ARP vs GARP vs RARP Explained With Wireshark Capture and Examples
Contents
I- ARP: Address Resolution Protocol
- What is ARP:
ARP is used to map an IP address to a physical address (MAC address). When a device wants to send traffic to another device on the same network, it first checks its ARP cache to see if it has the MAC address of the destination device. If it doesn’t have the MAC address, it sends an ARP request to the network asking for the MAC address of the destination device. The device with the matching IP address responds with its MAC address, and the sender can then use this MAC address to send traffic to the destination device.
- ARP Exchange Example and Packet format:
A computer A wants to send data to another computer B on the same local network. The sender sends an ARP request to the network asking for the MAC address of the destination computer. The destination computer responds with its MAC address, and the sender can then send data to the destination computer using this MAC address.
Flow Example:
-> Sender (Host A) broadcasts ARP request
-> Destination responds with MAC address
-> Sender sends data to destination using MAC address
The following example illustrates an ARP exchange, ARP header is shown for this Flow:
- ARP Wireshark Packet Capture Example:
1- Host A want to communicate with Host B, but, it doesn’t know its MAC address. Host A sends an ARP Request to Host B. The ARP request include the IP and the MAC of the sender (Host A IP and MAC) and Also the IP of Host B.
2- Host B will receive the ARP Request, it will process it and find out that Target IP in the ARP Request is its own IP, so, It will reply to Host with ARP Reply which includes Host B MAC address in the Sender MAC field.
Note: Host B will learn the MAC and IP of Host A from the ARP Request and add them to thee ARP table.
3- Once Host A receives the ARP Reply, It will add the IP to MAC mapping of Host B in its own ARP table.
4- Both Hosts now can communicate with Each others.
II- GARP: Gratuitous Address Resolution Protocol
- What is GARP:
Gratuitous ARP (GARP) is a variation of the Address Resolution Protocol (ARP) used in IP networks. Unlike traditional ARP, which is used to resolve the MAC address of an IP address, Gratuitous ARP is used to announce or update the MAC address of a network interface.
Theoretically, a Gratuitous ARP packet is an ARP Request or ARP Reply packet that is sent by a host or router, but without any corresponding ARP Request.
The purpose of a Gratuitous ARP is to announce to the network that the sender is the owner of the IP address specified in the packet. This can be useful for several reasons, including:
- Updating the ARP cache of other devices on the network with a new MAC address for the sender’s IP address.
- Detecting IP address conflicts on the network. If another device responds with the same IP address, a conflict has occurred.
- Facilitating faster failover in certain networking protocols, such as Virtual Router Redundancy Protocol (VRRP) or Hot Standby Router Protocol (HSRP).
In simple word, GARP is basically used to update or announce the IP address-to-MAC address mappings of a host. Here is an example of how the packet flow would look:
- As a reasult, All devices on the network (include Host B) receive the Gratuitous ARP packet, and their ARP caches are updated with Host A’s new MAC address for its IP address.
- This can be beneficial because if there are any devices on the network with the same IP address as Host A, they will detect the conflict and take appropriate action.
- GARP Wireshark Packet Capture Example:
III- RARP: Reverse Address Resolution Protocol
RARP packets are used to obtain the IP address of a host given its MAC address. Here is an example of how the packet flow would look:
RARP works by having a device broadcast a RARP request on the network, containing its own MAC address. A RARP server on the network will then respond with the corresponding IP address for that MAC address. The device can then use this IP address to configure its network settings.
- Host A receives the RARP reply packet and uses the IP address to configure its network settings.
Note: that RARP is a legacy protocol to get IP address and is rarely used in modern networks. DHCP (Dynamic Host Configuration Protocol) is the standard method for obtaining IP addresses on most networks today.
IV- PARP: Proxy Address Resolution Protocol
There is also another type of ARP which is Proxy ARP, It is well illustrated in the article below: