Enhance your Career in Networking With IPinBits!!!​

ARP Types

In the Last post (ARP and its Header in detail) We discussed the ARP Header in great detail. However knowing the ARP header only is not enough. In fact there are couple of types of ARP implementations which are used in real world and are great topic for interview. Lets have a look at all the ARP Types :-

  • ARP PROBE/ANNOUNCEMENT – Both the ARP Probes and the ARP Announcements are sent as Broadcast frames– using the destination MAC address of ffff.ffff.ffff in the Ethernet header
    • It is sent with the Opcode field set to 1, indicating an ARP Request. 
    • The Sender MAC address is set to the initiator’s MAC address. The Sender IP address is set to 0.0.0.0.
    • The Target MAC address is set to 0000.0000.0000, and the Target IP Address is set to the IP address being probed.
    • Notice there is no complete mapping provided in the packet. The Sender IP is set to all zeros, which means it cannot map to the Sender MAC address. The Target MAC address is all zeros, which means it cannot map to the Target IP address.
  • G-ARP (Gratuitous ARP) – This type of ARP implementation is used for detecting IP DUPLICATION. Yes, you read it right – G-ARP for IP duplication. A GARP is an ARP broadcast in which the source (SPA) and destination (TPA) IP addresses are the same. It is used primarily by a host to inform the network about its IP address. G-ARP is often used in VRRP/HSRP/DHCP implementation.
      • Both source and destination IP in the packet are the IP of the host issuing the gratuitous ARP
      • The destination MAC address is the broadcast MAC address (ff:ff:ff:ff:ff:ff)This means the packet will be flooded to all ports on a switch
      • No reply is expected
        NOTE:- whenever a new IP/secondary IP is configured or IP interface goes from down to up – THREE G-ARP are sent. One GARP packet is always sent for each virtual address of a VRRP interface.
  • I-ARP (Inverse ARP) – As the name suggest, its is inverse ARP i.e. it is used to get the IP address for the specific MAC or in other words Inverse ARP uses MAC to find the IP address. It is mostly used in ATM circuits. In ATM circuits it is used to find IP address from L2 address ( DLCI in Frame Relay) and dynamically maps the LOCAL DLCI to remote IP ADDRESS.
  • R-ARP (Reverse ARP) – Reverse ARP is now obsolete and is replaced by BOOTP and DHCP protocols. It was used to fetch IP address from a GW router or we can say it was used to request a IP address for a system. RARP had client server architecture and now a days is not used. It has Sender’s MAC address in SHA and THA (Sender/Target HW address field of ARP header)
  • Proxy ARP- Proxy ARP is most used flavor of ARP implementation. Every router use the proxy ARP while sending a packet. As the name suggest, here ARP reply is given by Proxy user (in most cases its GW router, in some cases it is attacker). When a ARP probe is generated for a IP which is outside of LAN network, router which is the GW for that network will reply that ARP Probe using its OWN MAC address by use of PROXY ARP (same concept as we used in college classes for attendance – using proxy). Please refer below diagram for detailed flow of proxy arp :-

    NOTE – If we disable the PROXY ARP, router can not resolve the MAC for IPs and packets will be dropped.

 

Related blog posts