anavem.
Back to Glossary
A

ARP (Address Resolution Protocol)

A protocol that maps IP addresses to MAC addresses on a local network, enabling devices to discover the hardware address of a destination.

What is ARP?

Address Resolution Protocol (ARP) is used to discover the link layer address (MAC address) associated with a given network layer address (IP address). ARP is essential for communication on Ethernet and similar local networks.

How ARP Works

When a device needs to send data to an IP address on the local network:

  1. It broadcasts an ARP request asking "Who has this IP?"
  2. The device with that IP responds with its MAC address
  3. The sender caches this mapping for future use
  4. Data can now be sent directly to the MAC address

ARP Cache

Devices maintain an ARP cache (or ARP table) storing recent IP-to-MAC mappings. Entries expire after a timeout to handle address changes.

Security Concerns

ARP lacks authentication, making it vulnerable to:

  • ARP Spoofing: Attacker sends fake ARP responses
  • ARP Poisoning: Corrupting devices' ARP caches
  • Man-in-the-Middle Attacks: Intercepting traffic via ARP manipulation

Mitigation includes Dynamic ARP Inspection (DAI) and static ARP entries for critical systems.