ARP stands for Address Resolution Protocol which is especially helpful when we want to retrieve the MAC address of a device but only know its IP address. The arp command in Linux is used to view, add and delete the entries present in the ARP cache – the table which contains the mapping of IP Addresses to MAC Addresses for hosts on the local network. arp command is a part of the net-tools package which has been deprecated in favour of the ip command.
Install ARP
To be able to use ARP commands on your Linux device, you need to first ‘net-tools‘ on your system. All you need to do to install it is enter the following code in the terminal:
sudo apt install net-tools
Also read: Network Configuration Guide for Ubuntu
Basic usage of arp command
To view the current contents of the ARP cache, type the following code:
arp
You can also use: arp -a
As can be seen in the screenshot, the output has several fields which are:
- Address: By default, the arp command prints the Symbolic Name for a host on the local network. When arp is used with the
-noption, it prints the IP Addresses of the hosts rather than their symbolic names.
arp -n
- HWtype: Specifies the hardware type (by default its value is
ether) - HWaddress: The MAC (physical) address of the host
- Flags: The
Flagsfield indicates if the address has been learned, manually set by the user, published, or is incomplete
Each complete entry in the ARP cache is marked with the C flag, permanent entries are marked with M and published entries have the P flag - Mask: Describes the subnet mask (number of masked bits in the IP address)
- IFace:
IFacetells us the logical names of the network interfaces
Working with arp command
Let’s now take a look at some examples of the arp command and how you can leverage it for your networking needs.
1. Manually add entries in ARP cache in case of duplicate IP Addresses
ARP is sometimes useful when diagnosing duplicate IP assignment problems. For example, suppose you can’t access a computer that has an IP address of 192.168.168.100. You try to ping the computer, expecting the ping to fail; but lo and behold, the ping succeeds. One possible cause for this may be that two computers on the network have been assigned the address 192.168.168.100, and your ARP cache is pointing to the wrong one.
To manually add entries in the table, you can use the following command:
arp -s <host-IP-address> <host-MAC-address>
for example, take a look at the following image:
After using the sudo arp -s 192.168.1.7 22:33:44:55:66:77, a new entry with the corresponding IP and MAC address was added to the ARP cache.
2. Delete entries from the table
You can also delete unnecessary or duplicate entries from the ARP table. Don’t worry, even if you delete a primary or some important entry from the table, then if it’s active on the network, it will go through the ARP process again and will show up in the table eventually.
To delete an entry, enter the following code
arp -d <host-IP-address>
For example, see the image below:
After using the arp -d 192.168.1.7 command, the corresponding address was deleted from the table.
While active hosts will reappear in the table again, inactive/down hosts will be removed from the table using this command unless they are made active again. This makes the arp -d command very handy for Linux users.
3. Add multiple entries using a text file
Before, we saw how we can use the arp -s command to add a single entry in the table. But it is possible to add multiple entries to the table at once. All we need to do is to create a file which contains the IP address and MAC address of the entries we want to add.
Now, run the following command in the location where the file is saved:
sudo arp -f <file-name>
For example, refer to the following image:
As you can see, these two entries:
192.168.1.4 11:22:33:44:55:66
192.168.1.7 1A:2B:3C:4D:5A:6B
were added to the table.
Summary
ARP is a very crucial concept in computer networks. Whether it was for your studies, or just for knowledge, we hope that this article was able to increase your understanding of ARP and its usage in Linux.
References
You can learn more about the ARP utility by viewing its official manual page:
