Network Administration: ARP Command - dummies

Network Administration: ARP Command

Using the arp command allows you to display and modify the Address Resolution Protocol (ARP) cache. An ARP cache is a simple mapping of IP addresses to MAC addresses. Each time a computer’s TCP/IP stack uses ARP to determine the Media Access Control (MAC) address for an IP address, it records the mapping in the ARP cache so that future ARP lookups go faster.

If you use the arp command without any parameters, you get a list of the command’s parameters. To display the ARP cache entry for a specific IP address, use an -a switch followed by the IP address. For example:

C:>arp -a 192.168.168.22
Interface: 192.168.168.21 --- 0x10004
  Internet Address      Physical Address      Type
  192.168.168.22        00-60-08-39-e5-a1     dynamic
C:>

You can display the complete ARP cache by using -a without specifying an IP address, like this:

C:>arp -a
Interface: 192.168.168.21 --- 0x10004
  Internet Address      Physical Address      Type
  192.168.168.9         00-02-e3-16-e4-5d     dynamic
  192.168.168.10        00-50-04-17-66-90     dynamic
  192.168.168.22        00-60-08-39-e5-a1     dynamic
  192.168.168.254       00-40-10-18-42-49     dynamic
C:>

ARP is sometimes useful when diagnosing duplicate IP assignment problems. For example, suppose you can’t access a computer that has an IP address of 192.168.168.100. You try to ping the computer, expecting the ping to fail; but lo and behold, the ping succeeds. One possible cause for this may be that two computers on the network have been assigned the address 192.168.168.100, and your ARP cache is pointing to the wrong one.

The way to find out is to go to the 192.168.168.100 computer that you want to access, run ipconfig /all, and make a note of the physical address. Then return to the computer that’s having trouble reaching the 192.168.168.100 computer, run arp -a, and compare the physical address with the one you noted.

If they’re different, that two computers are assigned the same IP address. You can then check the Dynamic Host Configuration Protocol (DHCP) or static TCP/IP configuration of the computers involved to find out why.