How To Clear ARP Cache on Windows Operating System
ARP stands for Address Resolution Protocol and is used to map IP addresses to MAC Addresses on a network. The Windows operating system maintains a table called ARP cache, which contains the MAC addresses of other network devices with which it has recently communicated.
Which command is used to view and clear the ARP cache on a Windows system?
To view the ARP cache, use the arp
command. To clear the ARP cache on Windows, use the netsh
command.
To view the ARP cache on a Windows computer, open the Command Prompt and execute the arp -a
command:
arp -a
Executing arp under Windows gives the following output:
To delete the ARP cache, run the following command:
netsh interface ip delete arpcache
To delete a single entry from the ARP table, run the arp
command with the -s
option followed by the IP Address of the destination host:
arp -d 192.168.1.245
Address Resolution Protocol
When a computer (source) needs to send a packet to another computer (destination), it needs to know the MAC address of the destination host. If the source computer does not know the MAC address of the destination computer, it sends a broadcast message known as an ARP request to the network.
The destination host then sent an ARP response to the source host announcing its MAC address.
Windows keeps an ARP cache, so it won't have to send an ARP request to a destination host with which it has already communicated.
ARP Poisoning
ARP poisoning is when an attacker inserts a wrong mapping into the ARP table of a device. As a result, the traffic will be sent to another device (the attacker's computer) rather than to the actual destination device.
This is the most commonly used type of attack against the Address Resolution Protocol.