How to Use arp Command on Linux

ARP or arp stands for something called Address Resolution Protocol. It is a protocol that connects an existing internet protocol address to a fixed physical machine address. The likes of machine addresses include the MAC address in LAN. Read and learn how you can use the arp command on Linux.

When a new computer joins a local area network, it receives a unique IP address used for identification and communication in that network. This IP is stored in the arp cache, which is later used to find the MAC address of a device. Linux OS, in general, has an arp command that can play or manipulate the arp cache.

Installing arp on Linux

ARP is a part of the net-tools package on Linux OS. The arp commands, as already mentioned, manipulate the system’s ARP cache. This further allows a complete dump of the ARP cache.

Run the following command to install the arp package:

$ sudo apt-get update
$ sudo apt-get install net-tools

ARP package is available by default in many Linuxes. If your system doesn’t have one, install it using the above command.

Once arp is available, you can use it through the command-line interface to perform several actions.

Using the arp Command

Before you learn how to use the arp command on Linux, it is crucial to know the basic syntax. Speaking of syntax, it looks something like this:

$ arp [-v] [-i if] [-H type] -a[host_name]

Remember, you can always use the arp command without any other options. What it will do is list the current contents of the ARP cache.

use the arp command on Linux

Here, you can notice the following columns: Address, HWtype, HWaddress, Flags, Maks, and Iface. 

  • In our system, the corresponding address is _gateway. However, you may find IPV4 addresses listed, example: 
  • The HWtype is specified as the ether, which is for Ethernet, and the Headdress is the MAC address, basically the physical address. 
  • The Flags column points to when and if the address has been learned or manually set by the user. It does the same when published or is incomplete. 
  • The Iface column is simply the name of the interface.

Vital Flags and Options for the arp Command

Here is how the list of flags or options with the arp command transpires:

  • -v or --verbose: To display the information in detail i.e verbosely.
  • -n or --numeric: To show numerical addresses.
  • -H type or  --hw-Type type: To set or read the ARP cache. These optional parameters instruct the arp to check a specific class of entries. The default value is ether but can have either ARCnet, PROnet, AX.25 or NETROM.
  • -a {hostname}, --all {hostname}: Usually used to display entries of given host. If no hostname parameter is given, then all entries will be displayed.
  • -d {hostname} or --delete {hostname}: To remove an entry for the specified host. This command may ask for sudo privilege.
  • -D or --use-device: The given argument is used to display and setproxy.
  • -e: Used to display the entries in the default style.
  • -s {hostname} {hw_addr}, --set {hostname}: Used to manually create an ARP address mapping entry for a given host name. The physical address is set to hw_address. For the Ethernet ,  6 bytes in hexadecimal code separated by colon Example: ac:4b:5f:3e:rr:t5 
arp command options

When adding proxy arp entries for the given host, a netmask can be specified to proxy arp for the whole subnet. This is usually not a good practice. If the temp option is not supplied, the entries will be permanently stored in the ARP cache.

  • -f {filename}, --file {filename}: It is similar to the -s option, but the address info is taken from the file name given. The data file name is often /etc/ethers, but this is not always the case. By default, the directory is /etc/ethers if no file name is specified. 

The format for the file is simple because it only contains an ASCII text line with a hostname and a hardware address. Remember, these are serrated by whitespace.

Using the arp Commands on Linux with Examples

Now that you know how to install arp on Linux, it is time to uncover the usage parameters. To help you understand everything seamlessly, we’ve crafted the most digestible guide. Walk through, and you’ll learn how to use the arp command on Linux.

Display Entries for a Specific Interface

This command is used to see all the arp entries for a particular interface. Yes, something like this 

$ arp -i bondx

Display Entries for a Specific Address

This command is used for all the arpentries corresponding to a particular address.

Example Input:

$ arp -a


? ( at 95:fg:ac:ed:e4:e3 [ether] on enp0s3

Find Detailed info About the Device and its Entries

Here we use the -v flag or option to get detailed information about the device and its respective entries.

Example Input:

$ arp -v


use the arp command on Linux

Adding a Brand New Entry

This command adds an entry (permanently) to the cache. It uses the -s option with IP address, MAC address, and interface.


adding new entry

Removing an Entry

To remove entries from the arp cache, you can use the -d flag. It requires additional parameters like IP address. You’ll require sudo privileges to use this command.


$ sudo arp -d

With that, we’re done talking about the arp command on Linux and how to use it. In case you’ve dedicated your time to reading this piece, you already know all the crucial information. Let us know if you need help with anything.

If this guide helped you, please share it.

Leave a Reply
Related Posts