TCP/IP - ARP protocol

TCP/IP - ARP protocol

Última edición 03 Sep 2018 Elephant

Into the set of TCP/IP protocols is the ARP (Address Resolution Protocol) whose mission is to discover the MAC addresses of the devices connected to the network. Essential functionality in a communication that uses IP (Internet Protocol).

Local network ranges

In the IP specification it is contemplated that an IP address of each class (A, B or C) can be assigned to machines that are not directly connected to the Internet and without coming into conflict with other machines. Although these machines do not have a direct connection to the Internet, they can have a Router in the network with an external Internet IP and local internal IP which is the most usual case in local networks.

The IP addresses reserved to create local networks are:

  • A class. to
  • B class. to
  • C class. to

There is no risk of using any of them since no machine connected to the Internet will have an IP in those ranges.


In order to communicate two devices through a network, at least 3 layers of the OSI model are needed:

  • Layer 1. It only takes care of sending and receiving bits through the transmission medium and knows nothing about IP or MAC addresses.
  • Layer 2. In charge of transmitting the data. It has a MAC (physical) address and does not know anything about IP addresses, it only works with MAC addresses.
  • Layer 3. In charge of building the data packages. It has an IP (logical) address.

The physical address of layer 2 belongs to the Network Hardware and is a unique address worldwide composed of 6 bytes that can not be modified. You can make a simile with the identity document or passport of the network adapter.

The logical address of the adapter or IP address of layer 3 can be modified at any time or even configured so that an IP address is automatically assigned via DHCP.

It is necessary to store somewhere a relation between IP and MAC addresses of the devices connected to the network, normally a table is used and it is stored in a cache within the network adapter itself. This table is used for direct communications, within a local network, since when the destination is outside that scope, it is necessary to deal with the IP addresses of layer 3.


Address resolution

Even if only two devices are connected to a network it is necessary that both have an IP address since the TCP / IP protocol does not know how many devices are connected to the network and treats all equally. Although it is clear that the message from one device will be directed to the other, the packet will be rejected if the IP address is not correct.

A device can send messages over Ethernet in 3 different ways:

  • Broadcast. Directed to all devices connected to the network.
  • Multicast. Directed to a group of devices.
  • Unicast. When it is directed to a specific device.

Broadcast should be used in exceptional cases for security reasons and because each device should check on each received packet if it is the recipient and act accordingly with the increased processing and resources of the CPU.

Unicast is used for point-to-point communications within a network and it is necessary to know the physical address of the MAC destination device in order to send the message, data that is normally stored in a table within the device. It is a relatively simple process since the device sends a Broadcast message to the network asking for the MAC of a certain IP and the device that has that IP responds with its MAC, storing it in a local cache for future communications.

Therefore, each device maintains a cache of all IP and MAC with which it has been communicating and makes a query before sending any package to the network.


Here are the different steps that occur in an ARP communication:

  1. Source checks the cache. The device that is going to send a message first checks in its cache whether it has the physical MAC address of the destination annotated. If so, skip to the last step.
  2. Source sends an ARP message to Broadcast. Compose a message with the IP address and MAC source (own) as well as the IP address of the destination.
  3. Devices process the Broadcast message. All the devices connected to the network receive the ARP message, but only the one with the IP equal to the one in the message answers.
  4. Destination answers the message. The target device generates an ARP response message including its IP address and MAC among other parameters and it is sent to the source device using the Unicast mode since it now knows the MAC.
  5. Destination updates the cache. The destination device takes the opportunity to update the cache since normally the messages are bidirectional and thus it gains time the next time you have to send a message to the source device.
  6. Source processes the message. The source device processes the response received from the destination and stores the MAC in its cache to be able to send messages to the destination.

It can be seen that the source device sends its IP address to the destination, not being necessary since the communication is done only knowing the MAC, but the reason for sending this data is to take advantage of the ARP message and cause a cross-resolution, in the origin and destination device.


Message format

The format of an ARP message is the one described in the following table:

FieldSize (bytes)Description
hrd2Hardware type
pro2Protocol type
hln1MAC length
pln1IP length
op2Operation code
shavariable (value of hln)Source MAC
spavariable (value of pln)Source IP
thavariable (value of hln)Destination MAC
tpavariable (value of pln)Destination IP

To make the ARP package compatible with other networks and protocols with different address sizes, two fields are included with the size of the MAC and IP address (hln and pln).

The most important values of the HRD field are:

6IEEE 802

The most important values of the OP field are:

1ARP Request
2ARP Reply

The composition of an ARP message can be seen in the following image:


Previous Post