ARP in Networking
ARP in Networking
ARP (Address Resolution Protocol) is a fundamental networking protocol. It translates IP addresses into their corresponding MAC address.
Find your network interface:
ifconfig
(linux/Mac, I think Windows is ipconfig
)
It's probably something like en0
. I'm using a Mac, so I'm not really sure what Windows users see.
To clear the arp table, do
sudo arp -d -i en0 -a
Then do arp -a
to see the arp table.
> osync.lan (192.168.1.1) at 4c:19:5d:70:ac:6 on en0 ifscope [ethernet]
> my-device.lan (192.168.1.244) at 60:3e:5f:37:4d:4 on en0 ifscope permanent [ethernet]
For me, this only had two entries, the gateway and my device. So, to give it some action, I located other network devices:
nmap -sn 192.168.1.0/24
That scans my network from 192.168.1.1 to 192.168.1.255. It found a handful of devices.
I looked at the arp table again (arp -a
) and found every nmap command, so I again cleared it (sudo arp -d -i en0 -a
) so it wouldn't be so noisy.
Then, I pinged one of the devices I found:
ping amazon-9fb0844f1.lan
Then checked the arp table and found that device in the list.
$ arp -a
> osync.lan (192.168.1.1) at 4c:19:5d:70:ac:6 on en0 ifscope [ethernet]
> amazon-9fb0844f1.lan (192.168.1.61) at f4:3:2a:26:a0:9e on en0 ifscope [ethernet]
> my-device.lan (192.168.1.244) at 60:3e:5f:37:4d:4 on en0 ifscope permanent [ethernet]
You can capture ARP data in wireshark, too. When you set up the capture (before you start), just type arp
into the filter box and it will capture ARP traffic.