EN 
07.02.2025 Veronika WELCOME IN MY WORLD

This website is originally written in the Czech language. Only part of the content is machine (AI) translated into English. The translation may not be exact and may contain errors.

Tento článek si můžete zobrazit v originální české verzi. You can view this article in the original Czech version.
TCP/IP - nalezení MAC adresy k IP - ARP

TCP/IP - finding MAC address to IP - ARP

| Petr Bouška - Samuraj |
So far, the last twelfth part of the series on computer networks is briefly devoted to the ARP protocol. This is an important protocol that is used to find the MAC address of a station that has a certain IP address. Because we need MAC addresses for every communication, ARP is used very often.
displayed: 75 571x (75 372 CZ, 199 EN) | Comments [10]

Computer networks are often based on Ethernet technology and use the TCP/IP protocol. When two devices want to communicate, they need to know the MAC address and IP address. The station obviously knows its own details (they are set). The target station is commonly addressed using a domain name (DN - domain name or FQDN - fully qualified domain name), which can (and must) be translated into an IP address.

The principle of communication between stations in the network is described in the article TCP/IP and Ethernet - network path, active network elements. Here we see that we always need the MAC address of either the target station or the router/gateway on the path (next hop). So we need to find the MAC address of a station whose IP address we know.

The standardized protocol that finds the MAC address for a given IP address is called the Address Resolution Protocol (ARP) and is defined in RFC 826. It is a protocol that runs on the network layer of the TCP/IP model (Layer 2), the same level as the IP protocol.

Note: The ARP protocol is primarily intended for Ethernet but also works in other technologies such as Token Ring, IEEE802.11, FDDI, or ATM.

Principle of ARP Operation

Note: The source station refers to the machine looking for the MAC address based on the IP address. The target station has the sought IP address set.

  • The source station constructs an ARP request and sends it as a broadcast
  • All stations on the local segment receive the request, and if they do not have this IP, they ignore it
  • The target station constructs an ARP response and sends it as a unicast to the source station

Note: The broadcast address used is ff:ff:ff:ff:ff:ff

Structure of the ARP Packet

The format of the request and response is similar. The difference is in the type in the frame; the request has the type set to 0x0806 in the Ethernet header and the response to 0x0835. The filled values also differ; the operation code is 1 for the request and 2 for the response. In the request, the target hardware address is set to zeros, and in the response, it is set to the correct value.

Note: In general, the MAC address is the hardware address, and the IP address is the protocol address. I describe the use for IP and MAC addresses here, but it can be substituted according to the technology.

bits 0 - 7 8 - 15 16 - 31
0 Hardware type (2B) Protocol type (2B)
32 Hardware size (1B) Protocol size (1B) Operation code (2B)
64 Sender MAC address (6B)
96 Sender MAC address (cont.) Sender IP address (4B)
128 Sender IP address (cont.) Target MAC address (6B)
160 Target MAC address (cont.)
192 Target IP address (4B)

ARP Announcement

A special type of ARP packet is the ARP announcement, which is not used to find someone's MAC address but to announce my MAC address to other stations on the network. The packet is usually similar to an ARP query, with the sender's IP and MAC address filled in and the target IP address set to its own IP. It is used, for example, when the station's IP address changes, sending the announcement updates the ARP cache of other stations.

ARP Cache

To avoid constantly sending ARP queries during ongoing communication, devices use an ARP cache, where combinations of IP addresses and MAC addresses are stored for a certain period (in minutes).

In the Windows operating system, we do not have a tool to create an ARP query, but we can use a command like ping to the appropriate IP address. ARP is used automatically whenever a frame (data to the network) needs to be sent. To view the ARP cache, we can use the command line command arp -a.

Inverse ARP

The opposite protocol to ARP is the Inverse Address Resolution Protocol (Inverse ARP or InARP), which looks for the IP address for a given MAC address. InARP was used in Frame Relay and ATM networks, but we probably won't encounter it today.

Reverse ARP

The Reverse ARP (RARP) protocol, similar to InARP, is used to find the IP address for a MAC address. However, RARP looks for the IP address for itself. This method is no longer used today as it was first replaced by BOOTP (Bootstrap protocol) and now by DHCP (Dynamic Host Configuration Protocol). For RARP, the MAC and IP address assignments had to be manually set on the server, and it is not a protocol over IP but a standalone protocol at the same level. It is defined in RFC 903.

Author:

Related articles:

Computer networks

This series covers the basics of computer networking. Important practical aspects that everyone interested in networking should know are briefly described. It contains some of the most widely read articles on this site. It is used for teaching in schools.

If you want write something about this article use comments.

Comments
  1. [1] yuko

    Diky za clanok, skoro som uz zabudol na toto arp-ovatko , prave som instaloval nmap ale vdaka clanku som si este spomenul na mladi, dik ;-)

    Friday, 28.09.2007 14:35 | answer
  2. [2] STANDA-CHEB

    jezis marja,,,ja fekt nejsem odbornik,,,zni to tady zajimave...ale moc mi to nepomohlo,,,me totiz zajima jak prakticky (nejenom teoreticky)jak tu MAC adresu ziskam,,,jedna se totiz o to ze mam routr u nehoz tuto vecicku nemuzu nikde najit ..original stitek je jaksi osoupany a necitelny,,,takze bych potreboval poradit pokud to jde,jakym prikazem (nejspis v dos radku) tuto informaci ziskam,,diky ,,pokud nekdo poradite budu rad,,,,,,,,,

    Saturday, 17.11.2007 18:56 | answer
  3. [3] Samuraj

    respond to [2]STANDA-CHEB: V článku je popsaná i praktická možnost zjištění MAC adresy pod Windows. Jinak pro ten router je řada možností, ale asi nejjednodušší bude to co je v článku. Je potřeba, aby router běžel a znát jeho IP adresu. Pak ve Windows v příkazové řádce zadáme ping ip-adresa-routeru, následně zadat arp -a. Ve výpisu se najde řádek s danou IP adresou a k ní je vidět MAC adresa.

    Sunday, 18.11.2007 17:33 | answer
  4. [4] Mišák

    Díky za skvělé články, vše je přehledné a srozumitelné! ;-)

    Friday, 22.05.2009 21:23 | answer
  5. [5] Čoudů Tajp-ár

    Parádní články...podané srozumitelnou formou ...jen tak dál ;-)

    Friday, 31.07.2009 11:27 | answer
  6. [6] Pavlína

    Děkuji za super IT článek napsaný lidskou s srozumitelnou formou. Moc mi to pomohlo. Přelouskám si i ostatní články.

    Wednesday, 16.06.2010 15:06 | answer
  7. [7] Vitas

    respond to [3]Samuraj: bohužel pokud to někdy fungovalo, tak už to nefunguje...

    Friday, 03.09.2010 17:31 | answer
  8. [8] Ondras

    respond to [7]Vitas: ale funguje a spolehlive

    • comment responded to by [10]TT
    Friday, 08.10.2010 09:28 | answer
  9. [9] Jakub

    Super články, všem doporučuji, díky. ;-)

    Wednesday, 17.12.2014 20:49 | answer
  10. [10] TT

    respond to [8]Ondras: Myslím že chtěl říct že nefunguje ten router....

    Friday, 31.03.2023 11:14 | answer
Add comment

Insert tag: strong em link

Help:
  • maximum length of comment is 2000 characters
  • HTML tags are not allowed (they will be removed), you can use only the special tags listed above the input field
  • new line (ENTER) ends paragraph and start new one
  • when you respond to a comment, put the original comment number in squar brackets at the beginning of the paragraph (line)