Your ARP table is a local cache that maps IP addresses to MAC addresses on your network. When your device needs to send data to 192.168.1.10, it checks this table first - if there's no entry, it broadcasts an ARP request to find out who owns that IP.

How ARP Works

  1. Device A wants to reach 192.168.1.10
  2. It checks its ARP table - no entry found
  3. It broadcasts: "Who has 192.168.1.10?"
  4. Device B replies: "That's me - here's my MAC: AA:BB:CC:DD:EE:FF"
  5. Device A caches that mapping and sends the data
  6. The entry expires after a few minutes (typically 300s on Linux, 120s on Windows)

ARP only works within the same subnet. Traffic leaving your network goes to the router's MAC, not the destination's.

How to View Your ARP Table

Windows:

Command 
arp -a

macOS/Linux:

Command 
arp -a
# or on Linux
ip neigh show

Output shows IP address, MAC address, and interface. Entries marked REACHABLE are confirmed active; STALE means the entry exists but hasn't been verified recently.

How to Flush or Add Entries

Delete a single entry (Windows):

Command 
arp -d 192.168.1.10

Flush entire ARP cache (Windows):

Command 
netsh interface ip delete arpcache

Flush on Linux:

Command 
ip neigh flush all

Add a static ARP entry (Linux):

Command 
ip neigh add 192.168.1.10 lladdr AA:BB:CC:DD:EE:FF dev eth0

Common ARP Problems

Duplicate IP address: Two devices share the same IP. Your ARP table will flip between two different MACs for the same IP. Fix: find and reassign the conflicting device.

ARP Spoofing: An attacker sends fake ARP replies to poison your table, redirecting traffic through their machine (man-in-the-middle). Static ARP entries and Dynamic ARP Inspection (DAI) on managed switches prevent this.

Stale entries causing drops: If a device's MAC changes (NIC replaced, VM migrated), old ARP entries send packets to the wrong place. Flush the cache to force re-resolution.

Bottom Line

The ARP table is small but critical - every packet sent on your LAN depends on it. If devices on the same network can't reach each other, checking and flushing the ARP table is a fast first step. For security-sensitive environments, enable DAI on your switches to block ARP spoofing.