devondra
asked on
ARP
At the command prompt, enter the arp command. What does the response tell you about the arp command?
Actually, it tells you where your machine has recently wanted/needed to send packets. (Note that if the destinations are remote, the MAC address in the cache will be that of the gateway and not of the actual remote machine.)
If the destinations are remote (i.e. not in the local IP network), they won't show up in the ARP table at all.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If it's through a router, it WILL show up on the table. I ran into a problem two nights ago on my home network and when I pulled up the table, I got the IP address of the external router interface rather than the domain controller that had pinged the local computer. You are correct in the sense that the computer's IP won't show, but the last thing to send the packet will.
Hello,
Well I will take it from you (and anyways I wasn't going to quote the definition.)
ARP (Address Resolution Protocol) and R (Reverse) ARP are two different protocols performing two complementory operations. I hv given some live examples of ARP and RARP in operation (tho the example used to exaplain a form of ARP (Proxy ARP) will never occur in real life, but it gets the point accros.)
note tho: NIC = Network Interface Card, or LAN Card
ARP
----
Taking that you are aware of the OSI model of internetworking, you might be knowing that the "Networking Layer" communicates using IP addresses. Suppose my computer (with IP address 10.109.1.1/24) wanted to send a packet to 10.109.1.2 then this would be the brief process:
(1) - Since my IP address lies in the same subnet as 10.109.1.2 (more on this later) assume that the target IP address is physically connected to me. (or rather my NIC hving IP addr 10.109.1.2)
The same subnet decision is made very easily. As you might be aware of, a IP address consists of a Network ID part and a Host ID part. If the Network IDs of two IP addresses are same, then they are considered to be physically reachable (connected to the same ethernet segment.)
So the CIDR (Classless Inter-Domain Routing) /24 specifies that 10.109.1.1/24 has a host ID of 10.109.0.0 which is the same as that of 10.109.1.2.
(2) - The packet is handed down to the Datalink layer without any modification.
(3) - The datalink layer need to deliver the packet to the corresponding datalink layer on the destination machine. To do this, it will hv to hand appropiate information to the physical layer of the TCP/IP or OSI model. This appropiate machine consists of "the physical address of the target NIC" rather than the IP address. There fore, there must exist a way of mapping the IP address => to the physical address.
The physical address in this case is the MAC (Medium Access Control) address which is unique for each manufactured NIC (Lan Card) in the world. Basically it is nothing but like the plot numbers assigned to each house which the mailman uses to deliver the snail mail. Very similar.
IP addr MAC addr
(Upper layers) =======> (Data link layer) =========> (Physical layer), Source NIC
|||
(Upper layers) <======= (Data link layer) <========= (Physical layer), Dest NIC
The three bars represent the actual connection, whether it be a cross over cable, connection via hub, switch or any other interface (like FDDI ring.)
So this mapping of IP address to MAC address within a subnet "i.e. NICs hving same host id" is done using ARP.
A typical ARP exchange is like so (taking our example above):
10.109.1.1 > 10.109.1.255 (broadcast addr): arp who-has 10.109.1.2 tell 10.109.1.1
10.109.1.2 > 10.109.1.1: arp reply 10.109.1.2 is-at 0:c:29:6c:d7:63
one subtle point is that ARP REQUESTS are broadcast (delivered to all NICs within a subnet (physically connected)) but ARP REPLIES are Point-to-Point.
now the 10.109.1.1 node is aware of the MAC address associated with 10.109.1.2 and thus passes the packets and the dest. MAC address to the :Physical layer: which delivers the packet.
Proxy ARP: Suppose a bridge separated two different subnets. One 10.109.1.0/24 and other 10.109.2.0/24. ARP will be adequate for packet delivery within the respective subnets. But if a host , say H1(10.109.1.1), wants to send soming to host H2 (10.109.2.1) then what to do:
1 - we could specify the IP address of the bridge/router as the default gateway for the subnet 10.109.1.0 so that if it wanted to communicate with some machine outside the subnet it would send the packets to the gateway which would do the routing.
otherwise, 2 - trick the first subnet and make the bridge "reply" its mac address as the IP -- > MAC mapping during ARP process.
10.109.1.1 > arp who-has 10.109.1.2 tell 10.109.1.1
10.109.1.254 (the router) > arp reply 10.109.1.1 is-at (MAC ADDR)
so the H1 will send its packet to the router and it will be handled appropiately. This is the use of proxy arp.
R-ARP
-------
R-ARP was used earlier (now it has been replaced by technologies like BOOTP or DHCPD) to support diskless-workstation (a.k.a. thin clients)
Suppose a machine was booted of a ROM medium with no facility of any configuration file to set a IP address, how would it obtain the parameters (in this case the IP Address.)
to solve this problem, RARP was invented so that a thin client would broadcast its MAC address (which is embedded into the NIC (lan card) and dosent require any configuration expect putting in a required hardware) and a designated server would reply Point-to-Point to the MAC address that it should take its IP address to be whatever the sysadmin desided while performing the mapping.
Better technologies hv replaced the need for RARP and its use has declined.
Hope this gives a indepth view of the functioning of ARP and its less used sibling RARP.
Kidoman
Well I will take it from you (and anyways I wasn't going to quote the definition.)
ARP (Address Resolution Protocol) and R (Reverse) ARP are two different protocols performing two complementory operations. I hv given some live examples of ARP and RARP in operation (tho the example used to exaplain a form of ARP (Proxy ARP) will never occur in real life, but it gets the point accros.)
note tho: NIC = Network Interface Card, or LAN Card
ARP
----
Taking that you are aware of the OSI model of internetworking, you might be knowing that the "Networking Layer" communicates using IP addresses. Suppose my computer (with IP address 10.109.1.1/24) wanted to send a packet to 10.109.1.2 then this would be the brief process:
(1) - Since my IP address lies in the same subnet as 10.109.1.2 (more on this later) assume that the target IP address is physically connected to me. (or rather my NIC hving IP addr 10.109.1.2)
The same subnet decision is made very easily. As you might be aware of, a IP address consists of a Network ID part and a Host ID part. If the Network IDs of two IP addresses are same, then they are considered to be physically reachable (connected to the same ethernet segment.)
So the CIDR (Classless Inter-Domain Routing) /24 specifies that 10.109.1.1/24 has a host ID of 10.109.0.0 which is the same as that of 10.109.1.2.
(2) - The packet is handed down to the Datalink layer without any modification.
(3) - The datalink layer need to deliver the packet to the corresponding datalink layer on the destination machine. To do this, it will hv to hand appropiate information to the physical layer of the TCP/IP or OSI model. This appropiate machine consists of "the physical address of the target NIC" rather than the IP address. There fore, there must exist a way of mapping the IP address => to the physical address.
The physical address in this case is the MAC (Medium Access Control) address which is unique for each manufactured NIC (Lan Card) in the world. Basically it is nothing but like the plot numbers assigned to each house which the mailman uses to deliver the snail mail. Very similar.
IP addr MAC addr
(Upper layers) =======> (Data link layer) =========> (Physical layer), Source NIC
|||
(Upper layers) <======= (Data link layer) <========= (Physical layer), Dest NIC
The three bars represent the actual connection, whether it be a cross over cable, connection via hub, switch or any other interface (like FDDI ring.)
So this mapping of IP address to MAC address within a subnet "i.e. NICs hving same host id" is done using ARP.
A typical ARP exchange is like so (taking our example above):
10.109.1.1 > 10.109.1.255 (broadcast addr): arp who-has 10.109.1.2 tell 10.109.1.1
10.109.1.2 > 10.109.1.1: arp reply 10.109.1.2 is-at 0:c:29:6c:d7:63
one subtle point is that ARP REQUESTS are broadcast (delivered to all NICs within a subnet (physically connected)) but ARP REPLIES are Point-to-Point.
now the 10.109.1.1 node is aware of the MAC address associated with 10.109.1.2 and thus passes the packets and the dest. MAC address to the :Physical layer: which delivers the packet.
Proxy ARP: Suppose a bridge separated two different subnets. One 10.109.1.0/24 and other 10.109.2.0/24. ARP will be adequate for packet delivery within the respective subnets. But if a host , say H1(10.109.1.1), wants to send soming to host H2 (10.109.2.1) then what to do:
1 - we could specify the IP address of the bridge/router as the default gateway for the subnet 10.109.1.0 so that if it wanted to communicate with some machine outside the subnet it would send the packets to the gateway which would do the routing.
otherwise, 2 - trick the first subnet and make the bridge "reply" its mac address as the IP -- > MAC mapping during ARP process.
10.109.1.1 > arp who-has 10.109.1.2 tell 10.109.1.1
10.109.1.254 (the router) > arp reply 10.109.1.1 is-at (MAC ADDR)
so the H1 will send its packet to the router and it will be handled appropiately. This is the use of proxy arp.
R-ARP
-------
R-ARP was used earlier (now it has been replaced by technologies like BOOTP or DHCPD) to support diskless-workstation (a.k.a. thin clients)
Suppose a machine was booted of a ROM medium with no facility of any configuration file to set a IP address, how would it obtain the parameters (in this case the IP Address.)
to solve this problem, RARP was invented so that a thin client would broadcast its MAC address (which is embedded into the NIC (lan card) and dosent require any configuration expect putting in a required hardware) and a designated server would reply Point-to-Point to the MAC address that it should take its IP address to be whatever the sysadmin desided while performing the mapping.
Better technologies hv replaced the need for RARP and its use has declined.
Hope this gives a indepth view of the functioning of ARP and its less used sibling RARP.
Kidoman
So, if I am on a computer, and I for example ping another computer, I can sit down at the computer I just pinged, and type in "arp -a" it will display the IP address of the computer the ping came from, as well as the MAC address of that system. There are other feautres, but it's a handy way of finding out who's touched your machine from across the network.