Your ARP table is one of those networking details most people never think about until something breaks locally. Then it becomes very important very quickly.

ARP stands for Address Resolution Protocol. Its job is simple: map an IPv4 address on your local network to a MAC address so Ethernet frames can actually be delivered. The ARP table is the cache where your operating system stores those mappings temporarily.

Why the ARP Table Exists

Suppose your PC wants to send traffic to 192.168.1.10.

IP addressing tells the computer which host it wants. Ethernet delivery still needs to know which MAC address owns that IP on the local LAN.

That is where ARP comes in.

Without ARP, a device on a local IPv4 subnet would know the logical destination but not the Layer 2 address needed to place the frame on the wire.

How ARP Works in Practice

The process usually looks like this:

  1. Your device wants to reach 192.168.1.10.
  2. It checks the local ARP cache first.
  3. If no entry exists, it broadcasts an ARP request: "Who has 192.168.1.10?"
  4. The owner of that IP replies with its MAC address.
  5. Your device stores the mapping in the ARP table.
  6. Traffic is then sent to that MAC address until the entry ages out or changes.

ARP only works on the local broadcast domain. If the destination is outside your subnet, your device resolves the router's MAC address, not the final remote host's MAC.

What an ARP Table Entry Looks Like

A typical entry contains:

  • IP address
  • MAC address
  • interface
  • entry type or neighbor state

Depending on the operating system, you may also see whether the entry is dynamic, static, reachable, stale, incomplete, or failed.

How to View the ARP Table

Windows

Command 
arp -a

Linux

Command 
ip neigh show

The older arp -a command may also work on Linux, but ip neigh is the modern tool.

macOS

Command 
arp -a

When you inspect the output, look for the exact IP you are troubleshooting and confirm that the MAC address matches the expected device.

How to Clear or Modify ARP Entries

Delete one entry on Windows

Command 
arp -d 192.168.1.10

Flush the full ARP cache on Windows

Command 
netsh interface ip delete arpcache

Flush neighbor entries on Linux

Command 
ip neigh flush all

Add a static entry on Linux

Command 
ip neigh add 192.168.1.10 lladdr AA:BB:CC:DD:EE:FF dev eth0

Static entries can be useful in controlled environments, but overusing them creates maintenance headaches if hardware changes later.

Real Problems the ARP Table Helps Diagnose

Duplicate IP address conflicts

If two devices claim the same IP, you may see the ARP entry flip between two MAC addresses. Symptoms include intermittent connectivity, failed pings, and devices randomly becoming unreachable.

Device replacement or VM migration

If a NIC changes or a VM moves, an old cache entry may still point to the previous MAC address. Flushing ARP forces a fresh lookup.

Printer or NAS reachable from one machine but not another

That often means one system has a valid ARP entry while another has a stale or poisoned one.

Gateway resolution problems

If hosts on the subnet cannot even reach the default gateway, check whether the router IP resolves to the correct MAC address.

Security Risk: ARP Spoofing

ARP was not designed with strong authentication. That makes it vulnerable to ARP spoofing or ARP poisoning, where an attacker sends forged ARP replies to convince victims that the attacker's MAC address belongs to another IP, often the default gateway.

This can enable:

  • man-in-the-middle interception
  • traffic redirection
  • session hijacking in weak environments
  • denial of service

Common defenses include:

  • Dynamic ARP Inspection on managed switches
  • DHCP snooping plus switch-level enforcement
  • network segmentation
  • HTTPS and other encrypted protocols that reduce the value of interception
  • static ARP entries for a few critical hosts where appropriate

ARP Table vs MAC Address Table

These are not the same thing.

  • ARP table lives on hosts and maps IPv4 addresses to MAC addresses.
  • MAC address table lives on switches and maps MAC addresses to switch ports.

People mix them up constantly during troubleshooting. If the host knows the wrong MAC, check ARP. If the switch forwards frames to the wrong port, check the switch MAC table.

Quick Troubleshooting Workflow

If one device cannot reach another on the same subnet:

  1. Ping the target IP.
  2. Run arp -a or ip neigh show.
  3. Verify the target IP resolves to the expected MAC.
  4. Flush the entry if it looks wrong.
  5. Retry traffic.
  6. If the MAC keeps changing, investigate duplicate IPs or spoofing.

That simple sequence solves a surprising number of "the network is weird" local-LAN problems.

Bottom Line

The ARP table is the local map between IPv4 addresses and MAC addresses. It is small, temporary, and absolutely essential for communication inside a subnet.

If two devices on the same LAN cannot reach each other, the ARP table should be one of your first checks. And if the entries look unstable or wrong, you may be dealing with duplicate IPs, stale cache, or ARP spoofing rather than a generic "internet issue."