1
00:00:00,006 --> 00:00:01,004
- [Instructor] The ARP command

2
00:00:01,004 --> 00:00:03,002
is a tremendous troubleshooting tool

3
00:00:03,002 --> 00:00:06,004
for ARP issues as well as layer two troubleshooting.

4
00:00:06,004 --> 00:00:09,000
ARP stands for address resolution protocol

5
00:00:09,000 --> 00:00:12,000
and is responsible for doing the layer three IP mapping

6
00:00:12,000 --> 00:00:14,009
to layer two Mac addressing

7
00:00:14,009 --> 00:00:16,002
to view the ARP cache.

8
00:00:16,002 --> 00:00:20,008
I issue the arp -a command.

9
00:00:20,008 --> 00:00:23,005
Say for example, I have a Rogue DHCP server

10
00:00:23,005 --> 00:00:24,005
on the network.

11
00:00:24,005 --> 00:00:26,008
It's handed me an IP and default gateway.

12
00:00:26,008 --> 00:00:28,008
That's a false path to the internet.

13
00:00:28,008 --> 00:00:32,008
I can do an ipconfig /all

14
00:00:32,008 --> 00:00:36,006
and take note of the DHCP server that handed me the IP.

15
00:00:36,006 --> 00:00:39,007
Next I'll ping the IP of the server.

16
00:00:39,007 --> 00:00:44,006
Ping 192.168.51.1

17
00:00:44,006 --> 00:00:47,003
This will force my machine to do an ARP request

18
00:00:47,003 --> 00:00:49,004
to the Rogue server.

19
00:00:49,004 --> 00:00:50,004
I can now issue

20
00:00:50,004 --> 00:00:53,000
the arp -a command

21
00:00:53,000 --> 00:00:55,002
to determine what the Mac address associated

22
00:00:55,002 --> 00:00:56,009
with that device is.

23
00:00:56,009 --> 00:00:59,000
Then I could track down the Mac address

24
00:00:59,000 --> 00:01:02,007
of this client in my switches and shut it down.

25
00:01:02,007 --> 00:01:03,008
The Arp cache breaks

26
00:01:03,008 --> 00:01:06,009
down the IP to Mac mappings per interface.

27
00:01:06,009 --> 00:01:08,009
It will list them as either static

28
00:01:08,009 --> 00:01:12,000
which are user or system created

29
00:01:12,000 --> 00:01:15,000
or dynamic if they are learned from a neighbor.

30
00:01:15,000 --> 00:01:17,008
If I have a specific IP address I'm looking for

31
00:01:17,008 --> 00:01:20,006
I can issue the arp -a

32
00:01:20,006 --> 00:01:21,005
and its IP address

33
00:01:21,005 --> 00:01:25,006
192.168.51.1

34
00:01:25,006 --> 00:01:28,002
If I have a cache entry that I want to remove

35
00:01:28,002 --> 00:01:31,002
I can issue an arp -d

36
00:01:31,002 --> 00:01:33,008
and the IP address,

37
00:01:33,008 --> 00:01:36,002
192.168.51.1.

38
00:01:36,002 --> 00:01:38,000
They're not frequently necessary.

39
00:01:38,000 --> 00:01:41,007
The arp -s command will allow me to add a static IP

40
00:01:41,007 --> 00:01:43,004
to Mac address entry.

41
00:01:43,004 --> 00:01:45,009
The ARP command isn't used very frequently

42
00:01:45,009 --> 00:01:49,000
but when it's necessary, it's indispensable.