arp - Unix, Linux Command


Advertisements

Previous Page
Next Page  
 

NAME

arp - Address Resolution Protocol. arp command is used to find the address of a network neighbor for a given IPv4 address.

SYNOPSIS

DESCRIPTION

arp manipulates or displays the kernel's IPv4network neighbour cache. It can add entries to the table, delete one, or display the current content. arp is used to find the media access control address of a network neighbour for a given IPv4 address.

Options

Tag Description
-v, --verbose Tell the user what is going on by the verbose
-n, --numeric shows numerical addresses instead of trying to determine symbolic host, port or user names.
-H type, --hw-Type type When setting or reading the ARP cache, this optional parameter tells arp which class of entries it should check for. The default value of this parameter is ether (i.e. hardware code 0x01 for IEEE 802.3 10Mbps Ethernet). Other values might include network technologies such as ARCnet (arcnet) , PROnet (pronet), AX.25 (ax25) and NET/ROM (netrom).
-a [hostname] Use alternate BSD-style output format (with no fixed columns).
-D, --use-device Instead of a hw_addr, the given argument is the name of an interface. arp will use the MAC address of that interface for the table entry. This is usually the best option to set up a proxy ARP entry to yourself.
-i If, --device If Select an interface. When dumping the ARP cache only entries matching the specified interface will be printed. When setting a permanent or temp ARP entry this interface will be associated with the entry; if this option is not used, the kernel will guess based on the routing table. For pub entries the specified interface is the interface on which ARP requests will be answered.
  • NOTE: This has to be different from the interface to which the IP datagrams will be routed.
-f filename, --file filename Similar to the -s option, only this time the address info is taken from file filename.This can be used if ARP entries for a lot of hosts have to be set up.The name of the data file is very often /etc/ethers, but tis not official. If no filename is specified /etc/ethers is used as default.
  • In all places where a hostname is expected, one can also enter an IP address in dotted-decimal notation

EXAMPLES

Example-1:

# arp

output:
Address             HWtype   HWaddress               Flags Mask    Iface
192.168.0.103    ether     48:e2:44:d5:7a:97     C                  eth0
192.168.0.1        ether     c8:3a:35:49:77:48     C                  eth0

Example-2:

To  delete a ARP table entry. Root privilege is required to do this.

# sudo arp -d 192.168.0.1

output: 

Address            HWtype         HWaddress                Flags Mask           Iface
192.168.0.103   ether            48:e2:44:d5:7a:97        C                        eth0
192.168.0.1                           (incomplete)                                          eth0
(In this case the arp entry is deleted which was avaiable in the earlier section, and is shown as incomplete)

Example-3:

Answer ARP request  on eth0 with the MAC address for eth1

#arp -i eth0 -Ds 192.168.0.104 eth1 pub

In this case 192.168.0.104 is the ip address associated with eth0 and we are configuring it to answer ARP request  on eth0 with the MAC address for eth1.

 

Example-4:

By default the arp command will show the hostname of the items within the ARP cache but you can force it to display IP addresses using the following switch:

#arp -n

output:
Address             HWtype   HWaddress               Flags Mask    Iface
192.168.0.103    ether     48:e2:44:d5:7a:97     C                  eth0
192.168.0.1        ether     c8:3a:35:49:77:48     C                eth0

Example-5:

Alternatively you might wish to use the following switch which will display the output in a different way:

#arp -a
Output:
? (192.168.0.103) at 48:e2:44:d5:7a:97 [ether] on eth0
? (192.168.0.1) at c8:3a:35:49:77:48 [ether] on eth0

Example-6:

The ARP cache doesn't hold on to its data for very long but if you are having issues connecting to a specific computer and you suspect it is because the address data held is incorrect you can delete an entry from the cache in the following way.

First run the arp command to get the HW address of the entry you wish to remove.

 Now run the following command to remove HWADDR:

#arp -d HWADDR

(Replace HWADDR with the HW Address for the entry you wish to remove.)

Previous Page
Next Page