How ARP Works

ARP stands for Address Resolution protocol. It is used to get the Mac address of the required device using the corresponding IP address. In order for a device to communicate with another device it has know both the IP address and the MAC address.

Usually, the IP address is know and is passed down from the upper layers. In order for the data to be sent of out the port/NIC we need MAC address of the destination host ( if both the device are in same LAN segment) or MAC address the next hop device( if both the device are in different LAN segment.

All L3 Network devices maintain something called “ARP CACHE” table. This maintains the Mac address to the IP address mapping. Before the L2 header is constructed, the device checks the ARP cache table whether the mac address for interested IP address is already present.

  1. If present, then the device can construct the frame header and feed in the mac address which it got from arp table into the “destination MAC address field ” of the frame and send the frame out.
  2. If not present, then device has to resolve the mac address for the destination device before it can construct the frame. This is were the ARP protocol comes into play.

Note: If the ARP resolution fails ( Meaning the MAC address mapping for the required IP address is not found), then the actual data can never be sent out of the device. it will be dropped by the L2 layer of the device itself.

Arp process:

Device sends a L2 broadcast frame with destination MAC “FF:FF:FF:FF:FF:FF” in the frame header to all the device in the segment to find the mac address of required IP address. The device which owns the specific IP address reply the MAC address with an ARP Reply.

For example – Consider below scenario:

Device A with IP address 10.1.1.1 and MAC address 00:AA:00:00:00:00 wants to communicate with Device B with IP address 10.1.1.2 and mac address 00:BB:00:00:00:00

Assume “Device A” does not know the mac address of “Device B”. Hence it has to send of a ARP request to find the mac address.

Below is the ARP request process between “Device A” and “Device B”

Arp request sent by Device A:

In the above packet capture:
In the Frame header


Source MAC is “Device A” mac address
Destination mac address is broadcast address
Ether type field is 0x0806 ( denoting the next Header is ARP Header)

In the ARP Header

Opcode field is “1” denoting its a ARP Request
Sender mac address is “Device A” mac address
Sender IP address is “Device A” IP address
Target Mac address field is all “Zeros”
Target IP address is “Device B” IP address

ARP Reply sent by Device B:

In the above packet capture:
In the Frame header


Source MAC is “Device B” mac address
Destination mac address is “Device A” Mac address
Ether type field is 0x0806 ( denoting the next Header is ARP Header)

In the ARP Header

Opcode field is “2” denoting its a ARP Reply
Sender mac address is “Device B” mac address
Sender IP address is “Device B” IP address
Target Mac address field is “Device A” mac address
Target IP address is “Device A” IP address

As you can see, The ARP request is a L2 broadcast frame and Arp reply is Unicast frame.

Since the ARP request is a L2 broadcast frame, all the devices in the LAN segment gets the ARP request. And since its sent to L2 broadcast address as destination, all the device in the LAN Segments ends up processing the L2 header and looks into the next ARP header. All the devices looks at the “Target IP address” field of the ARP header and only the matching device will process it. (In this case – Device B with IP address “10.1.1.2” ) All other devices which does not match the IP address simply discards the frame.

Once the ARP reply is received by Device A, it updates the ARP cache and constructs the actual Data packet and sends it out to Device B.

How to enable/disable Proxy ARP/ND in Linux/centOS server or on a router running Networking OS based on Linux kernel

Proxy arp can be enabled per interface or on all the interface on a linux based system.

To verify proxy arp is enabled or not use below command

In above output “0” means its disabled and “1” means its enabled.

To enable the proxy arp now using below command.

We can enable or disable proxy arp for all the interface by setting “0” or “1” to below file.

If you are working on a router/switch Networking OS which is based on linux kernal you can also change the proxy arp and other setting in the linux prompt.(If you have the access to enter linux prompt)

Apart from proxy ARP settings we can also change other parameters mentioned in below output.

Same can be done for ipv6 “Proxy ND” and other protocols mentioned below:

We need to edit the file “1” or “0” as required.

How to Visualize Networking

For those people who are new to Networking. To get the foundation right, we need to visualize how everything works in networking world and understand the logic behind it.

Each and every networking protocol was designed to achieve a particular goal and it’s a outcome of great minds working together to derive a flawless working model. So don’t underestimate it. If we try to understand “why” a networking protocol was designed in a specific way, we would be able to understand pros and cons of it easily.

To make it simple, consider all the networking equipment are dump electronic devices just programmed to do some action( to set the expectation right).

Some of basic things i would say to my juniors when they start learning about networking are:

  1. Get the basics right. It’s like stacking playing cards on top of each other like a pyramid, if the base is not strong what ever you put on top of it will eventually collapse.
  2. Don’t assume anything, Networking devices such as routers/switches are not as intelligent as you think. (For e.g. Consider a PC is connected to a switch, PC does not have the intelligence to know to what device it is connected to, they just forward the data out blindly. In fact PC does not even care to what device they are connected to. Everyone is on their own in this networking world.
  3. Every field in the data was developed to solve a specific purpose. The developers did not simply create the data format or add a new field/rules, each field have a specific purpose to solve. Understand why each fields are present in L2 to L7 data header and thus it gives you a sense on why the protocol was designed in such a way.
  4. One has to understand how the data is processed when it’s received by the networking devices. what is the use of IEEE standards or what is the use of deriving a standard data format. And so what happens when the receiving device does not know the data format used by the sending device?.
  5. Understand the purpose of the networking protocol origin, why it was developed. Think like a developer or a designer, how would you write a code for the protocol if you were going to solve/cover a specific use case.
  6. And finally visualize the basic networking protocol or network communication which happens between the network devices and then try to add more complex networking protocol on top of it. It’s easy to connect the dots if you visualize properly.

If you are able to visualize how the networking device are communicating with each other, you will be able to understand how to incorporate the new complex networking protocol which runs on top of it and how the network infrastructure is built.