arp

The arp command is used to display and modify IP to MAC translation tables

Supplementary instructions

arp command is the Address Resolution Protocol. It is an extremely important network transmission protocol in a network protocol package that finds the data link layer address by parsing the network layer address. This command can display and modify the buffered data in the arp protocol parsing table.

This core protocol module implements the Address Resolution Protocol defined in RFC826 [Annotation: TCP/IP's layer 3 to layer 1 address translation protocol], which is used to exchange layer 2 hardware addresses and IPv4 protocols in directly connected networks. Conversion between addresses. Users generally will not operate this module directly unless they want to configure it.

In fact, it provides services to other protocols in the core.

User processes can use packet(7) sockets to receive ARP packets. Another mechanism is to use netlink(7) sockets, a mechanism to manage the ARP cache in user space. We can also control the ARP table on any PF_INET socket through ioctl (2)

The ARP module maintains a cache of hardware address to protocol address mappings. This cache has a size limit, so infrequently used and old entries will be garbage-collected, and the garbage collector can never delete records marked as permanent. We can directly manipulate the buffer using ioctls, and its behavior can be adjusted using the sysctl defined below.

If there is no positive feedback for an existing mapping within a limited time (see sysctl below), the cache record of the adjacent layer is considered invalid. In order to send data to the target again, ARP will first try to query the local arp process app_solicit times to obtain an updated MAC (Media Access Control) address. If this fails and the old MAC address is known, a unicast probe of ucast_solicit times is sent. If it still fails, a new ARP request will be broadcast to the network, and there will be a queue of data to be sent.

If Linux receives an address request, and the address points to the address forwarded by Linux, and the receiving interface has proxy arp turned on, Linux will automatically add a non-permanent proxy arp record; if there is a route denied to the target, no proxy will be added. arp records.

grammar

arp (options) (parameters)

Options

-a # Host: Display all entries in the arp buffer;
-H # Address type: Specify the address type used by the arp instruction;
-d # Host: Delete the arp entry of the specified host from the arp buffer;
-D # Use the hardware address of the specified interface;
-e # Display entries in the arp buffer in Linux display style;
-i #Interface: Specify the network interface to operate the arp buffer;
-s #Host MAC address: Set the static mapping between the IP address and MAC address of the specified host;
-n # Display entries in arp buffer numerically;
-v # Display detailed arp buffer entries, including buffer entry statistics;
-f # File: Set the static mapping between the host's IP address and MAC address.

Parameters

Host: Query the arp entry in the arp buffer for the specified host.

Example

Display arp buffer contents

[root@localhost ~]# arp -v
Address HWtype HWaddress Flags Mask Iface
192.168.0.134 ether 00:21:5E:C7:4D:88 C eth1
115.238.144.129 ether 38:22:D6:2F:B2:F1 C eth0
Entries: 2 Skipped: 0 Found: 2

Add static arp mapping

arp -s IP MAC-ADDRESS
arp -s 192.168.1.1 00:b1:b2:b3:b4:b5

Delete arp cache entries

arp -d 192.168.1.1