Address Resolution Protocol - Wikipedia

#readwise # Address Resolution Protocol - Wikipedia ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article0.00998d930354.png) ## Metadata - Author: [[wikipedia.org]] - Full Title: Address Resolution Protocol - Wikipedia - URL: https://en.wikipedia.org/wiki/Address_Resolution_Protocol ## Summary The Address Resolution Protocol (ARP) helps find the MAC address linked to an IPv4 address. It was defined in 1982 and is essential for communication in the Internet protocol suite. In IPv6 networks, this function is handled by the [[Neighbor Discovery Protocol - Wikipedia|Neighbor Discovery Protocol (NDP)]]. ARP can also be used for announcements and load balancing in network interfaces. ## Highlights The Address Resolution Protocol (ARP) is a [communication protocol](https://en.wikipedia.org/wiki/Communication_protocol) used for discovering the [[Link Layer - Wikipedia|link layer]] address, such as a [MAC address](https://en.wikipedia.org/wiki/MAC_address), associated with a given [[internet Layer - Wikipedia|Internet layer]] address, typically an [[IPv4 - Wikipedia|IPv4 address]]. This mapping is a critical function in the [[Internet Protocol Suite - Wikipedia|Internet protocol suite]]. ARP was defined in 1982 by [RFC 826](https://datatracker.ietf.org/doc/html/rfc826), which is [Internet Standard](https://en.wikipedia.org/wiki/Internet_Standard) STD 37. ([View Highlight](https://read.readwise.io/read/01jhtpjbefgce8nvd2mt46vsr3)) ^crjb6v --- ARP is required when a host wants to send an IPv4 packet to another node within the same network but doesn't know that node's MAC address yet. The host broadcasts an ARP request containing the node's IP address, and the node with the corresponding IP address returns an ARP reply that contains its MAC address. ([View Highlight](https://read.readwise.io/read/01jhtpjfqm2kpf9epp274v82zx)) ^2j5nmw --- ARP's placement within the [[Internet Protocol Suite - Wikipedia|Internet protocol suite]] and the [[OSI Model - Wikipedia|OSI model]] may be a matter of confusion or even of dispute. [RFC 826](https://datatracker.ietf.org/doc/html/rfc826) places it into the [[Link Layer - Wikipedia|Link layer]] and characterizes it as a tool to inquire about the "higher level layer", such as the Internet layer. [RFC 1122](https://datatracker.ietf.org/doc/html/rfc1122) also discusses ARP in its link layer section. Richard Stevens places ARP in OSI's data link layer while newer editions associate it with the network layer or introduce an intermediate OSI layer 2.5. ([View Highlight](https://read.readwise.io/read/01jhtpkkkmktrfs45d7zeb9bp7)) ^eu0gto --- Because ARP does not provide methods for authenticating ARP replies on a network, ARP replies can come from systems other than the one with the required Layer 2 address. An ARP *proxy* is a system that answers the ARP request on behalf of another system for which it will forward traffic, normally as a part of the network's design, such as for a dialup internet service. By contrast, in ARP *spoofing* the answering system, or *spoofer*, replies to a request for another system's address with the aim of intercepting data bound for that system. A malicious user may use ARP spoofing to perform a [man-in-the-middle](https://en.wikipedia.org/wiki/Man-in-the-middle) or [denial-of-service](https://en.wikipedia.org/wiki/Denial-of-service) attack on other users on the network. Various software exists to both detect and perform ARP spoofing attacks, though ARP itself does not provide any methods of protection from such attacks. ([View Highlight](https://read.readwise.io/read/01jhtpr4ns1wvp1zwgbj8yw2vj)) ^fr79az --- IPv6 uses the [[Neighbor Discovery Protocol - Wikipedia|Neighbor Discovery Protocol (NDP)]] and its extensions such as [Secure Neighbor Discovery](https://en.wikipedia.org/wiki/Secure_Neighbor_Discovery), rather than ARP. --- Computers can maintain lists of known addresses, rather than using an active protocol. In this model, each computer maintains a database of the mapping of [Layer 3](https://en.wikipedia.org/wiki/Layer_3) addresses (e.g., [IP addresses](https://en.wikipedia.org/wiki/IP_addresses)) to [Layer 2](https://en.wikipedia.org/wiki/Layer_2) addresses (e.g., [Ethernet](https://en.wikipedia.org/wiki/Ethernet) [MAC addresses](https://en.wikipedia.org/wiki/MAC_addresses)). This data is maintained primarily by interpreting ARP packets from the local network link. Thus, it is often called the *[ARP cache](https://en.wikipedia.org/wiki/ARP_cache)*. Since at least the 1980s, networked computers have a utility called *arp* for interrogating or manipulating this database. ([View Highlight](https://read.readwise.io/read/01jhtpq0qf4ny7fqtptg8thzh6)) ---