Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP) is a dynamic mapping protocol. It maps the IP address of a computer to its MAC address. ARP maps the 32-bit IPv4 address of the receiver to the 48-bit MAC address of the receiver. The Address Resolution Protocol is a Network Layer protocol. A reverse ARP protocol (RARP) also exists that translates MAC address to IP address.

In this section, we will discuss the cases when to use ARP services. We will also discuss the working of ARP and the packet format of ARP in brief.

Content: Address Resolution Protocol

1. Use of ARP
2. Working of ARP
3. Packet Format of ARP
4. Types of ARP
5. ARP Spoofing
6. Key Takeaways

When the services of ARP are used?

Consider a host who wants to send a data packet to another host in a global network. Then the host must have the IP address of the corresponding receiver.

To reach the destination the packet has to travel several physical networks. For this, the sending host requires the MAC address of every hop between sender and receiver. And also the MAC address of the receiver to deliver the packet.

Thus ARP facilitates in resolving the receiver IP address to its MAC address.

Four scenarios where we need the services of ARP protocol:

Case 1: A host has a data packet to send it to another host in the ‘same network’ as that of the sender host. In this scenario, the IP address of the receiver host needs to be mapped with the MAC address of the receiver host. So, the sender host will send an ARP packet to the receiver host requesting for its Mac address.

Case 2: A host has a data packet to send it to another host which is in a ‘different network’ as that of the host. In this scenario, the sender host scans its routing table. And discover the IP address of the ‘next router (hop)’ in the path of the destination host. If the sender host doesn’t have a routing table, then it searches for the IP address of the ‘default router. So, the sender host will send the ARP packet to the next-hop router to get its MAC address.

Case 3: A router has received a data packet that it has to forward to the receiver host which is in ‘another network’. Then the router will search its routing table to find the IP address of the next-hop router in the path. Here, the router will send the ARP request to the next router in the path requesting its MAC address.

Case 4: A router has received a data packet destined to the host in the ‘same network’ as the router. Here, the router will send an ARP request packet to the destined host requesting its MAC address.

So, these are the scenarios where we need ARP.

How Does Address Resolution Protocol (ARP) Work?

Whenever a host has to send a packet to any other host it knows the target hosts IP address. You must be wondering;

How does a sender host know the IP address of the destination host?

A host knows the other host by its ‘name’. Like, you know Google by its ‘hostname’ or ‘domain name’ i.e. google.com, you don’t have to worry about its ‘IP address’. It is the ‘DNS server’ that resolve the domain name into the IP address.

So, whenever a host has to send a packet to another host. It only knows the target hosts name. DNS resolves the target hosts name into its IP address. Thus, we say whenever a host wants to send a packet to the target host it knows its IP address.

Coming back to the ARP, as we have said that a sender knows the receiver’s IP address. But, to pass through the physical networks, it requires the MAC address of the target host.

ARP Request Packet

The IP protocol asks the ARP protocol to prepare a request packet. This request packet consists of:

1. Senders IP address
2. Senders MAC address
3. Target hosts IP address
4. Target hosts MAC address field is not filled.

The request packet is then passed to the data link layer. Here, the packet is encapsulated inside a frame. The frame has:

1. The source address is the sender’s physical address.
2. The destination address is a physical broadcast address.

Due to the broadcast address in the destination address field, it is received by each host in the network. The target host keeps the packet as it identifies its IP address in the ARP packet. The host other than the target host rejects the packet.

ARP Reply Packet

Now, the target host prepares an ARP reply packet with its physical MAC address. This reply packet is unicast to the sending host.

The sender receives the ARP reply message. And thereby now knows the physical MAC address of the target host.

The sender now passes the IP datagram which has the data for the target host to the data link layer. Where it is encapsulated in a frame with the sender’s MAC address as a source address. And the target hosts MAC address as the destination address. Now, this frame is unicast to the destined target host.

Packet Format of Address Resolution Protocol

After getting the working of ARP let us discuss the packet format of ARP. The figure below shows the ARP packet format:

Below we have described the fields of the ARP packet:

• Hardware Type: This field describes the type of network. Actually, each network is assigned an integer that defines its type. Like, Ethernet is type 1. This is a 16-bit field.
• Protocol Type: This field is 16-bit and it defines the protocol.
• Hardware Length: This field defines the length of the MAC address in bytes. This is an 8-bit field.
• Protocol Length: This is also an 8-bit field and it defines the length of IP address in bytes.
• Operation: This field defines the type of ARP packet i.e. ARP request (1) or ARP reply (2). This is a 16-bit field.
• Sender Hardware Address: This field defines the MAC address of the sender. This field has a variable length.
• Sender Protocol Address: This is a variable-length field. It defines the IP address of the sender.
• Target Hardware Address: This is a variable-length field. It defines the MAC address of the target host.
• Target Protocol Address: This is a variable-length field. It defines the IP address of the target host.

Types of  ARP (Address Routing Protocol)

The ARP protocol is used with four variations as discussed below:

1. Proxy ARP
   Proxy ARP is a technique that is applicable if, the communicating systems are in the same network. But they separated by the router. It facilitates communicating systems in two different subnetworks to exchange the ARP messages. With these messages, it can resolve the IP addresses to the MAC addresses.
   Now if a system in a To communicate with a system in a different subnet, the host will broadcast an ARP request. Now the router is unable to forward the layer 2 packets. So this ARP request will never reach the other system in a different subnet. Here the router between these two subnets will act as a proxy for the other system that is in a different subnet.
   So the router responds to the broadcasted ARP request with its own MAC address. Thus the sender system sends all the packets to the router first. And then the router forwards those packets to the destined system.
2. Gratuitous ARP
   Whenever a new device joins the network it broadcast the ARP packet inside the network. This ARP packet has the sender’s IP and MAC address. It’s set the destination IP address as its own IP and destination MAC address as FF:FF:FF:FF:FF:FF. This helps the other devices in the network to update their ARP table.
3. Reverse ARP
   Revere ARP or we call it RARP is sent by the device to determine its IP address. A system broadcast a RARP request in a network with its MAC address. The RARP server responds to this with the requested IP.
4. Inverse ARP
   Inverse ARP is used for device configuration. Contrary to ARP, InARP uses a MAC address of the specific device in the network to determine the IP address of that device.

ARP Spoofing or ARP Poisoning

Address resolution protocol spoofing is also referred to as ARP poisoning. It is a kind of attack where the malicious agent sends false ARP messages over a LAN. Doing this the malicious agent links the MAC address of its device with the IP address of an authentic computer on the network. Now the malicious agent will receive every message intended for this IP address.

With this kind of attack, the malicious agents can easily intercept the communication between the computers in the network.

So, this was all about the Address Resolution Protocol (ARP) which dynamically maps the IP address to the MAC address. ARP has a reverse protocol i.e. Reverse Address Resolution Protocol (RARP) that maps MAC address to the IP address.