One of the best features of Ethernet is the ability for a group of interfaces on a specific network to listen for broadcasts being transmitted to a specific group address, known as a multicast address. This allows a single host to originate a packet to be read by a number of different hosts without having to retransmit the packet multiple times. In addition, each interface listens on its normal MAC address, as well as the multicast address.
A MAC address is a hexadecimal number that is set in the factory for every network interface manufactured. It contains elements that allow an interface to be distinguished from those manufactured by other companies, and also allows individual interfaces from the same manufacturer to be distinguishable. It is possible with SPARC systems to set the MAC address manually in the PROM. However, this is generally not advisable except in systems with multiple interfaces, where they might have the same MAC address by default. The format of the MAC is usually a set of hexadecimal numbers delimited by colons. The MAC address 11:22:33:44:55:AA is one example. The initial three bytes identify a specific manufacturer—the list of manufacturers and their codes can be downloaded from ftp://ftp.lcs.mit.edu/pub/map/ethernet-codes.
In order to support IP and higher-level transport and application protocols, a mapping must be made between the MAC address and the IP address. This is achieved by the Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP). The hardware address, otherwise known as the Media Access Control (MAC) address, is used to distinguish hosts at the link level. This is mapped to an IP address at the network level by using ARP and RARP. You can check the table of IP address to MAC address mappings by using the arp command:
$ arp –a Net to Media Table Device IP Address Mask Flags Phys Addr ------ ---------------------- --------------- ----- --------------- hme0 www.cassowary.net 255.255.255.255 00:19:cd:e3:05:a3 hme0 mail.cassowary.net 255.255.255.255 08:11:92:a4:12:ee hme0 ftp.cassowary.net 255.255.255.255 SP 08:12:4e:4d:55:a2 hme0 BASE-ADDRESS.MCAST.NET 240.0.0.0 SM 01:01:4e:00:00:00
Here, the network device is shown with either the fully qualified hostname or IP address, the netmask, any flags, and the MAC address. The flags indicate the status of each interface, including “SP” for the localhost, where an entry will be published on request, and “SM” for the localhost, supporting multicast. Alternatively, a specific host can be queried by passing its name on the command line:
$ arp mail mail (22.214.171.124) at 08:11:92:a4:12:ee
ARP works by broadcasting in order to identify the appropriate channel on which to locate the target host. Conversely, the Reverse Address Resolution Protocol (RARP) is used to map MAC addresses to IP addresses. RARP is typically used to supply IP addresses from boot servers to diskless clients. A database of Ethernet addresses is maintained in the /etc/ethers table to support this activity.
Exercise 33-2 Using arp Log in to your system as root. Use the arp command to review the IP address to MAC address mappings. Can you identify any flags that you don’t recognize?
You should be able to interpret arp output for specific hosts and for address mappings.