arp

Address Resolution Protocol display and control

Displays or updates the mapping of IP addresses and Ethernet addresses.

-a

all
arp -a
? (169.254.77.120) at (incomplete) on en1 [ethernet] dynamically asigned
rtr.germans (192.168.1.1) at 0:18:1:8f:23:ed on en1 ifscope [ethernet]
? (192.168.1.2) at 0:1b:21:a4:32:bd on en1 ifscope [ethernet]
dgermans-ipad.germans (192.168.1.7) at 18:20:32:9f:54:75 on en1 ifscope [ethernet]
? (192.168.1.100) at 0:1b:dd:28:fc:4d on en1 ifscope [ethernet]
? (192.168.1.101) at 0:1f:c4:ef:5d:f1 on en1 ifscope [ethernet]
The DNS server is queried to display hostnames.
If response is slow it may be the DNS server is the problem.
host displays the Internet-to-Ethernet address for host only
arp rtr
rtr.germans (192.168.1.1) at 0:18:1:8f:23:ed on en1 ifscope [ethernet] 
The host may be specified by name or by number, using Internet dot notation.
-nno names! No queries to DNS server (much faster)
-llink-layer reachability (no IP address unless -n fast)
arp -al 
Neighbor                Linklayer Address Expire(O) Expire(I)    Netif Refs Prbs
rtr.germans             0:7f:28:cc:a9:f1  10s       10s            en1    1
slammerfox.germans      0:1e:2a:d0:5:1a   expired   expired        en1    1
192.168.1.255           ff:ff:ff:ff:ff:ff (none)    (none)         en1
-x

extended link-layer reachability(no IP address unless -n
arp -ax
Neighbor                Linklayer Address Expire(O) Expire(I)  Netif Refs Prbs RSSI    LQM     NPM
rtr.germans             0:7f:28:cc:a9:f1  54s       54s          en0    1 none unknown unknown unknown
denniss-ipad.gmans      (incomplete)      1m39s     expired      en0    1    6 unknown unknown unknown
marilynssiphone.gmans   (incomplete)      1m55s     expired      en0    1    5 unknown unknown unknown
kitchen.gmans           e0:69:95:7:7e:be  1m14s     1m44s        en0    1 none unknown unknown unknown 
ip-stb1                 0:1f:c4:ef:5d:f1  expired   2m23s        en0    1 none unknown unknown unknown 
-d [host] [ifscope enn]



-d -a
delete host's entry
its PUBlished entry
its entry for enn
or

Delete all entries
Not bad as entries created dynamically will be recreated as needed
from the DNS server with a new expire.

/usr/sbin/arp -ax
Neighbor                Linklayer Address Expire(O) Expire(I)    Netif Refs Prbs RSSI    LQM     NPM    
…
danger                  0:1e:2a:d0:5:1a   1m55s     1m55s          en0    1    
…
/Volumes/DATA/dgerman > sudo arp -d danger
/usr/sbin/arp -d danger
danger (192.168.1.55) deleted
/Volumes/DATA/dgerman > arp -ax
/usr/sbin/arp -ax
Neighbor                Linklayer Address Expire(O) Expire(I)    Netif Refs Prbs RSSI    LQM     NPM    

not present

/Volumes/DATA/dgerman > ping danger
 /sbin/ping -i .1 -A      -W 1                -c 5 danger| sed s/PING ...
danger.mynetworksettings.com (192.168.1.55): 56 data bytes
Request timeout for icmp_seq 0 
5 packets transmitted, 4 packets received, 20.0% packet loss, 4 packets out of wait time
round-trip min/avg/max/stddev = 3/26/93/38 ms
/Volumes/DATA/dgerman > arp -ax
/usr/sbin/arp -ax
Neighbor                Linklayer Address Expire(O) Expire(I)    Netif Refs Prbs RSSI    LQM     NPM    
danger                  0:1e:2a:d0:5:1a   2m11s     2m11s          en0    1    
Manually added entries are discarded.
-s host [auto| Eaddr]
[ifscope enn]]
[temp]
[pub]
[pub only ] [reject|blackhole]]


-S

set an entry
auto | Eaddr MAC_addr: six hex bytes separated by colons(ex 00:0A:97:01:FC:12 ).
pub the entry will be "published"; i.e., this system will act as an arp server, responding to ARP requests for host even though the host address is not its own.
pub only published (proxy only)
reject traffic to host will be discarded and the unreachable error returned
blackhole host will be flagged as unavailable and NO error returned


delete existing entry first

-f file file to be read and multiple entries to be set.
Entries of the form:
host MAC_addr [temp] [pub]

-i exxxInterface exx is the only one included in the display

See also

inet(3), ifconfig

When a message for an address not in cache, it is pended.
A request for the address mapping is broadcast.
If a response is provided pended messages are sent.
If no response is recieved the host is considered down. and EHOSTDOWN is reported for host, and EHOSTUNREACH for a router.

Cache in the routing table are dynamically-created host routes.
The route to a directly-attached Ethernet network is a cloning route (RTF_CLONING ), causing routes to hosts to be created on demand.
Routes time out.
An entry for a host which is not responding is a reject route (RTF_REJECT ).

Manually-added entries may be temporary or permanent,
and may be published, in which case THIS system will respond to ARP requests for that target host.

ARP watches passively for hosts impersonating the local host (i.e. a host which responds to an ARP mapping request for the local host's address).

DIAGNOSTICS

EHOSTUNREACH router. is nresponsive!

duplicate IP address %x!! sent from ethernet address: %x:%x:%x:%x:%x:%x.
 Another host on the network responds to mapping requests for its IP address with a different Ethernet address, indicating that two hosts are attempting to use the same IP address.