ARP- Address resolution protocol, as name suggests it used to resolve IP address to MAC-address used by data link protocol. As network engineer , its default that you should be aware of ARP , there is no excuse for not knowing ARP . This post is specific to those readers who want detailed analysis ,how ARP works.
We will take a simple scenario to explain the concept of ARP , where PC1 (IP 192.168.1.10) wants to communicate with PC2 (192.168.2.10).
Lets first have a look at ARP header to have clear understanding of ARP fields.
Hardware type is of 2 byte which is network protocol type: in this case , it’s Ethernet which is 1.
Protocol type field is the internetwork protocol for which the ARP request is intended. In this case it’s IP, this has the value 0x0800.
Hardware Address length indicates length of hardware address, in this case Its Ethernet so hardware size is 6 bytes.
Protocol Address length indicates length of protocol address, In this case, its IP so protocol address length is 4 bytes.
Opcode is operation code that the sender is performing: 1 for request, 2 for reply, 3 and 4 in case of RARP(reverse ARP)
Sender protocol and Target protocol address is source and destination IP address.
Source hardware and Target hardware address is source Mac-Address and Destination Mac- address.
Considering initially there is no ARP entry present on either of the PC, means that neither of the PC nor R1 is having any information of destination MAC address which is necessary for each other communication.
ARP entry of PC1 ,PC2 and R1 at initial phase.
Now lets initiate a ping request from PC1 to PC2 , as PC1 does not know the MAC address of gateway ip (192.168.1.1 on R1) , so first frame is broadcast asking Who has 192.168.1.1 ? Tell 192.168.1.10 (PC1) . If you observe the first ping packet , its generally dropped ,it’s because of same reason , as you can see in below image.
Let’s have a look at detailed ARP capture to understand actually what is happening at background.
PC1 – Broadcast Frame
Here we will come across all the field of ARP header which we discussed earlier.
In this capture , we can see that ARP packet with Opcode =1(request) , with sender MAC, target MAC and Sender IP address, but as PC 1 is not aware of Target MAC address, so it puts broadcast address (ff:ff:ff:ff:ff:ff) for Target Mac address and broadcast the frame.
First frame is broadcast asking Who has 192.168.1.1 ? Tell 192.168.1.10 ,which we can also see in ARP capture mentioned above. Router R1 configured with the IP address 192.168.1.1 sends a reply which is unicast to source PC1 .
Let’s have a look of the ARP capture for unicast frame.
PC1 – Unicast Frame
Above ARP frame capture is having Opcode as 2 i.e reply. The sender IP is now 192.168.1.1 (R1 ) and destination IP is 192.168.1.10 (PC1) ,accordingly R1 unicast the frame with source MAC of itself and destination MAC of PC1.
R1 also saves the source MAC address in its ARP cache.
Thus overall process makes PC1 aware of the destination MAC of gateway IP (R1)
Similarly same process is done at PC2 end to get the IP address resolve to MAC address. ARP request is broadcast from PC2 for destination Mac address of 10.10.2.1 and unicast packet with required details is received from R1 .
Below is Wireshark capture for PC2 for ARP frame (for broadcast and unicast ) for reference.
PC2 – Broadcast Frame
PC2- Unicast Frame
Thus PC1 and PC2 are now aware of the respective gateway hardware address. R1 now being too aware of PC1 and PC2 MAC address thus makes communication possible between PC1 and PC2
ARP entry of PC1 ,PC2 and R1 after successful ping.
Hope this post have cleared your any doubts regarding ARP