Address Resolution Protocol (ARP)

Security+ 🏆 • Protocols 🔗 • Network Security 🌐 • Difficulty: premium

Definition

ARP is a Layer 2 protocol that maps an IPv4 address to a device’s MAC address on the local network. It uses broadcasts to ask “Who has this IP?” and receives a unicast reply with the correct MAC.

Examples

Host A (192.168.1.50) wants to send to 192.168.1.77. It broadcasts an ARP request; Host B replies with its MAC, and Host A caches the result.
A switch port with Dynamic ARP Inspection drops a forged ARP reply that tries to map the default gateway’s IP to an attacker’s MAC.

Discover 🔎

On an Ethernet LAN, devices deliver frames to MAC addresses, but applications talk to IPs. ARP is the translator between those worlds for IPv4. When your machine doesn’t know the MAC address for an IP on the same subnet, it asks the whole LAN, learns the answer, and remembers it for a short time. This simple mechanism keeps local communication fast and automatic.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.