An often overlooked tool, arp is used to view and manipulate the entries in the arp table. See Section 2.1.2, “The ARP cache” for a fuller discussion of the arp table.

The most common uses for arp are to add an address for which to proxy arp, delete an address from the arp table or view the arp table itself.

In the simplest invocation, you simply want to see the current state of the arp table. Invoking arp with no options will provide you exactly the information you need. Typically, you may not trust DNS (or may not wish to wait for the DNS lookups), and you may wish to specify the arp table on a particular interface.

[root@masq-gw]# arp -n -i eth3
Address                  HWtype  HWaddress           Flags Mask Iface
192.168.100.1           ether   00:C0:7B:7D:00:C8   C                     eth3
[root@masq-gw]# arp -n -i eth0
Address                  HWtype  HWaddress           Flags Mask Iface
192.168.100.17          ether   00:80:C8:E8:4B:8E   C                     eth0
[root@masq-gw]# arp -a -n -i eth0
? (192.168.100.17) at 00:80:C8:E8:4B:8E [ether] on eth0
        

The MAC address in the third column is always a six part hexadecimal number. In practice, the MAC address (also known as the hardware address or the Ethernet address) is not normally needed for the majority of troubleshooting problems, however knowing how to retrieve the MAC address can help when tracking down problems in a network ^[41].

The arp command can also force a permament entry into the arp table. Let's look at an unusual networking need. Infrequently, a need arises to split a network into two parts, each part with the same network address and netmask. The router which joins the two networks is connected to both sets of media. See Section 9.3, “Breaking a network in two with proxy ARP” for more detail on when and how to do this.

The command to add arp table entries makes a static entry in the arp table. This is not recommended practice, and is probably only necessary in strange, experimental, hybrid, or pseudo-bridging situations.

[root@masq-gw]# arp -s 192.168.100.17 -i eth3 -D eth3 pub
[root@masq-gw]# arp -n -i eth3
Address                  HWtype  HWaddress           Flags Mask Iface
192.168.100.1           ether   00:C0:7B:7D:00:C8   C                     eth3
192.168.100.17          *       *                   MP                    eth3
        

After inserting an entry into the arp table on eth3, we will now respond for ARP requests on eth3 for the IP 192.168.100.17. If the service-router has a packet bound for 192.168.100.17, it will generate an ARP request to which we will respond with the Ethernet address of our eth3 interface.

Moments after you have added this arp table entry, you realize that you really do not wish service-router and isolde to exchange any IP packets. There is no reason for the isolde to initiate a telnet session with service-router and correspondingly, there are no services on isolde which should be accessible from the router.

Fortunately, it's quite easy to remove the entry.

[root@masq-gw]# arp -i eth3 -d 192.168.100.17
[root@masq-gw]# arp -n -i eth3
Address                  HWtype  HWaddress           Flags Mask Iface
192.168.100.1           ether   00:C0:7B:7D:00:C8   C                     eth3
        

arp is a small utility, but one which can prove extremely handy. One minor annoyance with the arp utility is option handling. Options seem to be handled differently based on order. If in doubt, try specifying the action as the first option.