Address resolution
protocol (arp) , arp is a protocol used to map IP network address to the
hardware address. The term address resolution actually means to a process of
finding the address of a computer in a network. So consider when we run a ping
command on a remote machine, the ARP request message like “who is X.X.X.X tell Y.Y.Y.Y”
is sent using the Ethernet broadcast address. The remote machine with the IP
address responds to the message by sending back a ARP response like “X.X.X.X is
hh:hh:hh:hh:hh:hh” and sends to the requesting machine.
The response obtained
is stored in a file /proc/net/arp for a shorter period to avoid the need to continuously
re-establish the mapping between the Hardware Ethernet address and the actual
IP address.
A broadcast address
is an IP address that is used to target all systems on a specific subnet
network instead of single hosts. This can be calculated, if the IP address
is 192.168.12.220 and subnet mask as 255.255.255.128 then broadcast address can
be deduced in following manner.
IP
Address: 11000000.10101000.00001100.11011100
Reverse
Mask: 00000000.00000000.00000000.01111111
Bitwise OR
----------------------------------------------------------
Broadcast Address: 11000000.10101000.00001100.11111111
Ethernet address or
also called as MAC (Media access address) like 802.11a/b/g wireless or the more traditional CAT5/CAT6
wired networks .every Ethernet device has a unique six-byte ID in it.
- Ethernet address, also called MAC address, is a 48-bit number used to uniquely identify each computer in a network. The address is usually written in hexadecimal form. An IP address is the identifier for a computer or device on a TCP/IP network. In computer networking a Media Access Control address (MAC address) serves as an identifier for a particular network adapter. Thus network cards in two different computers will have different MAC
- Mac addresses are not the same. MAC (Media
access control) address is a unique id of a network interface. The most
commonly used network interface is Ethernet and hence called as Ethernet
address.
Find Your system
MAC address
[root@vx111a ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 78:AC:C0:B1:7B:BD
inet addr:172.16.101.68 Bcast:172.16.255.255 Mask:255.255.254.0
inet6 addr: fe80::7aac:c0ff:feb1:7bbd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3090 errors:0 dropped:0 overruns:0 frame:0
TX packets:165 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:339816 (331.8 KiB) TX bytes:16361 (15.9 KiB)
Interrupt:20 Memory:fe500000-fe520000
The arp command in linux allows to examine the mapping. When we execute the command arp , we see
[root@vx111a ~]# arp -n
Address HWtype HWaddress Flags Mask Iface
172.16.100.254 ether 02:17:c5:98:7c:f0 C eth0
This tells that the
hardware address mapped to the IP address 172.16.100.254 is 02:17:c5:98:7c:f0.
As we said earlier that arp mapping are saving for a short period and hence we
see only 1 mapping here. Consider if you ping a IP address like,
[root@vx111a ~]# ping -c 1 172.16.100.212
PING 172.16.100.212 (172.16.100.212) 56(84) bytes of data.
64 bytes from 172.16.100.212: icmp_seq=1 ttl=128 time=1.91 ms
--- 172.16.100.212 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 1ms
rtt min/avg/max/mdev = 1.919/1.919/1.919/0.000 ms
And now when we run
arp command again, we see
[root@vx111a ~]# arp -n
Address HWtype HWaddress Flags Mask Iface
172.16.100.212 ether 40:61:86:f0:b1:9f C eth0
172.16.100.254 ether 02:17:c5:98:7c:f0 C eth0
The arp search are saved
for a shorter period.By caching an ARP record for a short time, a new request should not be
necessary during most client/server application sessions. Consider if we do a
ping for google.com,
[root@vx111a ~]# ping -c 1 google.com
PING google.com (74.125.236.161) 56(84) bytes of data.
64 bytes from maa03s16-in-f1.1e100.net (74.125.236.161): icmp_seq=1 ttl=57 time=24.9 ms
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 94ms
rtt min/avg/max/mdev = 24.975/24.975/24.975/0.000 ms
PING google.com (74.125.236.161) 56(84) bytes of data.
64 bytes from maa03s16-in-f1.1e100.net (74.125.236.161): icmp_seq=1 ttl=57 time=24.9 ms
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 94ms
rtt min/avg/max/mdev = 24.975/24.975/24.975/0.000 ms
And check arp
command again, we don’t see any listing for google.com
[root@vx111a ~]# arp -n
Address HWtype HWaddress Flags Mask Iface
172.16.100.212 ether 40:61:86:f0:b1:9f C eth0
172.16.100.254 ether 02:17:c5:98:7c:f0 C eth0
Because even though
google.com is reachable but it is configured on a different network and hence
the mappings are not added to the arp table in the local network.
More to Come , Happy learning
No comments:
Post a Comment