An ARP (Address Resolution Protocol) is a communication protocol that works on a “Physical (Data-Link)” layer of a TCP/IP stack and is used to discover a MAC address of a device on a LAN (local-area network) based on its IP address.
An ARP table is used to store the discovered pairs of the MAC and IP addresses.
In this note i will show how to display the ARP table and how to clear the ARP cache using the Windows
Cool Tip: How to show a routing table in Windows! Read more →
Windows ARP Command
Show ARP Table
To display the current ARP table in Windows, use the
arp command with the
C:\> arp -a Interface: 192.168.1.31 --- 0x7 Internet Address Physical Address Type 192.168.1.1 60-35-c0-6b-a2-b7 dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 188.8.131.52 01-00-5e-00-00-16 static 184.108.40.206 01-00-5e-00-00-fc static
Show the ARP table in a verbose mode:
C:\> arp -av
To record an IP and MAC address of a device on a LAN to the ARP table, simply
C:\> ping 192.168.1.95 Pinging 192.168.1.95 with 32 bytes of data: Reply from 192.168.1.952: bytes=32 time=18ms TTL=64 C:\> arp -a Interface: 192.168.1.31 --- 0x7 Internet Address Physical Address Type 192.168.1.1 60-35-c0-6b-a2-b7 dynamic 192.168.1.95 d6-58-01-33-dd-bc dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 220.127.116.11 01-00-5e-00-00-16 static 18.104.22.168 01-00-5e-00-00-fc static
To discover all the devices on a LAN, you can
ping them all using this one-liner (adjust the IP of your network):
C:\> FOR /L %i IN (1,1,254) DO -n 1 -w 100 192.168.1.%i | FIND /i "Reply"
Clear ARP CacheTo clear an ARP cache it is required to open an elevated command prompt, otherwise you may receive an error as follows: “The ARP entry deletion failed: The requested operation requires elevation.”
To start the elevated command prompt, press the
Win keybutton to open the start menu, type in
cmd to search for the command prompt and press the
Enter to start the command prompt as an administrator.
To clear the ARP cache in Windows, use the
arp command with the
C:\> arp -d
How Does ARP Work – Explained
When one computer wants to communicate with another computer on the same LAN, it creates an IP packet with the source and destination IP addresses carrying the data from an application and encapsulates it in an Ethernet frame with the source and destination MAC addresses.
Address Resolution Protocol: The sending computer obviously knows its source MAC address, but how does it know the destination MAC address? That’s where ARP comes into play!
To find out a MAC address of the destination computer (if it is not in the ARP cache yet), it sends an ARP request to the broadcast MAC address
ff:ff:ff:ff:ff:ff (to the all devices on the LAN), and is basically asking:
Who has IP
192.168.1.95and what is your MAC address?
The destination computer receives the message and replies with an ARP reply:
That’s me! And my MAC address is
The source computer adds the MAC and IP addresses of the destination computer to its ARP table and starts sending the data.
Cool Tip: Check if TCP port is opened in PowerShell! Read more →