Can someone please explain this output to me. Why doesn't ifconfig show the same info?
~ $ arp -a
? (10.71.0.1) at 00:1b:21:2b:eb:0c [ether] on eth0
It is showing you the contents of the ARP cache, which consists of MAC addresses of the hosts in your network. In this case it shows MAC address of the host having IP address 10.71.0.1.
1 Like
If you just use arp you'll get (at least on Linux) an output with fixed columns and headers.
1 Like
ifconfig just shows you information on your own network card. (which does have one bit of arp-related information -- the hwaddr). Entries in your ARP table are from other network cards -- other computers on the same subnet.
This is because to communicate with these addresses, it needs their MAC addresses, and must ask for them. On a local network, i.e. things on the same subnet as you, IP doesn't need to bother routing -- it can transmit directly to the destination network card and expect to be heard. But to talk to a card and not an IP, it needs the MAC address. If you're talking to something not on the local subnet, it doesn't care about the destination's MAC address, it just sends it to the appropriate gateway, which forwards it along. (You'd need the gateway's mac address, though!)
ARP is how it finds out MAC addresses. It works without IP or routing or any addressing at all -- it broadcasts requests and replies across an entire subnet. "arp who-has 10.71.0.1" would get answered with "arp reply 00:1b:21:2b:eb:0c has 10.71.0.1", so your computer would know to send packets for 10.71.0.1 directly to 00:1b:21:2b:eb:0c. It does all this without the programmer having to intervene at all, as far as IP can tell it's just 10.71.0.1 talking to 10.71.0.2 or whatever.
Since this bypasses all routing, I've seen hardwired ARP addresses abused to allow one IP address to talk across multiple subnets on the same wire, though I'm not convinced this would work everywhere.
1 Like
Thx everyone for the great responses :).