ItsyourIP.com

ARP – To display ARP cache in Windows

Written by

admin

in

, ,

Address Resolution Protocol is the one which is used to find the hardware address of a device (MAC Address) using its IP Address on the network. The Windows ARP tool helps to display and modify the ARP table on the system. A simple usage of arp command would be to display the ARP table: From the command prompt type,

arp -a

This will display the ARP table on the system as follows:

C:\>arp -a

Interface: 192.168.0.2 — 0x3

Internet Address Physical Address Type

192.168.0.1 00-18-4d-f8-a4-6e dynamic

To clear the ARP table, use

c:\> arp -d *

If you want to delete a specific entry then simply type,

c:\> arp -d <IP Address>

Ex: c:\> arp -d 172.1.1.1

Alternatively, use

C:\> netsh interface ip delete arpcache

NOTE: In Windows Vista, you need to be an administrator to run the above commands 

If you want to add a manual entry (static) then enter,

c:\> arp -s <IP Address> <Ethernet (MAC) Address>

Ex: arp -s 172.1.1.1 00-aa-00-62-c6-09

If there is more than one Interface on the system and you want to display all the ARP entries for the interface then

C:\> arp -a -N <Interface IP>

Ex: arp -a -N 192.168.0.2

Interface: 172.1.1.1 — 0x3

Internet Address Physical Address Type

172.1.1.1 00-28-4d-f1-d4-6e dynamic

A detailed Wiki article on ARP is available here

Comments

8 responses to “ARP – To display ARP cache in Windows”

  1. Keeper Avatar
    Keeper

    Do you know some method that can help to delete fake arp entry on windows vista?

    Execution of these commands fails:

    arp -d *
    arp -s

  2. admin Avatar
    admin

    “arp -d” should work. Might not be able to run the command if you are not an administrator?

    What is the error when you try to delete the arp entry?

  3. Alica Alfred Avatar
    Alica Alfred

    What is the timeout for cache entries for arp in Windows?

  4. Sam Avatar
    Sam

    hi. should my arp table show ip of many of the computers in a network or should it show me only the default gateway? please be as clrear as you can be. thanks in advance.

  5. admin Avatar
    admin

    ARP table should show entries from your local subnet. By default, your interface and the Default Gateway are in the same subnet and are shown. If you have any other host in the same subnet then try pinging it and lookup the arp table. You should see that IP in ur ARP table added

  6. Hector Munoz Avatar
    Hector Munoz

    1. What command is used to display all entries in the ARP cache?
    a.
    2. What command is used to delete all ARP cache entries (flush the ARP cache)?
    a.
    3. What command is used to delete the ARP cache entry for 172.16.255.254?
    a.

    Step 2. Use the arp command to examine the local ARP cache, as shown in Example 9-2.
    1. When you issued the command that displays ARP entries, what were the results?
    a.

    Step 3. Use the ping command to dynamically add entries to the ARP cache. Ping your neighbor in class.
    1. How was the ARP entry added to the ARP cache? Hint: Review the Type column.
    a.
    2. What is the IP address of the destination pod host computer?
    a.
    3. What is the physical address of the destination pod host computer?
    a.
    4. Do not send any traffic to the computer accessed previously. Wait between 2 and 3 minutes, and check the ARP cache again. Was the ARP cache entry cleared?
    a.
    Issue the ping command to your default Gateway. Examine the ARP cache entry.
    5. What is the IP address of the Gateway?
    a.
    6. What is the physical address of the Gateway?
    a.
    7. How was the address discovered?
    a.
    Issue the ping command to espn.com. Examine the ARP cache entry.
    8. What is the physical address of espn.com?
    a.

    Step 4. Manually adjust entries in the ARP cache. (Hint: See some answers to step 3)
    1. What command deletes all entries in the ARP cache?
    a.
    2. Consider a secure environment where the Gateway controls access to a web server that contains top-secret information. What is one layer of security that can be applied to ARP cache entries to help counter ARP spoofing?
    a.
    3. Simulate adding a static entry for the Gateway. What command adds a static ARP entry for the Gateway to the ARP cache?
    a.

    Task 2: Use Wireshark to Examine ARP Exchanges
    Perform steps 1,2 as directed. For step 3, ping your gateway ping –n 1 10.21.32.11 and then ping espn.com as ping –n 1 199.181.132.250

    Provide a scrn prnt of the WireShark window.
    1. What is the first ARP packet?
    a.
    2. What is the second ARP packet?
    a.

    Fill in Table 9-8 with information about the first ARP packet.

    Table 9-8 First ARP Packet
    Field Value
    Sender MAC address Answers will vary
    Sender IP address Answers will vary
    Target MAC address 00:00:00:00:00:00
    Target IP address 172.16.255.254

    Fill in Table 9-9 with information about the second ARP packet.

    Table 9-9 Second ARP Packet
    Field Value
    Sender MAC address Answers will vary
    Sender IP address 172.16.255.254
    Target MAC address Answers will vary
    Target IP address Answers will vary

    1. Why was there no ARP request for the ping to espn.com?
    a.
    2. How long should the Gateway mapping be stored in the ARP cache on the host computer? Why?
    a.

  7. bob Avatar
    bob

    Poor Hector, hope he is still not waiting on an answer!

  8. Otgoo Avatar
    Otgoo

    Hi, Is there any way to modify (add) ARP entry using DHCP option. Does Windows7 support add static ARP entry using DHCP option?

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts