1 00:00:00,270 --> 00:00:01,103 In this video, 2 00:00:01,103 --> 00:00:03,000 we're going to cover the ARP command. 3 00:00:03,000 --> 00:00:05,640 ARP stands for the address resolution protocol. 4 00:00:05,640 --> 00:00:07,680 Now, your ARP command is going to be used to display 5 00:00:07,680 --> 00:00:08,580 and modify entries 6 00:00:08,580 --> 00:00:10,680 in the address resolution protocol cache, 7 00:00:10,680 --> 00:00:13,050 or ARP cache on a given system. 8 00:00:13,050 --> 00:00:15,330 Your ARP cache contains one or more tables 9 00:00:15,330 --> 00:00:17,190 that are going to be used to store IP addresses 10 00:00:17,190 --> 00:00:18,900 and they're associated physical addresses, 11 00:00:18,900 --> 00:00:20,610 which are known as MAC addresses. 12 00:00:20,610 --> 00:00:22,740 Now, essentially by using the ARP command, 13 00:00:22,740 --> 00:00:25,320 we can see and interact with layer two physical addresses 14 00:00:25,320 --> 00:00:27,750 or MAC addresses and their associated bindings 15 00:00:27,750 --> 00:00:29,700 of layer three IP addresses. 16 00:00:29,700 --> 00:00:31,890 Now, the ARP command can be used on Windows, 17 00:00:31,890 --> 00:00:34,410 Linux, Unix, or OSX systems, 18 00:00:34,410 --> 00:00:35,820 and the commands are identical 19 00:00:35,820 --> 00:00:38,100 regardless of what operating system you're using. 20 00:00:38,100 --> 00:00:40,290 Now, if you enter ARP and press enter, 21 00:00:40,290 --> 00:00:42,120 the command's going to display help information 22 00:00:42,120 --> 00:00:43,980 so you can learn how to use this command. 23 00:00:43,980 --> 00:00:45,540 If you want to view the ARP cache, 24 00:00:45,540 --> 00:00:47,820 you're going to type in ARP-A, 25 00:00:47,820 --> 00:00:50,310 and in this example you can see that my Windows machine 26 00:00:50,310 --> 00:00:55,310 has found the default gateway located at 192.168.105.1, 27 00:00:55,380 --> 00:00:57,000 and the broadcast for this network, 28 00:00:57,000 --> 00:01:00,870 which is 192.168.105.255. 29 00:01:00,870 --> 00:01:03,150 Then you're going to see three multicast addresses 30 00:01:03,150 --> 00:01:05,790 that were found here, each one starting with 224 31 00:01:05,790 --> 00:01:07,200 as the first octet. 32 00:01:07,200 --> 00:01:09,630 You can also see the network broadcast physical address, 33 00:01:09,630 --> 00:01:13,890 and it's set to FF-FF-FF-FF-FF-FF 34 00:01:13,890 --> 00:01:16,410 which is always going to be the layer two broadcast address 35 00:01:16,410 --> 00:01:17,820 on all networks. 36 00:01:17,820 --> 00:01:20,867 Next, you see the IP of 239.255.255.250. 37 00:01:23,280 --> 00:01:25,740 This IP is going to be used by Windows Explorer 38 00:01:25,740 --> 00:01:28,200 to find connected devices on the local area network 39 00:01:28,200 --> 00:01:30,360 using the WS discovery protocol. 40 00:01:30,360 --> 00:01:33,540 This is known as the web service Dynamic Discovery Protocol. 41 00:01:33,540 --> 00:01:35,370 Now, pretty much every Windows machine 42 00:01:35,370 --> 00:01:38,760 is going to have this IP listed inside its ARP cache. 43 00:01:38,760 --> 00:01:42,167 Finally, we see the IP address of 255.255.255.255, 44 00:01:44,430 --> 00:01:45,960 and this is a reserved IP 45 00:01:45,960 --> 00:01:47,640 that's used to send broadcast messages 46 00:01:47,640 --> 00:01:49,350 to the entire network. 47 00:01:49,350 --> 00:01:51,240 Now, if you need to delete an IP address 48 00:01:51,240 --> 00:01:53,580 to a physical address mapping from your ARP cable, 49 00:01:53,580 --> 00:01:56,220 you can do this by simply entering ARP-D 50 00:01:56,220 --> 00:01:58,200 and the IP address you want to delete. 51 00:01:58,200 --> 00:02:00,870 In this example, I'm going to delete the multicast IP 52 00:02:00,870 --> 00:02:03,480 that's used by the WS discovery protocol. 53 00:02:03,480 --> 00:02:05,370 Now, if I want to statically assign a mapping 54 00:02:05,370 --> 00:02:07,620 between an IP address and a Mac address, 55 00:02:07,620 --> 00:02:08,850 I can do that as well. 56 00:02:08,850 --> 00:02:12,060 I'm just going to use the ARP-S command for static. 57 00:02:12,060 --> 00:02:13,110 Now, for example, 58 00:02:13,110 --> 00:02:16,500 I can statically map the WS discovery protocol address again 59 00:02:16,500 --> 00:02:19,637 by entering in ARP-S 239.255.255.250, 60 00:02:22,140 --> 00:02:26,123 and then it's MAC address, 01-00-5E-7F-FF-FA. 61 00:02:28,140 --> 00:02:31,050 Notice that the MAC address here is entered by using hyphens 62 00:02:31,050 --> 00:02:34,020 and not colons like we do in a lot of other commands. 63 00:02:34,020 --> 00:02:35,760 Now, in general, you shouldn't have 64 00:02:35,760 --> 00:02:38,010 to create static mappings for the ARP cache, 65 00:02:38,010 --> 00:02:41,160 but static ARP entries are useful in some cases 66 00:02:41,160 --> 00:02:43,080 where you want to make sure you pre-configure an entry 67 00:02:43,080 --> 00:02:44,730 for a device that's not yet connected 68 00:02:44,730 --> 00:02:46,170 to a layer three switch, 69 00:02:46,170 --> 00:02:49,410 or if you want to prevent a particular entry from timing out. 70 00:02:49,410 --> 00:02:51,810 By default, ARP entry will stay in the cache 71 00:02:51,810 --> 00:02:55,320 until it gets deleted after 21,600 seconds, 72 00:02:55,320 --> 00:02:57,150 which is about six hours. 73 00:02:57,150 --> 00:02:59,310 Now, if you need to clear the entire ARP cache, 74 00:02:59,310 --> 00:03:03,150 you can do that as well by doing ARP-D and hitting enter. 75 00:03:03,150 --> 00:03:05,100 By not specifying what to delete, 76 00:03:05,100 --> 00:03:06,870 it's going to delete all the ARP entries 77 00:03:06,870 --> 00:03:08,790 that are currently stored in that cache, 78 00:03:08,790 --> 00:03:10,800 including all your dynamically generated ones 79 00:03:10,800 --> 00:03:13,250 and any static ones you may have already created.