24
4
How does the ping command really work? Specifically where does the ARP (Address Resolution Protocol) come into picture?
I was asked this question in an interview and I was not able to come up with a scenario when ARP could be used.
liv2hak
Posted 2011-05-03T12:37:33.637
Reputation: 496
16
If you really want to understand, there is an excellent (very well written) white paper here:
http://images.globalknowledge.com/wwwimages/whitepaperpdf/WP_Mays_Ping.pdf
Here is the summary ->
Ping (Program on the application layer) ------->
Opens a 'raw' socket to IP Layer ------>
IP layer (Layer 2 on OSI) packages ICMP packet and sends it
Since there is no TCP layer in between, the Ping (program) has to monitor all the incoming ICMP packets and filter only the one's from the destination.
Hope that helps.
PlanetUnknown
Posted 2011-05-03T12:37:33.637
Reputation: 381
9
Assuming the ping involves a packet being sent over an Ethernet or WiFi network, ARP is used to find the Ethernet hardware address of the device that receives the outbound packet. Typically this will be the router for the LAN the machine originating the ping is on.
The typical process is:
You enter a command to ping a destination.
DNS is used to determine the IP address (if needed).
The routing table is consulted to find the next hop towards that destination.
ARP is used to find the hardware address of the next hop.
The IP packet is sent to the next hop, encapsulated in an Ethernet or WiFi frame.
David Schwartz
Posted 2011-05-03T12:37:33.637
Reputation: 58 310
3The only answer here that actually answers the question! – jmiserez – 2015-07-08T15:21:24.470
2
Ping is actually two different ICMP (Internet Control Message Protocol) packets.
To ping a host you first send a ICMP Echo Request Packet, the host will then reply with an ICMP Echo Reply.
For more information see: https://en.wikipedia.org/wiki/Ping_(networking_utility)
1
Ping and ARP are different things located at different layers in the network protocol stack.
Ping is at network layer (or Internet layer - Have a look to ICMP protocol like pointed out by @ServerMonkey).
Arp protocol is at link level (a lower level). Arp protocol is designed to allow physical connection between network hardware, that is directly connected.
In TCP/IP network stack, every layer uses the layer below to forward its data, encapsulating it inside the low level protocol. Each layer is independent from the other and possibly unaware of the other levels specific details and implementations (this is not always true: see cross-layer function).
Heisenbug
Posted 2011-05-03T12:37:33.637
Reputation: 645
@liv arp is often said to be layer 2.5 ICMP is often said to be layer 3.5 Layers are more about fields than code. And if you want to say that ping implementation requires code at layer 2, well, with any implementation of anything, by definition, you can't have a layer without layers below it. – barlop – 2014-11-18T13:55:37.650
yes.but ping implementation would require some code at L2 (link layer.).does ARP come into play at Layer 2. – None – 2011-05-03T12:43:58.057
@liv2hak. no. ping implementation lay on the below link layer. – None – 2011-05-03T12:45:18.470
1
ARP provides a MAC address, but sometimes if there is no DMAC address, the broadcast address is used.
This frame using broadcast DMAC is called as ARP broadcast frame, with this we get DMAC address.
Sagar Vardekar
Posted 2011-05-03T12:37:33.637
Reputation: 11
Look into ICMP. – None – 2011-05-03T12:40:32.197
3ARP is used to get the MAC address of a specific IP address. When you need to send a packet on ethernet you need the MAC address of the destination. – None – 2011-05-03T12:42:57.327