Address Resolution Protocol (ARP)
What is Address Resolution Protocol (ARP)?
ARP is a Layer 2 protocol that maps an IPv4 address to a device’s MAC address on the local network. It uses broadcasts to ask “Who has this IP?” and receives a unicast reply with the correct MAC.
Examples
- Host A (192.168.1.50) wants to send to 192.168.1.77. It broadcasts an ARP request; Host B replies with its MAC, and Host A caches the result.
- A switch port with Dynamic ARP Inspection drops a forged ARP reply that tries to map the default gateway’s IP to an attacker’s MAC.
Discover 🔎
On an Ethernet LAN, devices deliver frames to MAC addresses, but applications talk to IPs. ARP is the translator between those worlds for IPv4. When your machine doesn’t know the MAC address for an IP on the same subnet, it asks the whole LAN, learns the answer, and remembers it for a short time. This simple mechanism keeps local communication fast and automatic.
Summary 📝
ARP ties IPv4 addresses to MAC addresses on the local LAN with a quick ask-and-answer process and short-term caching. It’s simple and fast—but unauthenticated—so designs should expect spoofing attempts and use VLANs and switch security features to keep local communications accurate and safe.
Tip: The interactive version includes progress tracking, decks, and premium deep dives.