Network Services

Wednesday, April 16, 2014

Using The arp Utility


Using The arp Utility

ARP is a protocol in the TCP/IP suite. ARP is used by IP to ascertain the MAC address of a device on the same subnet as the requester. When a TCP/IP device needs to forward a packet
to a device on the local subnet, it first looks in its own table, called an ARP cache ( cache because the contents are periodically aged out), for an association between the known IP address of the destination device on the local subnet and the same device’s MAC address. If no association that includes the destination IP address can be located, the device sends out an 
ARP broadcast that includes its own MAC and IP information as well as the IP address of the target device and a blank MAC address field, which is the object of the whole operation. It
is this one unknown value that the source device requests be returned in an ARP reply. Windows includes a utility called
arp , which allows viewing of the operating system’s ARP cache.
To start the arp utility in Windows 2000, follow these steps:


  1. Choose Start  Run and enter cmd to open the MS-DOS Prompt window. Or, you can choose Start Programs  Accessories  Command Prompt.
  2. At the command prompt, type arp and any switches you need, as discussed later in this section.

NOTE:
Entered alone, the 
arp 
command lists only the switches you must use in order 
to use the 
arp 
utility correctly.

The arp utility is primarily useful for resolving duplicate IP addresses. For example, your workstation receives its IP address from a Dynamic Host Configuration Protocol (DHCP)
server, but it accidentally receives the same address as another workstation. When you try to ping it, you get no response. Your workstation is trying to determine the MAC address, and it
can’t do so because two machines are reporting that they have the same IP address. To solve this problem, you can use the
arp utility to view your local ARP table and see which TCP/IP address is resolved to which MAC address. To display the entire current ARP table, use the arp command with the –a switch, like this:

arp -a


You’ll see something similar to the following:
Interface: 204.153.163.3 on Interface 2

Internet Address            Physical Address             Type
204.153.163.2                00–a0–c9–d4–bc–dc       dynamic
204.153.163.4                00–a0–c0–aa–b1–45       dynamic
 
TIP:
The –g switch will produce the same result.

From this output, you can tell which MAC address is assigned to which IP address. Then, for static assignments, by examining your network documentation (you do have it, don’t you?), you
can tell which workstation has the IP address and if it is indeed supposed to have it. For DHCPassigned addresses, you can begin to uncover problems with multiple DHCP scopes or servers giving out identical addresses and other somewhat common configuration issues. Note that, under normal circumstances, you should not see IP addresses in the ARP table for a given interface that are not members of the same IP subnet as the interface, and each other for that matter.

NOTE:
If the machine has more than one network card (as may happen in Windows servers), each interface will be listed separately.
In addition to displaying the ARP table, you can use the arp
utility to manipulate the table. To add static entries to the ARP table, use the arp command with the –s switch. These entries
stay in the ARP table until the machine is rebooted. A static entry hard-wires a specific IP address to a specific MAC address so that when a packet needs to be sent to that IP address, it  is sent automatically to that MAC address. Here’s the syntax:

arp –s [IP Address] [MAC Address]
Simply replace the [IP Address] and [MAC Address] sections with the appropriate entries, like so:

arp –s   204.153.163.5    00–a0–c0–ab–c3–11


You can now take a look at your new ARP table by using the arp –a command. You should see something like this:

Interface: 204.153.163.3 on Interface 2

Internet Address             Physical Address                Type
204.153.163.2                   00–a0–c9–d4–bc–dc           dynamic
204.153.163.4                   00–a0–c0–aa–b1–45           dynamic
204.153.163.5                  
00–a0–c0–ab–c3–11            static


Finally, if you want to delete entries from the ARP table, you can either wait until the 
dynamic entries time out, or you can use the –d switch with the IP address of the static entry 
you’d like to delete, like so:

arp –d 204.153.163.5

This deletes the entry from the ARP table in memory.


NOTE:
The arp utility doesn’t confirm successful additions or deletions (use arp -a or 
arp -g for that), but it will give you an error message if you use incorrect syntax.


0 comments:

Post a Comment