Avoid expensive production outages

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

ARP Command Linux - Manage ARP Table & Cache

Learn how to manage the ARP table in Linux using the arp and ip neigh commands. View, add, delete, and flush ARP entries for network troubleshooting.

ARP Command Linux

Understanding and Managing the ARP Table in Linux

The Address Resolution Protocol (ARP) is a crucial network protocol used to discover the MAC address associated with a given IP address on a local network. In Linux, you can effectively manage and inspect the ARP cache using the built-in arp and ip neigh commands. This guide provides a comprehensive overview of these commands and their common usage for network troubleshooting and administration.

Common ARP Commands and Their Usage

The arp command is a traditional utility for viewing and manipulating the ARP cache. The more modern ip neigh command, part of the iproute2 suite, offers more advanced capabilities.

Using the arp Command

Command Description
arp View the ARP table (equivalent to arp -a)
arp -a View the entire ARP table, showing IP to MAC address mappings.
arp -n View the ARP table without attempting to resolve IP addresses to hostnames, which can speed up the output.
arp -d <ip> Delete a specific entry from the ARP table based on its IP address.
arp -s <ip> <mac_address> Add a static entry to the ARP table, mapping a given IP address to a specific MAC address. This is useful for preventing ARP spoofing.
arp -i <interface> -s <ip> <mac_address> Add a static ARP entry for a specific network interface.
arp -i <interface> -d <ip> Delete an ARP entry for a specific IP address on a particular interface.
arp -i <interface> -n View the ARP table for a specific network interface without resolving names.
arp -i <interface> -a View the ARP table for a specific network interface.

Using the ip neigh Command

The ip neigh command provides a more powerful and flexible way to manage network neighbor (ARP) entries.

Command Description
ip neigh show View the ARP table (neighbor cache).
ip neigh show <ip> View the ARP entry for a specific IP address.
ip neigh add <ip> lladdr <mac_address> dev <interface> Add a static ARP entry, specifying the IP address, MAC address (lladdr), and the network interface (dev).
ip neigh change <ip> lladdr <mac_address> dev <interface> Modify an existing ARP entry.
ip neigh del <ip> dev <interface> Delete an ARP entry for a specific IP address on a given interface.
ip neigh flush dev <interface> Remove all ARP entries associated with a specific network interface.
ip neigh flush all Clear the entire ARP cache.
ip -s neigh show Display ARP statistics, including packet counts and errors.
ip -s neigh flush all Flush the ARP cache and display statistics.

Importance of ARP Management

Understanding and utilizing these commands is vital for diagnosing network connectivity issues, ensuring network security by preventing ARP spoofing, and optimizing network performance. Regularly checking your ARP table can help identify unexpected devices or potential man-in-the-middle attacks on your local network.

Further Resources

← Back to cmd cheatsheets All cheatsheets 🙏  Credits & Acknowledgments