Home Whiteboard Practice Code Graphing Calculator Online Compilers Articles Tools
Tutorials Courses Jobs

ARP Commands

Linux Open Source Operating System

ARP (Address Resolution Protocol) is a networking protocol that maps network addresses, such as IP addresses, to physical MAC addresses. It is a fundamental component of network communication, enabling devices to locate each other on the same network segment. The arp command provides various options for viewing and managing the ARP cache.

How ARP Works

When a device needs to communicate with another device on the same network, it broadcasts an ARP request asking "Who has this IP address?" The target device responds with its MAC address, and this mapping is stored in the ARP cache for future use.

ARP Request/Response Process Host A 192.168.1.10 Host B 192.168.1.20 ARP Request: Who has 192.168.1.20? ARP Reply: I am 192.168.1.20, MAC: AA-BB-CC-DD-EE-FF ARP Cache Entry Created 192.168.1.20 ? AA-BB-CC-DD-EE-FF

Basic ARP Command

The arp command without options displays the current ARP cache 

arp

This shows IP addresses, their corresponding MAC addresses, and entry types (dynamic or static).

Common ARP Command Options

Display All ARP Entries: arp -a

The arp -a command displays all ARP cache entries with detailed information 

arp -a

Interface: 192.168.1.10 --- 0x2
  Internet Address      Physical Address      Type
  192.168.1.1          00-1a-2b-3c-4d-5e     dynamic
  192.168.1.20         aa-bb-cc-dd-ee-ff     dynamic
  192.168.1.255        ff-ff-ff-ff-ff-ff     static

Display Dynamic Entries: arp -g

The arp -g command shows only dynamic ARP entries (learned automatically) 

arp -g

Add Static Entry: arp -s

Add a permanent ARP entry that won't be removed automatically 

arp -s 192.168.1.100 00-11-22-33-44-55

Static entries are useful for devices that don't respond to ARP requests or for security purposes.

Delete ARP Entry: arp -d

Remove a specific entry from the ARP cache 

arp -d 192.168.1.100

To clear all dynamic entries 

arp -d *

ARP Entry Types

Type Description Lifetime
Dynamic Learned automatically through ARP broadcasts 2-20 minutes (varies by OS)
Static Manually added by administrator Permanent until manually removed
Incomplete ARP request sent but no reply received yet Few seconds

Practical Example

Here's a complete workflow for managing ARP entries 

# Display current ARP cache
arp -a

# Add a static entry for a printer
arp -s 192.168.1.50 00-AA-BB-CC-DD-EE

# Verify the entry was added
arp -a | findstr "192.168.1.50"

# Delete the entry when no longer needed
arp -d 192.168.1.50

Common Use Cases

  • Network troubleshooting Verify MAC address mappings and detect ARP poisoning attacks

  • Static device configuration Add permanent entries for critical network devices

  • Security monitoring Check for unauthorized devices on the network

  • Performance optimization Pre-populate ARP cache to reduce broadcast traffic

Conclusion

ARP commands are essential tools for network administration and troubleshooting. Understanding how to view, add, and delete ARP cache entries helps maintain efficient network communication and security. The arp command provides flexible options for managing IP-to-MAC address mappings on your network.

Updated on: 2026-03-17T09:01:38+05:30

22K+ Views

Learn More in Our Tutorials

Kickstart Your Career

Get certified by completing the course

Get Started
Advertisements