Deciphering Layer 2 devices and the ARP process

Home > Blogs > Cisco > Deciphering Layer 2 devices and the ARP process

Deciphering Layer 2 devices and the ARP process

Like This Blog 1 Mark Jacob
Added by March 27, 2013

So you are troubleshooting the network and PING from one device to another. A reply is received. Great! Connectivity has been restored. But what happened behind the scenes? As long as the two devices are on the same network or subnet, the proof of connectivity never really has to live above Layer 2 (the Data Link layer) of the OSI model. Let’s take a look at what happens to make this PING succeed.

If you have a couple of clients that look like this:

PING Deciphering Layer 2 devices and the ARP process

Let’s say the left client, call it client A, is 192.168.1.1 /24 and the right client (B) is 192.168.1.2 /24. If I go to the client on the left and type the command PING 192.168.1.2, I expect a reply.  Keep in mind what we know and what we are trying to determine. Since I am typing the IP address, I can say that I know the Layer 3 information, the IP address. I am trying to determine the Layer 2 address, the MAC Address. The client on the left will check his ARP (Address Resolution Protocol) cache to see if there is a Layer 3 to Layer 2 mapping.  If none exists, it will send an ARP broadcast to try the locate the destination IP address. Recall that broadcast messages are all ones, which in MAC address format would be all f s (ffff.ffff.ffff).  So we can imagine that client B (and any other nodes on this network) receives this broadcast. Then what?  For this to make sense, we have to discuss the Boolean operator AND.  It turns out that the receiving nodes perform a Boolean AND with the destination MAC address (all 1s) and themselves. Let’s shorten up the MAC address to just four digits to make our example easier to follow. So client B has MAC address 1100, for example, the destination (broadcast) MAC is 1111. A Boolean AND works like this. If the inputs are both 0, the result is 0. If one input is 1 and the other is 0, the result is 0. But if both inputs are 1, the result is 1.

It helps to see it in diagram format:

Boolean Deciphering Layer 2 devices and the ARP process

Let’s apply that to this example. Putting them on top of each other to visualize would look like this:

Virtual Deciphering Layer 2 devices and the ARP process

So the client performs the Boolean operation and Voila! it says, “Hey, this is for me!” because the result of the operation is his own MAC address. Once this happens, it pushes up the information to Layer 3, which then says, “Yep, we are IP address 192.168.1.2. Then client B can respond directly to the MAC address of the sender, since that information was contained in the original broadcast. Once each client has a mapping to the MAC address of the other, a unicast conversation can ensue. Or, in our example, the PINGs will be answered.

ARP information stays in the cache for a default time of 300 seconds, or five minutes, whichever comes first.  😉

This is just a quick rundown of the ARP process, and as I mentioned in my last blog, you can have lots of fun watching processes take place within your network using Wireshark, or another packet sniffer of your choice.

Happy troubleshooting…

Mark Jacob
Cisco Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

Agile Methodology in Project Management

0 167 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Identifying and Fixing Misconfigured Subnet Masks in Your Network Environment

0 439 1

In this video, Cisco CCNA instructor Mark Jacob show how to find and fix misconfigured subnet masks in a typical IT network environment.   Mark Jacob Cisco and CompTIA Network + Instructor – Interface Technical Training Phoenix, AZ

JavaScript for C# Developers – September 24, 2014

0 496 3

Is JavaScript worth taking the time to learn if I’m a server-side .NET developer? How much of C# carries over to JavaScript? In this recorded video from Dan Wahlin’s webinar on September 24,2014, Dan answers these questions and more while also discussing similarities between the languages, key differences, and the future of JavaScript (ES6). If … Continue reading JavaScript for C# Developers – September 24, 2014

Write a Comment

See what people are saying...

    Share your thoughts...

    Please fill out the comment form below to post a reply.