1 00:00:00,006 --> 00:00:01,004 - [Instructor] The ARP command 2 00:00:01,004 --> 00:00:03,002 is a tremendous troubleshooting tool 3 00:00:03,002 --> 00:00:06,004 for ARP issues as well as layer two troubleshooting. 4 00:00:06,004 --> 00:00:09,000 ARP stands for address resolution protocol 5 00:00:09,000 --> 00:00:12,000 and is responsible for doing the layer three IP mapping 6 00:00:12,000 --> 00:00:14,009 to layer two Mac addressing 7 00:00:14,009 --> 00:00:16,002 to view the ARP cache. 8 00:00:16,002 --> 00:00:20,008 I issue the arp -a command. 9 00:00:20,008 --> 00:00:23,005 Say for example, I have a Rogue DHCP server 10 00:00:23,005 --> 00:00:24,005 on the network. 11 00:00:24,005 --> 00:00:26,008 It's handed me an IP and default gateway. 12 00:00:26,008 --> 00:00:28,008 That's a false path to the internet. 13 00:00:28,008 --> 00:00:32,008 I can do an ipconfig /all 14 00:00:32,008 --> 00:00:36,006 and take note of the DHCP server that handed me the IP. 15 00:00:36,006 --> 00:00:39,007 Next I'll ping the IP of the server. 16 00:00:39,007 --> 00:00:44,006 Ping 192.168.51.1 17 00:00:44,006 --> 00:00:47,003 This will force my machine to do an ARP request 18 00:00:47,003 --> 00:00:49,004 to the Rogue server. 19 00:00:49,004 --> 00:00:50,004 I can now issue 20 00:00:50,004 --> 00:00:53,000 the arp -a command 21 00:00:53,000 --> 00:00:55,002 to determine what the Mac address associated 22 00:00:55,002 --> 00:00:56,009 with that device is. 23 00:00:56,009 --> 00:00:59,000 Then I could track down the Mac address 24 00:00:59,000 --> 00:01:02,007 of this client in my switches and shut it down. 25 00:01:02,007 --> 00:01:03,008 The Arp cache breaks 26 00:01:03,008 --> 00:01:06,009 down the IP to Mac mappings per interface. 27 00:01:06,009 --> 00:01:08,009 It will list them as either static 28 00:01:08,009 --> 00:01:12,000 which are user or system created 29 00:01:12,000 --> 00:01:15,000 or dynamic if they are learned from a neighbor. 30 00:01:15,000 --> 00:01:17,008 If I have a specific IP address I'm looking for 31 00:01:17,008 --> 00:01:20,006 I can issue the arp -a 32 00:01:20,006 --> 00:01:21,005 and its IP address 33 00:01:21,005 --> 00:01:25,006 192.168.51.1 34 00:01:25,006 --> 00:01:28,002 If I have a cache entry that I want to remove 35 00:01:28,002 --> 00:01:31,002 I can issue an arp -d 36 00:01:31,002 --> 00:01:33,008 and the IP address, 37 00:01:33,008 --> 00:01:36,002 192.168.51.1. 38 00:01:36,002 --> 00:01:38,000 They're not frequently necessary. 39 00:01:38,000 --> 00:01:41,007 The arp -s command will allow me to add a static IP 40 00:01:41,007 --> 00:01:43,004 to Mac address entry. 41 00:01:43,004 --> 00:01:45,009 The ARP command isn't used very frequently 42 00:01:45,009 --> 00:01:49,000 but when it's necessary, it's indispensable.