ARP in Networking

January 25, 2025 note-to-self

ARP in Networking

ARP (Address Resolution Protocol) is a fundamental networking protocol. It translates IP addresses into their corresponding MAC address.

Find your network interface:

ifconfig (linux/Mac, I think Windows is ipconfig)

It's probably something like en0. I'm using a Mac, so I'm not really sure what Windows users see.

To clear the arp table, do

sudo arp -d -i en0 -a

Then do arp -a to see the arp table.

> osync.lan (192.168.1.1) at 4c:19:5d:70:ac:6 on en0 ifscope [ethernet]
> my-device.lan (192.168.1.244) at 60:3e:5f:37:4d:4 on en0 ifscope permanent [ethernet]

For me, this only had two entries, the gateway and my device. So, to give it some action, I located other network devices:

nmap -sn 192.168.1.0/24

That scans my network from 192.168.1.1 to 192.168.1.255. It found a handful of devices.

I looked at the arp table again (arp -a) and found every nmap command, so I again cleared it (sudo arp -d -i en0 -a) so it wouldn't be so noisy.

Then, I pinged one of the devices I found:

ping amazon-9fb0844f1.lan

Then checked the arp table and found that device in the list.

$ arp -a
> osync.lan (192.168.1.1) at 4c:19:5d:70:ac:6 on en0 ifscope [ethernet]
> amazon-9fb0844f1.lan (192.168.1.61) at f4:3:2a:26:a0:9e on en0 ifscope [ethernet]
> my-device.lan (192.168.1.244) at 60:3e:5f:37:4d:4 on en0 ifscope permanent [ethernet]

You can capture ARP data in wireshark, too. When you set up the capture (before you start), just type arp into the filter box and it will capture ARP traffic.