ARP or arp stands for something called Address Resolution Protocol. It is a protocol that connects an existing internet protocol address to a fixed physical machine address. The likes of machine addresses include the MAC address in LAN. Read and learn how you can use the arp command on Linux.
When a new computer joins a local area network, it receives a unique IP address used for identification and communication in that network. This IP is stored in the arp
cache, which is later used to find the MAC address of a device. Linux OS, in general, has an arp command that can play or manipulate the arp cache.
Installing arp on Linux
ARP is a part of the net-tools package on Linux OS. The arp commands, as already mentioned, manipulate the system’s ARP cache. This further allows a complete dump of the ARP cache.
Run the following command to install the arp
package:
$ sudo apt-get update
$ sudo apt-get install net-tools
ARP package is available by default in many Linuxes. If your system doesn’t have one, install it using the above command.
Once arp
is available, you can use it through the command-line interface to perform several actions.
Using the arp Command
Before you learn how to use the arp command on Linux, it is crucial to know the basic syntax. Speaking of syntax, it looks something like this:
$ arp [-v] [-i if] [-H type] -a[host_name]
Remember, you can always use the arp command without any other options. What it will do is list the current contents of the ARP cache.
Here, you can notice the following columns: Address, HWtype, HWaddress, Flags, Maks, and Iface.
- In our system, the corresponding address is
_gateway
. However, you may find IPV4 addresses listed, example: 192.168.9.10. - The
HWtype
is specified as the ether, which is for Ethernet, and the Headdress is the MAC address, basically the physical address. - The
Flags
column points to when and if the address has been learned or manually set by the user. It does the same when published or is incomplete. - The
Iface
column is simply the name of the interface.
Vital Flags and Options for the arp Command
Here is how the list of flags or options with the arp command transpires:
-v
or--verbose:
To display the information in detail i.e verbosely.-n
or--numeric
: To show numerical addresses.-H type or --hw-Type
type: To set or read the ARP cache. These optional parameters instruct the arp to check a specific class of entries. The default value is ether but can have either ARCnet, PROnet, AX.25 or NETROM.-a {hostname}, --all {hostname
}: Usually used to display entries of given host. If nohostname
parameter is given, then all entries will be displayed.-d {hostname} or --delete {hostname}
: To remove an entry for the specified host. This command may ask for sudo privilege.-D or --use-device:
The given argument is used to display and setproxy
.-e
: Used to display the entries in the default style.
-s {hostname} {hw_addr}, --set {hostname}
: Used to manually create an ARP address mapping entry for a given host name. The physical address is set tohw_address
. For the Ethernet , 6 bytes in hexadecimal code separated by colon Example: ac:4b:5f:3e:rr:t5
When adding proxy arp entries for the given host, a netmask
can be specified to proxy arp for the whole subnet. This is usually not a good practice. If the temp
option is not supplied, the entries will be permanently stored in the ARP
cache.
-f {filename}, --file {filename}
: It is similar to the-s
option, but the address info is taken from the file name given. The data file name is often/etc/ethers
, but this is not always the case. By default, the directory is/etc/ethers
if no file name is specified.
The format for the file is simple because it only contains an ASCII text line with a hostname and a hardware address. Remember, these are serrated by whitespace
.
Using the arp Commands on Linux with Examples
Now that you know how to install arp on Linux, it is time to uncover the usage parameters. To help you understand everything seamlessly, we’ve crafted the most digestible guide. Walk through, and you’ll learn how to use the arp command on Linux.
Display Entries for a Specific Interface
This command is used to see all the arp
entries for a particular interface. Yes, something like this
$ arp -i bondx
Display Entries for a Specific Address
This command is used for all the arp
entries corresponding to a particular address.
Example Input:
$ arp -a 192.168.1.20
Output:
? (192.168.1.20) at 95:fg:ac:ed:e4:e3 [ether] on enp0s3
Find Detailed info About the Device and its Entries
Here we use the -v
flag or option to get detailed information about the device and its respective entries.
Example Input:
$ arp -v
Output:
Adding a Brand New Entry
This command adds an entry (permanently) to the cache. It uses the -s
option with IP address, MAC address, and interface.
Example:
Removing an Entry
To remove entries from the arp cache, you can use the -d
flag. It requires additional parameters like IP address. You’ll require sudo privileges to use this command.
Example:
$ sudo arp -d 192.168.1.20
With that, we’re done talking about the arp
command on Linux and how to use it. In case you’ve dedicated your time to reading this piece, you already know all the crucial information. Let us know if you need help with anything.
If this guide helped you, please share it.