How to open and flush the ARP cache - griffinsnest/tech-Jorunal-1 GitHub Wiki

What is and how to open the ARP cache

---

Firstly just for my own sake, in case I need to know this later ARP stands for Address Resolution Protocol. Onto the actual use of it, ARP revolves around connecting IP addresses to MAC addresses and is used exclusively for communications over a local network. The ARP cache records information regarding the route taken between local IP addresses, and also contains a default route to the gateway for any external resources. Onto how to actually open it, simply go to the command prompt in either Windows or Linux and enter the command arp -a to instruct the shell to display a table representation of the ARP cache.

How to empty the ARP cache

---

In order to flush the ARP cache, which you want to do between recordings of packet transfers or else it will get very hard to tell which is which transfer, it will depend on the OS the machine is using. In Linux for example, you'd want to use the command sudo ip -s neigh flush all. This command will be used as one run by the root user thanks to the sudo, thus when using flush all on the IP neigh command it will completely flush/empty the ARP cache of the user. So after using this specific command the neighbor table produced by arp -a will produce an empty one now since the cache is empty. On Windows however, you'll need to do some slight differences. First, you'll need to open the command prompt with the run as Administrator option, as the Sudo command used in Linux doesn't exist normally in Windows. Now for the actual command after opening the shell like this, simply enter the command netsh interface ip delete arpcache. This will do basically the same thing as the Linux command, deleting the cache of all entries so when using the display command once again it will display nothing.