It is used to resolve Network layer (Layer 3) addresses to Link layer (Layer 2) addresses in a local area network. Most often it's IP address to MAC (media access control) address. When a host needs to talk to a host with a given IP address, it references the ARP cache to resolve the IP address to a MAC address. If the address is not known, a request is made asking for the MAC address of the device with the IP address.

The Address Resolution Protocol is a request-response protocol whose messages are encapsulated by a link-layer protocol. It is communicated within the boundaries of a single network, never routed across internetworking nodes. This property places ARP into the Link layer.

Inverse Address Resolution Protocol (Inverse ARP or InARP) is used to obtain Layer 3 address by Layer 2 address.

Because ARP does not provide methods for authenticating ARP replies on a network, ARP replies can come from systems other than the one with the required Layer 2 address. An ARP proxy is a system that answers the ARP request on behalf of another system for which it will forward traffic, normally as a part of the network's design, such as for dial-up internet service. By contrast, in ARP spoofing the answering system, or spoofer replies to a request for another system's address with the aim of intercepting data bound for that system. A malicious user may use ARP spoofing to perform a man-in-the-middle or denial-of-service attack on other users on the network. Various software exists to both detect and perform ARP spoofing attacks, though ARP itself does not provide any methods of protection from such attacks.