A decent knowledge of networking is important for any system administrator managing servers in an enterprise environment. Linux and UNIX distributions provide a number of different commands which we could use to query and to an extent modify the network properties of our system. In this article, we will explain the use of a useful network diagnostics and troubleshooting tool named arp. We will be exploring what the arp tool does and the type of information it provides with the help of examples. It is worth noting that the arp utility is not confined to UNIX/Linux operating systems and can be found on Windows operating systems as well as networking and security devices.
What is ARP?
ARP is the abbreviation for Address Resolution Protocol, which is used to find the address of a network neighbor for a given IPv4 address. This protocol is used by network nodes to resolve IP addresses to their corresponding MAC addresses. The mapping of the IP addresses to MAC addresses is stored in a cache on the system so that this information does not need to be retrieved repeatedly while the system communicates with it’s neighboring devices over the network. The purpose of the arp protocol is two fold i.e. it determines the physical/MAC address of the destination device while sending a data packet and it responds with the MAC address of the machine on which it is running as answers queries received from other machines.
The arp command could be used for the following purposes:
- Display IP address to MAC address resolution information for neighboring devices.
- Clear address mapping entries and set them up manually.
- Add an address for which to proxy arp.
- Forcefully add permanent entries to the ARP table.
With a basic understanding of what arp is and the information it provides, lets now take a look at some examples:
Example 1: Display entries
Invoking the arp command without any options will display the contents of the arp cache table.
[root@linuxnix ~]# arp Address HWtype HWaddress Flags Mask Iface 22.214.171.124 ether 00:50:55:c0:00:07 C eth0 126.96.36.199 ether 00:50:55:fd:b2:1a C eth0 188.8.131.52 ether 00:50:55:e5:7d:12 C eth0 [root@linuxnix ~]#
Example 2: Display entries for particular addresses.
If we have a large arp cache and need to get entries for a particular IP address then we could do so by using the arp command with the -a option followed by the IP address. Given below is an example:
[ssuri@linuxnix-phy:~] $ arp -a 184.108.40.206 ? (220.127.116.11) at f7:bd:75:ac:dd:7a [ether] on bond0 ? (18.104.22.168) at f7:bd:75:ac:dd:7a [ether] on bond1
Example 3: Display arp entries for an interface
If we wish to display arp entries for only a single interface then we could do so by invoking the arp command with the -i option followed by the interface name. Given below is an example:
[ssuri@linuxnix-phy:~] $ arp -i bond0 Address HWtype HWaddress Flags Mask Iface usartdb02.exmpl.c ether 17:a9:9b:f5:1a:7e C bond0 usartdb02.exmpl.c ether f8:db:77:f2:5a:a2 C bond0 usartdb01-vip.exmpl ether 54:9f:25:e7:74:42 C bond0 usartdb04-vip.exmpl ether f8:db:77:f2:71:e2 C bond0 usartdb01.exmpl.c ether b7:ca:2a:2a:5c:c2 C bond0 usartdb02.exmpl.c ether f8:db:77:f2:27:52 C bond0
Example 4: Delete an entry
To delete an entry for a host from the arp cache we use the arp command with the -d option followed by the IP address. Given below is an example:
[root@linuxnix ~]# arp -d 192.168.188.2 [root@linuxnix ~]# arp -e Address HWtype HWaddress Flags Mask Iface 192.168.188.1 ether 00:50:56:c0:00:08 C eth0 192.168.188.2 (incomplete) eth0 192.168.188.254 ether 00:50:56:e6:8d:12 C eth0
But as soon as we execute the arp command, the cache is refreshed and you’ll see the entry back in the arp table since the entry I removed was for a live neighboring device.
[root@linuxnix ~]# arp Address HWtype HWaddress Flags Mask Iface 192.168.188.1 ether 00:50:56:c0:00:08 C eth0 192.168.188.2 ether 00:50:56:fd:b2:1a C eth0 192.168.188.254 ether 00:50:56:e6:8d:12 C eth0
Example 5: Add an entry to the arp cache
To add an entry permanently to the arp cache we use the -s option with the arp command and need to specify the IP address and MAC address for the device while invoking the arp command. We also need to specify the interface on the system on which the entry should be added. Given below is an example:
[root@linuxnix ~]# arp -s 192.168.188.133 -i eth0 00:0c:29:f6:1d:81 [root@linuxnix ~]# [root@linuxnix ~]# arp -a ? (192.168.188.133) at 00:0c:29:f6:1d:81 [ether] PERM on eth0 ? (192.168.188.254) at 00:50:56:e6:8d:12 [ether] on eth0 ? (192.168.188.2) at 00:50:56:fd:b2:1a [ether] on eth0 ? (192.168.188.1) at 00:50:56:c0:00:08 [ether] on eth0
This completes our exploration of the arp command with examples. Before we conclude this article we would like to point out that like many other commands in Linux the arp command relies on a file in the /proc file system to obtain its information from. This file is /proc/net/arp.
Latest posts by Sahil Suri (see all)
- Setting up chrooted ssh jails in Linux - October 8, 2019
- How To exclude copying of specific directories in Linux using cp/scp/rsync - October 7, 2019
- Docker container ports explained - September 27, 2019
- Docker Volumes explained - September 25, 2019
- Docker networking commands explained - September 24, 2019