ARP (Address Resolution Protocol) Explained

You have two devices on the same network. You want to share packets directly from one to the other without involving the rest of the internet. How do you do this? There are a few ways, but one of the easiest is ARP.

What Does ARP Mean?

ARP stands for “address resolution protocol,” and it’s an important tool for your devices when they try to communicate. The formal definition goes something like this. ARP is a protocol that connects IP addresses to MAC addresses.

What does that really mean?

In order to sort it all out, we should probably spend a moment describing each of the terms in that definition. So, here’s a crash course on IP addresses, MAC addresses, and protocols.

IP Address

First, an IP address is an internet protocol (there’s that word again) address. This is an address used by internet providers to connect everything across the great wide internet. The easiest way to think about it is that your modem has an IP address, and other devices that aren’t anywhere near your physical location can find and connect with your modem via that IP address.

It actually runs deeper. Any device on a network that connects to the internet has an IP address, and that’s what distinguishes it from every other device on the internet. Needless to say, this concept can run pretty deep, but the simplest explanation is that the IP address is the serial number that allows your device to communicate with other devices across the internet.

MAC Address

A media access control (MAC) address is another address that is important for connections. There are a few distinctions though. An IP address is assigned by the internet providers. A MAC address is assigned to each device when it is manufactured. Your MAC address never changes (unless you replace the networking hardware in your device).

More importantly, your MAC address isn’t used to connect to everything across the internet. Instead, it’s only used to connect devices on a local network. Once everything is on the same switch or router, the devices still need ways to distinguish themselves, and that’s what MAC addresses accomplish.

To recap, IP addresses are for internet connections while MAC addresses are for intranet connections. That’s a bit oversimplified, but it’s good enough to understand ARP.

Protocol

Lastly, let’s talk about what a protocol actually is and does. Basically, a protocol is a set of rules that tells devices what to do or how to behave. There are lots of different protocols. The protocol in your IP address sets the rules for how to define and assign the addresses to various devices.

The protocol in ARP serves a related but different function.

In this case, the protocol is the set of rules that tells ARP how to look up, save, and share IP and MAC addresses. We’ll get to exactly how that all works next, but as far as protocols go, it’s the set of rules that ARP follows in order to function properly.

How Does ARP Work?

That is enough background to get into the nuts and bolts of how ARP works. As you remember from earlier, ARP is trying to connect IP and MAC addresses to help devices communicate.

This comes with some baggage. First of all, IP addresses change pretty often. Unless you specifically use a static IP, the IP address for the device you’re using to read this changes regularly. That means any protocol that is trying to connect changing IP addresses to static MAC addresses has to account for this, and that’s what the ARP cache is all about.

In essence, ARP works by creating a list of IP addresses paired with MAC addresses for devices on a local network. As an example, when you connect to Wi-Fi with your phone, your phone gets an IP address assigned to it. Your phone already has a MAC address, so ARP needs to pair your phone’s current IP address with its MAC address.

To do this, it communicates with devices in the network. In many cases, a router already has to create a table with IP addresses and MAC addresses, so ARP has access to the information it needs. It simply creates a cache using that information.

The interesting thing about ARP is that it actually stores this cache on the operating system of every connected device. This makes the table robust and reliable so that devices in a network can easily connect with each other.

The downside is that this means any device on a public network can find the MAC address of every device on that network. This creates potential security risks.

To mitigate those risks, ARP does two things. It keeps the cache small, and it rolls data over in the cache rapidly. Because of this, no MAC address stays in the ARP cache for more than a few minutes.

This isn’t a perfect defense, but it does mitigate the problem. Someone can’t connect to a public network and use ARP to look up every MAC address that ever connected to that same network. They can only see devices that are currently connected or connected very recently.

How Is It Used?

To solidify this concept, we can look at actual applications of ARP.

Primarily, ARP is only used within a local network. That’s not surprising since it's built around tracking MAC addresses.

Specifically, ARP allows one device on a local network to send packets directly to another device on that same network. Instead of sharing things on the cloud, two devices can talk directly. An example of this would be using your phone to navigate menus on your smart TV. They’re both connected through Wi-Fi, and ARP helps with that connection.

A few other examples could include wireless printing, direct file sharing, or IoT data collection. Keeping in mind that there are other ways to connect intranet devices that don’t use ARP, it’s easily one of the most common protocols for this purpose.

Additional Learning Center Resources