If you thought classes in which you had to switch from English to a foreign language were difficult, wait until you hear how complex networks and computers really are when it comes to exchanging information. 

Sometimes, using only IP addresses to communicate across the Internet is simply not enough. Every application sending data across the web works with a physical device, so these two must also talk to each other. But what do you do when they speak different languages and need a translator? For this, a certain protocol comes into play. 

ARP is short for Address Resolution Protocol. It is a communication protocol that maps an IP address to a MAC (physical address). In theory, that’s pretty much it, but suffice to say this won’t be enough to understand what’s happening behind the scenes if we do not give some proper context. In this article, we will examine the features of ARP and how it works in close conjunction with other important networking elements.

What are MAC addresses?

Apps and software connected to the internet will communicate with each other via IP addresses. This leaves us with the question, ‘how do machines communicate with each other?’ 

Well, they use something called a physical address, also known as a MAC (Media Access Control) address. Naturally, software and machines do need to communicate with each other and exchange information, so it’s important to associate the IP address with its corresponding MAC address.

However, IP and MAC addresses are not compatible with each other by default, so they need a protocol that helps “translate” these addresses in order to facilitate information exchange. And this is where ARP comes into play.

What is ARP?

Address Resolution Protocol (ARP) helps the communication of the devices connected to the network. It basically translates the software address (IP address) to the physical address (MAC address) of the host connected to the network.

ARP is necessary for translation because IPv4 addresses are 32-bit, whereas MAC addresses are 48-bit. Without ARP, software and devices would not be able to send data to each other.

ARP is part of the Open System Interconnection (OSI) model, more specifically being the link layer protocol in this model. ‘Oh, what’s OSI?’ you might wonder. In essence, OSI is a reference model designed to help you understand how applications communicate over a network. 

OSI was created to offer a visual representation of how each communication layer (think of it as a part of something more complex) is built on top of the other with the goal of ‘giving life’ to the whole system: starting with the physical elements and then going layer by layer all the way to the application that’s trying to communicate with other devices on a network. Here are the seven layers in the OSI model in their respective stack-like order:

In this system, MAC addresses are a sublayer within the DATA LINK layer. The data link layer is responsible for maintaining the connection between two physically connected devices and allows them to transfer data between each other. 

On the other hand, IP addresses belong to the network layer, which forwards data with the help of different routers. It is important to understand that IP addresses do not have the final word when it comes to what destination the data has. That’s because on the same network, an IP address needs to map the MAC address of another computer. 

So here comes ARP. Without it, a host would not be able to figure out the hardware address (the MAC address) of another host.

How does it work?

The entire process can be broken down into two parts. It all starts when a source device wants to send an IPv4 packet to another device. First, the ARP program will try to find a MAC address that matches the IP address. This is done through something called ARP cache table, which contains a record of each IP address and its corresponding MAC address, meaning a list of already translated addresses.

If the verification process does not find an already existing translation, then the source server will form an ARP message to request the network address and send it over the Local Area Network (LAN). This is the second part of the entire lookup process, and the part in which the ARP request is performed. 

The ARP protocol sends a request packet to all the machines on the LAN and asks if any of the machines are using that particular IP address. When a machine recognizes the IP address as its own, it will send back an ARP message. In doing so, the cache table is updated with the new information and the two devices can then communicate with each other.

‘But what if a host machine does not know its own IP?’ Well, it can make use of the Reverse ARP protocol for discovery. 

As of the ARP cache table, it is important to know that it has a small size. That’s why the cache periodically cleanses itself to free space for new entries, as addresses usually stay in the cache for only a few minutes. Frequent updates enable other devices in the network to see when a physical host changes their requested IP addresses. In the cleaning process, unused entries are deleted along with any failed attempts to communicate with computers that are not currently powered on. 

This is why ARP is so important for this process. The protocol is responsible for translating MAC and IPv4 addresses into a ‘language’ that devices can use to better communicate with each other.

Types of ARP

There are four different types of Address Resolution Protocols. These are proxy, gratuitous, reverse and inverse. Let’s discuss each of these a little more.

1. Proxy ARP 

Such protocol is responsible for handling requests coming from IP addresses that are not part of the local area network. As a result, it is the job of the protocol configured router to respond to request packets that come from a system that’s not part of the host’s network. 

Normally, after what we’ve discussed, you would think the router will provide a MAC address of the target host. That’s not the case here. What the router will do, instead, is present its own MAC address by acting as the gateway, the closest destination the packet can efficiently reach.  That’s the magic of proxy ARPs. They allow packets to be successfully transferred from one subnetwork to another.

2. Gratuitous ARP

This one works as an ARP response that is not generated by an ARP request. What it essentially does is help hosts announce or update their IP-to-MAC associations to the whole network.

3. Reverse ARP

That’s the trick we talked about earlier when you hypothetically wondered about how host machines find out their own IPs. A Reverse Address Resolution Protocol requests IPv4 addresses from the ARP gateway router table.

The device that wants to know its own IP will send an RARP packet with its own MAC address in the address field of both the sender and the receiver hardware. Then, the RARP server installed in the local network will respond to the request.

Afterwards, this server will locate a mapping table entry that specifies what’s the corresponding IP address of that particular MAC address. If there’s a match, the server will send the response packet with the IP address of the requesting device.

4. Inverse ARP (InARP)

As the name implies, it’s the exact opposite of the traditional ARP. The inverse protocol maps IP addresses using the associated hardware (MAC) addresses. This is useful when a device knows the Data Link Connection Identifier (DLCI) of a remote router but does not know its own IP address.

The vulnerability of ARP

Although Address Resolution Protocol is an outstanding translator which helps devices exchange information, it is not entirely safe from cyber attacks, which in turn puts the network at risk. Such attacks are usually called ARP spoofing, also known as cache poisoning or poison routing. This is done by sending fake ARP requests to the computers on a target LAN.

This lets an attacker link their MAC address with the IP address of a device within the specific network. If the spoofing process is successful, the attacker’s system receives data from the victim’s computer.

Obviously enough, this can lead to severe data breaches. What is more, this spoofing can make it easier to launch other types of attacks, such as:

• Denial-of-Service (DoS) attacks – Overwhelming servers, computer systems and networks;
• Man-in-the-Middle (MTM) attacks – Intercepting the information transmitted between two parties and compromising/stealing it;
• Session hijacking – Taking over a user’s web session after stealing their session ID.

To wrap it up…

ARP is every foreign language teacher’s dream translator. It makes it easier for devices both on the same network and different networks to communicate with each other. Without it, software and devices would not be able to send data to each other, especially since the ARP table entries are only temporary.

Address Resolution Protocol is part of the backbone that aids devices and applications communicate into a network. Literally, as it stands between the Layers 2 and 3 of the Open Systems Interconnection model.

Whenever it’s time for MAC and IP addresses to meet up, ARP is there to map them and ensure things are working properly and smoothly. This is thanks to the four different ARP types that take care of different communication situations within or without the network. 

Unfortunately, ARP is still security-sensitive, meaning it almost always risks becoming a target for cyber attacks designed to steal information. Not only that, but a compromised ARP also gives room for even more attack types that can seriously harm devices and networks.