Linux arp命令：显示和配置网络 ARP 缓存

Linux arp 命令用于查看、添加、删除本地 ARP 缓存条目。在局域网中，我们可以通过 IP 地址访问不同的设备，而 ARP 协议是通过 MAC 地址映射 IP 地址，而 arp 命令通常用来查找一个网络设备的物理地址。下面是该命令的详细作用与使用方法的攻略：

作用

显示当前系统的 ARP 缓存信息

添加、删除 ARP 缓存项

查询指定 IP 地址是否已加入到缓存中

具体语法参照以下：

NAME

arp - manipulate the system ARP cache

SYNOPSIS

arp [-vn] [-H type] [-i if] [-ae] [hostname]

arp [-v] [-i if] -d hostname [pub]

arp [-v] [-H type] [-i if] -s hostname hw_addr [temp]

arp [-v] [-H type] [-i if] -s hostname hw_addr [netmask nm] pub

arp [-v] [-H type] [-i if] -Ds hostname ifname [netmask nm] pub

arp [-vnD] [-H type] [-i if] -f [filename]

DESCRIPTION

Arp manipulates or displays the kernel's IPv4 network neighbour cache. It can add entries to the table, delete one or display the current content.

ARP stands for Address Resolution Protocol, which is used to find the media access control address of a network neighbour for a given IPv4 Address.

MODES

arp with no mode specifier will print the current content of the table. It is possible to limit the number of entries printed, by specifying an hardware address type, interface name or host

address.

arp -d address will delete a ARP table entry. Root or netadmin privilege is required to do this. The entry is found by IP address. If a hostname is given, it will be resolved before looking

up the entry in the ARP table.

arp -s address hw_addr is used to set up a new table entry. The format of the hw_addr parameter is dependent on the hardware class, but for most classes one can assume that the usual presen‐

tation can be used. For the Ethernet class, this is 6 bytes in hexadecimal, separated by colons. When adding proxy arp entries (that is those with the publish flag set) a netmask may be

specified to proxy arp for entire subnets. This is not good practice, but is supported by older kernels because it can be useful. If the temp flag is not supplied entries will be permanent

stored into the ARP cache. To simplify setting up entries for one of your own network interfaces, you can use the arp -Ds address ifname form. In that case the hardware address is taken from

the interface with the specified name.

OPTIONS

-v, --verbose

Tell the user what is going on by being verbose.

-n, --numeric

shows numerical addresses instead of trying to determine symbolic host, port or user names.

-H type, --hw-type type, -t type

When setting or reading the ARP cache, this optional parameter tells arp which class of entries it should check for. The default value of this parameter is ether (i.e. hardware code

0x01 for IEEE 802.3 10Mbps Ethernet). Other values might include network technologies such as ARCnet (arcnet) , PROnet (pronet) , AX.25 (ax25) and NET/ROM (netrom).

-a Use alternate BSD style output format (with no fixed columns).

-e Use default Linux style output format (with fixed columns).

-D, --use-device

Instead of a hw_addr, the given argument is the name of an interface. arp will use the MAC address of that interface for the table entry. This is usually the best option to set up a

proxy ARP entry to yourself.

-i If, --device If

Select an interface. When dumping the ARP cache only entries matching the specified interface will be printed. When setting a permanent or temp ARP entry this interface will be associ‐

ated with the entry; if this option is not used, the kernel will guess based on the routing table. For pub entries the specified interface is the interface on which ARP requests will

be answered.

NOTE: This has to be different from the interface to which the IP datagrams will be routed. NOTE: As of kernel 2.2.0 it is no longer possible to set an ARP entry for an entire subnet.

Linux instead does automagic proxy arp when a route exists and it is forwarding. See arp(7) for details. Also the dontpub option which is available for delete and set operations cannot

be used with 2.4 and newer kernels.

-f filename, --file filename

Similar to the -s option, only this time the address info is taken from file filename. This can be used if ARP entries for a lot of hosts have to be set up. The name of the data file

is very often /etc/ethers, but this is not official. If no filename is specified /etc/ethers is used as default.

The format of the file is simple; it only contains ASCII text lines with a hostname, and a hardware address separated by whitespace. Additionally the pub, temp and netmask flags can be

used.

In all places where a hostname is expected, one can also enter an IP address in dotted-decimal notation.

As a special case for compatibility the order of the hostname and the hardware address can be exchanged.

Each complete entry in the ARP cache will be marked with the C flag. Permanent entries are marked with M and published entries have the P flag.

EXAMPLES

/usr/sbin/arp -i eth0 -Ds 10.0.0.2 eth1 pub

This will answer ARP requests for 10.0.0.2 on eth0 with the MAC address for eth1.

/usr/sbin/arp -i eth1 -d 10.0.0.1

Delete the ARP table entry for 10.0.0.1 on interface eth1. This will match published proxy ARP entries and permanent entries.

FILES

/proc/net/arp

/etc/networks

/etc/hosts

/etc/ethers

arp [-vn] [-H 链接层类型] [-i 网络接口] [-D] 网络目标

-v：详细显示 arp 输出信息

-n：不解析主机名

-H：指定链路层类型

-i：指定网络接口

-D：删除指定 IP 的 ARP 缓存

arp命令使用

显示 ARP 缓存信息

arp -a

该命令会输出当前系统的 ARP 缓存信息，包括 IP 地址，物理地址（MAC 地址），类型（动态或静态）等信息。

添加静态 ARP 缓存项

arp -s 192.168.1.1 00:11:22:33:44:55

该命令会将 IP 地址 192.168.1.1 与 MAC 地址 00:11:22:33:44:55 进行绑定，创建静态 ARP 缓存项，这将会加快访问相应的网络设备的速度。

删除指定IP的 ARP缓存

arp -d 192.168.1.1

该命令会删除 IP 地址 192.168.1.1 对应的 ARP 缓存项。