP
• Efficient Communication : ARP helps devices communicate efficiently by translating
IP addresses into MAC addresses, allowing seamless communication on a network.
• Dynamic Network Updates : ARP dynamically updates its cache with MAC address
information, allowing for changes in network topology without manual intervention.
• Scalability : ARP scales well with network size, enabling devices to communicate
effectively in both small and large networks.
• Compatibility : ARP is a standard protocol used across different types of networks,
ensuring compatibility and interoperability among various devices and systems.
Disadvantages of Using ARP
• Security : ARP operates at a low level and can be vulnerable to various attacks, such
as ARP spoofing, where attackers copy devices on the network to intercept or
manipulate data.
• Broadcast Traffic : ARP uses broadcast messages to discover MAC addresses, which
can lead to increased network congestion, especially in large networks.
• Limited Security Features : ARP lacks robust security features, making it challenging
to authenticate and verify the identity of devices on the network, leaving it susceptible
to attacks.
 Ethernet

A LAN is a data communication network connecting various terminals or computers within

a building or limited geographical area. The connection between the devices could be wired
or wireless. Ethernet, Token rings, and Wireless LAN using IEEE 802.11 are examples of
standard LAN technologies.In this article we will see ethernet in detail.
Ethernet
Ethernet is the most widely used LAN technology and is defined under IEEE standards
802.3. The reason behind its wide usability is that Ethernet is easy to understand,
implement, and maintain, and allows low-cost network implementation. Also, Ethernet
offers flexibility in terms of the topologies that are allowed. Ethernet generally uses a bus
topology. Ethernet operates in two layers of the OSI model, the physical layer and the data
link layer. For Ethernet, the protocol data unit is a frame since we mainly deal with DLLs.
In order to handle collisions, the Access control mechanism used in Ethernet is CSMA/CD.
Although Ethernet has been largely replaced by wireless networks.A wired networking still
uses Ethernet more frequently. Wi-Fi eliminates the need for cables by enabling users to
connect their smartphones or laptops to a network wirelessly. The 802.11ac Wi-Fi standard
offers faster maximum data transfer rates when compared to Gigabit Ethernet. However,
wired connections are more secure and less susceptible to interference than wireless
networks.
History of Ethernet
Robert Metcalfe’s invention of Ethernet in 1973 completely changed computer networking.
With Ethernet Version 2’s support for 10 Mbps and an initial data rate of 2.94 Mbps, it first
gained popularity in 1982. Ethernet’s adoption was accelerated by the IEEE 802.3
standardization in 1983. Local area networks (LANs) and the internet were able to expand
quickly because of the rapid evolution and advancement of Ethernet, which over time
reached speeds of 100 Mbps, 1 Gbps, 10 Gbps, and higher. It evolved into the standard
technology for wired network connections, enabling dependable and quick data
transmission for private residences, commercial buildings, and data centers all over the
world.
There are different types of Ethernet networks that are used to connect devices and transfer
data.
Let’s discuss them in simple terms:
1. Fast Ethernet: This type of Ethernet network uses cables called twisted pair or CAT5.
It can transfer data at a speed of around 100 Mbps (megabits per second). Fast Ethernet
uses both fiber optic and twisted pair cables to enable communication. There are three
categories of Fast Ethernet: 100BASE-TX, 100BASE-FX, and 100BASE-T4.
2. Gigabit Ethernet: This is an upgrade from Fast Ethernet and is more common
nowadays. It can transfer data at a speed of 1000 Mbps or 1 Gbps (gigabit per second).
Gigabit Ethernet also uses fiber optic and twisted pair cables for communication. It
often uses advanced cables like CAT5e, which can transfer data at a speed of 10 Gbps.
3. 10-Gigabit Ethernet: This is an advanced and high-speed network that can transmit
data at a speed of 10 gigabits per second. It uses special cables like CAT6a or CAT7
 twisted-pair cables and fiber optic cables. With the help of fiber optic cables, this
network can cover longer distances, up to around 10,000 meters.
4. Switch Ethernet: This type of network involves using switches or hubs to improve
network performance. Each workstation in this network has its own dedicated
connection, which improves the speed and efficiency of data transfer. Switch Ethernet
supports a wide range of speeds, from 10 Mbps to 10 Gbps, depending on the version
of Ethernet being used.
In summary, Fast Ethernet is the basic version with a speed of 100 Mbps, Gigabit Ethernet
is faster with a speed of 1 Gbps, 10-Gigabit Ethernet is even faster with a speed of 10 Gbps,
and Switch Ethernet uses switches or hubs to enhance network performance.The
Manchester Encoding Technique is used in Ethernet. Using Manchester encoding, data can
be transmitted over a physical medium in communication systems. It is a type of line coding
where the signal transitions, as opposed to the absolute voltage levels, serve as the data
representation.
Each bit of information is split into two equal time periods, or “halves,” in Manchester
encoding. If the signal level is higher during the first half of the bit period than it is during
the second, the result is a logic high (typically 1), or vice versa.

Since we are talking about IEEE 802.3 standard Ethernet, therefore, 0 is expressed by a
high-to-low transition, a 1 by the low-to-high transition. In both Manchester Encoding and
Differential Manchester, the Encoding Baud rate is double of bit rate.
Key Features of Ethernet
1. Speed: Ethernet is capable of transmitting data at high speeds, with current Ethernet
standards supporting speeds of up to 100 Gbps.
2. Flexibility: Ethernet is a flexible technology that can be used with a wide range of
devices and operating systems. It can also be easily scaled to accommodate a growing
number of users and devices.
3. Reliability: Ethernet is a reliable technology that uses error-correction techniques to
ensure that data is transmitted accurately and efficiently.
4. Cost-effectiveness: Ethernet is a cost-effective technology that is widely available and
easy to implement. It is also relatively low-maintenance, requiring minimal ongoing
support.
5. Interoperability: Ethernet is an interoperable technology that allows devices from
different manufacturers to communicate with each other seamlessly.
6. Security: Ethernet includes built-in security features, including encryption and
authentication, to protect data from unauthorized access.
7. Manageability: Ethernet networks are easily managed, with various tools available to
help network administrators monitor and control network traffic.
8. Compatibility: Ethernet is compatible with a wide range of other networking
technologies, making it easy to integrate with other systems and devices.
9. Availability: Ethernet is a widely available technology that can be used in almost any
setting, from homes and small offices to large data centers and enterprise-level
networks.
10. Simplicity: Ethernet is a simple technology that is easy to understand and use. It does
not require specialized knowledge or expertise to set up and configure, making it
accessible to a wide range of users.
11. Standardization: Ethernet is a standardized technology, which means that all Ethernet
devices and systems are designed to work together seamlessly. This makes it easier for
network administrators to manage and troubleshoot Ethernet networks.
12. Scalability: Ethernet is highly scalable, which means it can easily accommodate the
addition of new devices, users, and applications without sacrificing performance or
reliability.
13. Broad compatibility: Ethernet is compatible with a wide range of protocols and
technologies, including TCP/IP, HTTP, FTP, and others. This makes it a versatile
technology that can be used in a variety of settings and applications.
14. Ease of integration: Ethernet can be easily integrated with other networking
technologies, such as Wi-Fi and Bluetooth, to create a seamless and integrated network
environment.
15. Ease of troubleshooting: Ethernet networks are easy to troubleshoot and diagnose,
thanks to a range of built-in diagnostic and monitoring tools. This makes it easier for
network administrators to identify and resolve issues quickly and efficiently.
16. Support for multimedia: Ethernet supports multimedia applications, such as video
and audio streaming, making it ideal for use in settings where multimedia content is a
key part of the user experience.Ethernet is a reliable, cost-effective, and widely
used LAN technology that offers high-speed connectivity and easy manageability for
local networks.
Advantages of Ethernet
Speed: When compared to a wireless connection, Ethernet provides significantly more
speed. Because Ethernet is a one-to-one connection, this is the case. As a result, speeds of
up to 10 Gigabits per second (Gbps) or even 100 Gigabits per second (Gbps) are possible.
Efficiency: An Ethernet cable, such as Cat6, consumes less electricity, even less than a wifi
connection. As a result, these ethernet cables are thought to be the most energy-efficient.
Good data transfer quality: Because it is resistant to noise, the information transferred is
of high quality.
Baud rate = 2* Bit rate
Disadvantages of Ethernet
Distance limitations: Ethernet has distance limitations, with the maximum cable length
for a standard Ethernet network being 100 meters. This means that it may not be suitable
for larger networks that require longer distances.
Bandwidth sharing: Ethernet networks share bandwidth among all connected devices,
which can result in reduced network speeds as the number of devices increases.
Security vulnerabilities: Although Ethernet includes built-in security features, it is still
vulnerable to security breaches, including unauthorized access and data interception.
Complexity: Ethernet networks can be complex to set up and maintain, requiring
specialized knowledge and expertise.
Compatibility issues: While Ethernet is generally interoperable with other networking
technologies, compatibility issues can arise when integrating with older or legacy systems.
Cable installation: Ethernet networks require the installation of physical cables, which can
be time-consuming and expensive to install.
Physical limitations: Ethernet networks require physical connections between devices,
which can limit mobility and flexibility in network design.

How Ethernet Works?

In the Open Systems Interconnection (OSI) model, the Ethernet is located in the lower
layers and facilitates the operation of the physical and data link layers. The OSI
model consists of seven layers, which are as follows.
The topmost layer, known as the application layer, is what enables users to download and
access data from email clients or web browsers. With the aid of the application, users enter
their queries, and the request is then sent to the following layer, which is known as a
“packet.” The packet contains data about the sender and the destination web address. The
packet is transmitted from the application layer until it reaches the bottom layer, also known
as the Ethernet frame.

The basic frame format which is required for all MAC implementation is defined in IEEE
802.3 standard. Though several optional formats are being used to extend the protocol’s
basic capability. Ethernet frame starts with the Preamble and SFD, both work at the physical
layer. The ethernet header contains both the Source and Destination MAC address, after
which the payload of the frame is present. The last field is CRC which is used to detect the
error. Now, let’s study each field of basic frame format.
Ethernet (IEEE 802.3) Frame Format

1. PREAMBLE: Ethernet frame starts with a 7-Bytes Preamble. This is a pattern of

alternative 0’s and 1’s which indicates starting of the frame and allow sender and
receiver to establish bit synchronization. Initially, PRE (Preamble) was introduced to
allow for the loss of a few bits due to signal delays. But today’s high-speed Ethernet
doesn’t need a Preamble to protect the frame bits. PRE (Preamble) indicates the receiver
that frame is coming and allow the receiver to lock onto the data stream before the
actual frame begins.
2. Start of frame delimiter (SFD): This is a 1-Byte field that is always set to 10101011.
SFD indicates that upcoming bits are starting the frame, which is the destination
address. Sometimes SFD is considered part of PRE, this is the reason Preamble is
described as 8 Bytes in many places. The SFD warns station or stations that this is the
last chance for synchronization.
3. Destination Address: This is a 6-Byte field that contains the MAC address of the
machine for which data is destined.
4. Source Address: This is a 6-Byte field that contains the MAC address of the source
machine. As Source Address is always an individual address (Unicast), the least
significant bit of the first byte is always 0.
5. Length: Length is a 2-Byte field, which indicates the length of the entire Ethernet
frame. This 16-bit field can hold a length value between 0 to 65535, but length cannot
be larger than 1500 Bytes because of some own limitations of Ethernet.
6. Data: This is the place where actual data is inserted, also known as Payload . Both IP
header and data will be inserted here if Internet Protocol is used over Ethernet. The
maximum data present may be as long as 1500 Bytes. In case data length is less than
minimum length i.e. 46 bytes, then padding 0’s is added to meet the minimum possible
length.
7. Cyclic Redundancy Check (CRC): CRC is 4 Byte field. This field contains a 32-bits
hash code of data, which is generated over the Destination Address, Source Address,
Length, and Data field. If the checksum computed by destination is not the same as sent
checksum value, data received is corrupted.
8. VLAN Tagging: The Ethernet frame can also include a VLAN (Virtual Local Area
Network) tag, which is a 4-byte field inserted after the source address and before the
EtherType field. This tag allows network administrators to logically separate a physical
network into multiple virtual networks, each with its own VLAN ID.
9. Jumbo Frames: In addition to the standard Ethernet frame size of 1518 bytes, some
network devices support Jumbo Frames, which are frames with a payload larger than
1500 bytes. Jumbo Frames can increase network throughput by reducing the overhead
associated with transmitting a large number of small frames.
10. Ether Type Field: The EtherType field in the Ethernet frame header identifies the
protocol carried in the payload of the frame. For example, a value of 0x0800 indicates
that the payload is an IP packet, while a value of 0x0806 indicates that the payload is
an ARP (Address Resolution Protocol) packet.
11. Multicast and Broadcast Frames: In addition to Unicast frames (which are sent to a
specific destination MAC address), Ethernet also supports Multicast and Broadcast
frames. Multicast frames are sent to a specific group of devices that have joined a
multicast group, while Broadcast frames are sent to all devices on the network.
12. Collision Detection: In half-duplex Ethernet networks, collisions can occur when two
devices attempt to transmit data at the same time. To detect collisions, Ethernet uses
a Carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol, which
listens for activity on the network before transmitting data and backs off if a collision
is detected.