arp
Address Resolution Protocol display and control
Displays or updates the mapping of IP addresses and Ethernet addresses.
-a
| all arp -a
? (169.254.77.120) at (incomplete) on en1 [ethernet] dynamically asigned
rtr.germans (192.168.1.1) at 0:18:1:8f:23:ed on en1 ifscope [ethernet]
? (192.168.1.2) at 0:1b:21:a4:32:bd on en1 ifscope [ethernet]
dgermans-ipad.germans (192.168.1.7) at 18:20:32:9f:54:75 on en1 ifscope [ethernet]
? (192.168.1.100) at 0:1b:dd:28:fc:4d on en1 ifscope [ethernet]
? (192.168.1.101) at 0:1f:c4:ef:5d:f1 on en1 ifscope [ethernet]
The DNS server is queried to display hostnames.
If response is slow it may be the DNS server is the problem.
|
host | displays the Internet-to-Ethernet address for host only
arp rtr
rtr.germans (192.168.1.1) at 0:18:1:8f:23:ed on en1 ifscope [ethernet]
The host may be specified by name or by number, using Internet dot notation.
|
-n | no names! No queries to DNS server (much faster)
|
-llink-layer reachability (no IP address unless -n fast)
arp -al
Neighbor Linklayer Address Expire(O) Expire(I) Netif Refs Prbs
rtr.germans 0:7f:28:cc:a9:f1 10s 10s en1 1
slammerfox.germans 0:1e:2a:d0:5:1a expired expired en1 1
192.168.1.255 ff:ff:ff:ff:ff:ff (none) (none) en1
| -x
extended link-layer reachability(no IP address unless -n
arp -ax
Neighbor Linklayer Address Expire(O) Expire(I) Netif Refs Prbs RSSI LQM NPM
rtr.germans 0:7f:28:cc:a9:f1 54s 54s en0 1 none unknown unknown unknown
denniss-ipad.gmans (incomplete) 1m39s expired en0 1 6 unknown unknown unknown
marilynssiphone.gmans (incomplete) 1m55s expired en0 1 5 unknown unknown unknown
kitchen.gmans e0:69:95:7:7e:be 1m14s 1m44s en0 1 none unknown unknown unknown
ip-stb1 0:1f:c4:ef:5d:f1 expired 2m23s en0 1 none unknown unknown unknown
| -d [host] [ifscope enn]
-d -a | delete host 's entry
its PUB lished entry
its entry for enn
or
Delete a ll entries
Not bad as entries created dynamically will be recreated as needed
from the DNS server with a new expire.
/usr/sbin/arp -ax
Neighbor Linklayer Address Expire(O) Expire(I) Netif Refs Prbs RSSI LQM NPM
…
danger 0:1e:2a:d0:5:1a 1m55s 1m55s en0 1
…
/Volumes/DATA/dgerman > sudo arp -d danger
/usr/sbin/arp -d danger
danger (192.168.1.55) deleted
/Volumes/DATA/dgerman > arp -ax
/usr/sbin/arp -ax
Neighbor Linklayer Address Expire(O) Expire(I) Netif Refs Prbs RSSI LQM NPM
not present
/Volumes/DATA/dgerman > ping danger
/sbin/ping -i .1 -A -W 1 -c 5 danger| sed s/PING ...
danger.mynetworksettings.com (192.168.1.55): 56 data bytes
Request timeout for icmp_seq 0
5 packets transmitted, 4 packets received, 20.0% packet loss, 4 packets out of wait time
round-trip min/avg/max/stddev = 3/26/93/38 ms
/Volumes/DATA/dgerman > arp -ax
/usr/sbin/arp -ax
Neighbor Linklayer Address Expire(O) Expire(I) Netif Refs Prbs RSSI LQM NPM
danger 0:1e:2a:d0:5:1a 2m11s 2m11s en0 1
Manually added entries are discarded.
| -s host [auto| Eaddr]
[ifscope enn]]
[temp]
[pub]
[pub only ]
[reject|blackhole]]
-S
|
set an entry
| auto | Eaddr MAC_addr: six hex bytes separated by colons(ex 00:0A:97:01:FC:12 ).
| pub | the entry will be "pub lished"; i.e., this system will act as an
arp server, responding to ARP requests for host even though the host address is not its own.
| pub only | published (proxy only)
| reject | traffic to host will be discarded and the unreachable error returned
| blackhole | host will be flagged as unavailable and NO error returned
| |
delete existing entry first
| -f file | file to be read and multiple entries to be set.
Entries of the form:
host MAC_addr [temp] [pub]
| -i exxxInterface exx is the only one included in the display
| | | |
See also
inet(3), ifconfig
When a message for an address not in cache, it is pended.
A request for the address mapping is broadcast.
If a response is provided pended messages are sent.
If no response is recieved the host is considered down.
and EHOSTDOWN
is reported for host, and EHOSTUNREACH
for a router.
Cache in the routing table are dynamically-created host routes.
The route to a directly-attached Ethernet network is a cloning route (RTF_CLONING
), causing routes to
hosts to be created on demand.
Routes time out.
An entry for a host which is not responding is a reject route (RTF_REJECT
).
Manually-added entries may be temp
orary or perm
anent,
and may be pub
lished, in which case THIS system will respond to ARP requests for that target host.
ARP watches passively for hosts impersonating the local host (i.e. a host which responds to an ARP mapping request for
the local host's address).
DIAGNOSTICS
EHOSTUNREACH
router. is nresponsive!
duplicate IP address %x!! sent from ethernet address: %x:%x:%x:%x:%x:%x
.
Another host on the network responds to mapping requests for its IP address with a different Ethernet address,
indicating that two hosts are attempting to use the same IP address.