Let’s Talk Tech: How the Internet Works Part 5: Address Resolution Protocol

Welcome to Let’s Talk Tech with Deep Core Data, DCD’s video based informative blog. In this episode of How the Internet Works, we’ll be journeying out of our local area network thanks to the help of the Address Resolution Protocol.

Introduction to the Address Resolution Protocol

Hello, and welcome to Let’s Talk Tech with Deep Core Data. I’m John Brewer, the owner and Founder here at Deep Core, where we’re using education to help businesses make the right technical decisions. Today, we’re going to talk about, at a technical level, how the Internet works.

Now, we’ve talked about how data gets sent over the network, from subnet routing to ethernet, and let’s not forget gnome power, but we’ve often said that a machine sends directly to another computer on its subnet. How does that work? What does “sends directly” mean?

Well, obviously it isn’t magic. It’s a tech problem, and as such, it must be addressed with an appropriate solution.

The Address Resolution Protocol, or ARP, helps these packets get to their destination. While it’s not as colorful or showy as the other protocols, it’s still an important part of what makes the internet work.

Conceptual Grounding

In the waning days of disco, we had equipment called hubs, and those hubs were very simple.  Anytime a packet was sent to a hub, it was forwarded to every device attached to that hub.  The hub didn’t care where the destination was, every device on the network segment got a copy of every packet. Think of it like spaghetti testing; the hub throws the packet at the wall and sees what sticks. Certainly tasty, if impractical. If the packet wasn’t meant for a certain device, it was ignored, and metaphorically dropped from the wall.

Obviously as networks grew, a need arose for something a little less messy. Ethernet infrastructure started moving over to switches in the 1980s. Switches only send frames directly to a specific device, which is a far more straightforward form of delivery than just broadcasting packets everywhere like some electronic shotgun.  

However, a switch can only handle ethernet, not higher protocols like IPv4 or IPv6 or ICMP.  So whenever a device sends a packet to another device on the same network segment, it needs to know the MAC address to put on that ethernet frame.  How does it find out what the MAC address is?

Well, let’s go into detail.

Technical Details

The solution to this conundrum is the Address Resolution Protocol.  Now, ARP actually runs over a very wide variety of link and network layers, but for this episode, we’re just going to focus on IPv4 over Ethernet.  Now, it’s worth noting that IPv6 actually doesn’t use ARP; it uses something else called Neighbor Discovery Protocol, but we’ll talk about that when we talk about IPV6 later.

Let’s take an example. In our video on Subnet routing, we compared IPv4 packets to letters.  Our home machine needs to send an IPv4 packet to another machine on the network, so it writes the letter and puts it in its envelope. That’s all great and good, but it still needs to deal with all the hardware it’s attached to. So before heading off to the electronic highway, it needs to get out of town first.

First of all, to navigate to the switch, the packet needs a destination MAC Address.  Since the sending machine doesn’t magically know the MAC address of the destination machine, it sends an ARP request to the network.

“Hello, world! I need a roadmap to Boise. After that, I’m good.”

So, when I say “it sends an ARP request to the network”, what actually happens is that the sending machine sends out a broadcast ethernet frame.  Now protocols like Ethernet and IP have what are called broadcast addresses, and broadcast addresses act more or less like a hub. Anything sent to that address is sent to every machine on the subnet.  ARP takes advantage of that fact; if it doesn’t know the MAC address of the destination machine, it sends an ARP request to the ethernet broadcast address, which is FF:FF:FF:FF:FF:FF.

When the ARP request makes its way to the destination machine, the destination sees its IP address in the request, and sends back a reply.

“Okay! Here’s the way to Boise.”

The ARP packet goes back over the network to the sender, who notes down the destination’s MAC address, finishes creating its ethernet frame, and sends IP packet out to start it’s journey beyond Boise. Hello, Paris.

In the future, the source machine will have the destination’s MAC address on file, so the next time it sends a packet to that IP, it won’t have to look it up or bother anyone in Idaho.

So what does an ARP packet actually look like?  Well, get a pen. Here we go.

Starting off, there are two two-byte fields. The first is the Hardware type; Ethernet is 1.  The second is the Protocol type; IPv4 is 0800.  

These are followed by the next two bytes which provide the length, in bytes, of the hardware and protocol addresses ARP is matching.  Ethernet’s address length is six bytes, IPv4’s address length is four bytes.

Moving on, the next two bytes are the operation descriptor.  That’s either a 1 if this is a Request packet, or 2 if this is a reply packet.

The next two fields are the sender’s hardware and protocol address; this is whoever sent this particular request or reply packet, so on a request it indicates who to send the reply back to, while on the reply it indicates the hardware and protocol address of the device being requested.

The last two fields are the target machine’s hardware and protocol address.  In a request, the target’s machines hardware address is ignored, since obviously the sending machine didn’t know it. The second address is the target machine’s protocol address.  The protocol address lets a machine know what protocol address the requester is seeking a hardware address for.  On a reply packet, both of these are filled out with the original requestor’s information.


Like many protocols from the 1980’s that are still with us, ARP isn’t just used for its original purpose anymore.  For instance, when a machine is adding itself to the network with a new IP address, it will send out an ARP request. If it gets back a response for that IP address, it knows that another machine is already using it. If it doesn’t, though, it’s full steam ahead.

ARP announcements are sent out when a machine changes IP addresses; this proactively tells other machines on the network to update their ARP tables.

Then there’s ARP spoofing, ARP proxies, and and a variety of other clever uses of the protocol, but now we’re getting a little off topic.

ARP may not be glamorous or attention getting. It’s really just a small bolt in the larger internet machine. But these small solutions are what make the whole work. After all, nobody likes slowdowns on the internet highway.

I hope you enjoyed this episode of “How the Internet Works.” So if you like what you see, please subscribe to our channel. And if you have questions or suggestions for future videos, please leave a comment below.

I’m John Brewer for Deep Core Data. Thanks for watching.

Interested in learning more? Check out our other videos on how the internet works: the IPv4 Packet, Fragmentation, Subnet Routing, and the Ethernet.

2018-06-01T09:39:00-04:00July 27th, 2017|Current Technology, How the Internet Works|

About the Author:

Andrew is a technical writer for Deep Core Data. He has been writing creatively for 10 years, and has a strong background in graphic design. He enjoys reading blogs about the quirks and foibles of technology, gadgetry, and writing tips.

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.