What Is ARP? Address Resolution Protocol Explained

Learn what the Address Resolution Protocol (ARP) does on local networks and how it maps IP addresses to MAC addresses.

ARP Basics

The Address Resolution Protocol (ARP) is used on IPv4 networks to map IP addresses to MAC addresses on a local segment. When a device needs to send a packet to another host on the same LAN, it must know the destination’s MAC address to construct the Layer 2 frame.

If the mapping is not already in its ARP cache, the device broadcasts an ARP request asking, “Who has this IP address?” The host with that IP replies with its MAC address, allowing communication to proceed.

ARP Tables and Caches

Devices maintain ARP caches that store recently learned IP-to-MAC mappings for a limited time. You can often view these tables with commands like arp -a, which can assist in troubleshooting local connectivity issues and identifying devices on a network.

Stale or incorrect ARP entries can cause traffic to be misdirected or dropped until they expire or are refreshed by new ARP exchanges.

Command examples
Windows — View and clear ARP cache

Run these in a Command Prompt or PowerShell window. 

arp -a
arp -a 192.168.1.1
netsh interface ip delete arpcache
macOS — Inspect ARP entries

Use Terminal to inspect ARP tables on macOS. 

arp -a
arp -n

Security Implications of ARP

Because ARP was not designed with authentication in mind, it is vulnerable to spoofing. Attackers can send forged ARP replies that map their MAC address to another host’s IP, enabling man-in-the-middle attacks or traffic redirection.

Network defenses such as dynamic ARP inspection, static ARP entries for critical systems, and encrypted protocols help reduce the risk of ARP-based attacks in sensitive environments.