Linux arp command
ARP stands for Address Resolution Protocol, which is used to find the address of a network neighbor for a given IPv4 address.
sudo apt-get update && sudo apt-get install net-tools
arp [-vn] [-H type] [-i if] -a [hostname]
arp [-v] [-i if] -d hostname [pub]
arp [-v] [-H type] [-i if] -s hostname hw_addr [temp]
arp [-v] [-H type] [-i if] -s hostname hw_addr [netmask nm] pub
arp [-v] [-H type] [-i if] -Ds hostname ifa [netmask nm] pub
arp [-vnD] [-H type] [-i if] -f [filename]
arp with no mode specifier will print the current content of the table. It is possible to limit the number of entries printed, by specifying a hardware address type, interface name or host address.
arp -d address deletes an ARP table entry. Root privilege is required to do this. The entry is found by IP address. If a hostname is given, it will be resolved before looking up the entry in the ARP table.
arp -s address hw_addr
is used to set up a new table entry. The format of the hw_addr parameter is dependent on the hardware class, but for most classes one can assume that the usual presentation can be used. For the Ethernet class, this is 6 bytes in hexadecimal, separated by colons. When adding proxy arp entries (that is those with the publish ("pub") flag set a netmask may be specified to proxy arp for entire subnets. This is not good practice, but is supported by older kernels because it can be useful. If the temp flag is not supplied entries will be permanent stored into the ARP cache. To simplify setting up entries for one of your network interfaces, you can use the "arp -Ds address ifname" form. In that case the hardware address is taken from the interface with the specified name.
|-v, --verbose||Display information verbosely.|
|-n, --numeric||shows numerical addresses instead of trying to determine symbolic host, port or user names.|
|-H type, --hw-Type type||When setting or reading the ARP cache, this optional parameter tells arp which class of entries it should check. The default value of this parameter is ether (i.e. hardware code 0x01 for IEEE 802.3 10Mbps Ethernet). Other values might include network technologies such as ARCnet (arcnet) , PROnet (pronet), AX.25 (ax25) and NET/ROM (netrom).|
|-a [hostname], --all [hostname]||Displays the entries of the specified hosts. If the hostname parameter is not used, all entries will be displayed. Hostnames will be displayed using alternate BSD-style output format (with no fixed columns).|
|-d hostname, --delete hostname||Remove any entry for the specified host. This can be used if the indicated host is brought down, for example.|
|-D, --use-device||Instead of a hw_addr, the given argument is the name of an interface. arp will use the MAC address of that interface for the table entry. This is usually the best option to set up a proxy ARP entry to yourself.|
|-e||Shows entries in default (Linux) style.|
|-i If, --device If||
Select an interface. When dumping the ARP cache, only entries matching the specified interface will be printed. When setting a permanent or temp ARP entry this interface will be associated with the entry; if this option is not used, the kernel will guess based on the routing table. For pub entries, the specified interface is the interface on which ARP requests will be answered.
NOTE: This has to be different from the interface to which the IP datagrams will be routed.
NOTE: As of kernel 2.2.0 it is no longer possible to set an ARP entry for an entire subnet. Linux instead does automagic proxy arp when a route exists and it is forwarding. Also, the dontpub option that is available for delete and set operations cannot be used with 2.4 and newer kernels.
|-s hostname hw_addr, --set hostname||
Manually create an ARP address mapping entry for host hostname with hardware address set to hw_addr class, but for most classes one can assume that the usual presentation can be used. For the Ethernet class, this is 6 bytes in hexadecimal, separated by colons. When adding proxy arp entries (that is those with the publish flag set) a netmask may be specified to proxy arp for entire subnets. This is not good practice, but is supported by older kernels because it can be useful. If the temp flag is not supplied entries will be permanent stored into the ARP cache.
NOTE: As of kernel 2.2.0 it is no longer possible to set an ARP entry for an entire subnet. Linux instead does automagic proxy arp when a route exists and it is forwarding.
|-f file name, --file file name||
Similar to the -s option, only this time the address info is taken from file file name set up. The name of the data file is very often /etc/ethers, but this is not official. If no file name is specified /etc/ethers is used as default.
In all places where a hostname is expected, one can also enter an IP address in dotted-decimal notation.
As a special case for compatibility, the order of the hostname and the hardware address can be exchanged.
Each complete entry in the ARP cache will be marked with the C flag. Permanent entries are marked with M and published entries have the P flag.
ifconfig — View or modify the configuration of network interfaces.
ip — Display and manipulate information about routing, devices, policy routing and tunnels.
netstat — Print information about network connections, routing tables, and more.
route — Display and manipulate the IP routing table.