Skip to main content
Engineering LibreTexts

10-F.11.6: Network Troubleshooting Commands - arp / whois

  • Page ID
  • The arp Command

    Most of the computer programs/applications use logical address (IP address) to send/receive messages; however the actual communication happens over the physical address (MAC address) i.e., from layer 2 of OSI model. So our mission is to get the destination MAC address which helps in communicating with other devices. This is where ARP comes into the picture. Its functionality is to translate IP address to physical address.

    The acronym ARP stands for Address Resolution Protocol. which is one of the most important protocols of the Network layer in the OSI model.

    The Address Resolution Protocol is a request-response protocol whose messages are encapsulated by a link layer protocol. It is communicated within the boundaries of a single network, never routed across inter-networking nodes. This property places ARP into the link layer of the Internet protocol suite.


    arp [ OPTIONS ]

    There are important terms associated with ARP:

    1. ARP Cache: After resolving MAC address, the ARP sends it to the source where it stores in a table for future reference. The subsequent communications can use the MAC address from the table.
    2. ARP Cache Timeout: Indicates the time for which the MAC address in the ARP cache can reside.
    3. ARP request: This is nothing but broadcasting a packet over the network to validate whether we came across destination MAC address or not. The packet includes:
      1. The physical address of the sender.
      2. The IP address of the sender.
      3. The physical address of the receiver is FF:FF:FF:FF:FF:FF or 1’s.
      4. The IP address of the receiver
    4. ARP response/reply: It is the MAC address response that the source receives from the destination which aids in further communication of the data.

    An example: Two computers in an office (Computer 1 and Computer 2) are connected to each other in a local area network by Ethernet cables and network switches, with no intervening gateways or routers. Computer 1 has a packet to send to Computer 2. Through DNS, it determines that Computer 2 has the IP address

    To send the message, Computer 1 requires Computer 2's MAC address. First, Computer 1 looks in its cached ARP table to look up to see if any records of Computer 2's MAC address, which is 00:eb:24:b2:05:ac, exist. If the MAC address is found, Computer 1 sends an Ethernet frame using the destination MAC address 00:eb:24:b2:05:ac. The frame contains Computer 2's IP packet onto the link. If the cache did not produce a result for, then Computer 1 has to send a broadcast ARP request message (destination FF:FF:FF:FF:FF:FF MAC address), which is accepted by all computers on the local network, requesting an answer for "Who has IP address"

    Computer 2 responds with an ARP response message containing its MAC and IP addresses. As part of dealing with the request, Computer 2 may insert an entry for Computer 1 into its ARP table for future use.

    Computer 1 receives Computer 2's IP AND MAC address, puts them in the cache table for future reference and then can now send the packet it wanted to send in the first place.

    The whois Command

    whois (pronounced as the phrase "who is") is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system. It is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The current iteration of the whois protocol was drafted by the Internet Society, and is documented in RFC 3912.



    The output from whois can be rather voluminous, depending on the domain being looked up. It may be that the user has to sort through some of the output to find the useful information. There are numerous web-based whois engines that do a good job of providing useful feedback.

    pbmac@pbmac-server $ whois
       Domain Name: GOOGLE.COM
       Registry Domain ID: 2138514_DOMAIN_COM-VRSN
       Registrar WHOIS Server:
       Registrar URL:
       Updated Date: 2019-09-09T15:39:04Z
       Creation Date: 1997-09-15T04:00:00Z
       Registry Expiry Date: 2028-09-14T04:00:00Z
       Registrar: MarkMonitor Inc.
       Registrar IANA ID: 292
       Registrar Abuse Contact Email:
       Registrar Abuse Contact Phone: +1.2083895740

    Adapted from:
    "Address Resolution Protocol" by Multiple ContributorsWikipedia is licensed under CC BY-SA 3.0
    "How Address Resolution Protocol (ARP) works?" by Vivek Reddy, Geeks for Geeks is licensed under CC BY-SA 4.0
    "WHOIS" by Multiple ContributorsWikipedia is licensed under CC BY-SA 3.0

    • Was this article helpful?