Bird
Raised Fist0
Interview Prepcomputer-networkseasyAmazonGoogleMicrosoftTCSInfosys

ARP - Address Resolution Protocol, ARP Cache & Spoofing

Choose your preparation mode3 modes available
SolutionTrace

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Steps
setup

Initialize ARP Cache and Network Nodes

The host initializes its ARP cache as empty and sets up the network nodes: Client (Host A), Router, and Server (Host B). No packets are in transit yet.

💡 Initialization is crucial to understand the starting point where no MAC address mappings exist, so ARP resolution is necessary.
Line:arp_cache = {} client = Node('client') router = Node('router') server = Node('server')
💡 The ARP cache starts empty, so the host must send an ARP request to resolve the MAC address.
📊
ARP - Address Resolution Protocol, ARP Cache & Spoofing - Watch the Algorithm Execute, Step by Step
Watching this step-by-step packet flow is the fastest way to understand ARP because it reveals the exact message exchanges and cache state changes that are otherwise abstract in code or theory.
Step 1/10
·Active fillAnswer cell
ARP cache initialized empty; network nodes ready.
Hop: 0
Host A
Router
Host B
Cache miss detected; preparing ARP request broadcast.
Hop: 0
Host A
Router
Host B
src192.168.1.2:—
dst192.168.1.3:—
ARP cache lookup: Host B IP not found
ARP request broadcast packet created and sent.
Hop: 1
Host A
Router
Host B
📦Packet
fromclient
tobroadcast
📄 payloadARP Request: Who has 192.168.1.3? Tell 192.168.1.2
🔌 protocolARP
🚩 flagsbroadcast
src192.168.1.2:—
dst255.255.255.255:—
dataWho has 192.168.1.3? Tell 192.168.1.2
flagsbroadcast
ARP cache lookup: Host B IP not found
ARP request broadcast sent by Host A
Host B recognizes its IP in ARP request and prepares reply.
Hop: 2
Host A
Router
Host B
📦Packet
fromrouter
toserver
📄 payloadARP Request: Who has 192.168.1.3? Tell 192.168.1.2
🔌 protocolARP
🚩 flagsbroadcast
src192.168.1.2:—
dst255.255.255.255:—
dataWho has 192.168.1.3? Tell 192.168.1.2
flagsbroadcast
ARP cache lookup: Host B IP not found
ARP request broadcast sent by Host A
ARP request received by Host B
ARP reply packet created and sent unicast to Host A.
Hop: 3
Host A
Router
Host B
📦Packet
fromserver
toclient
📄 payloadARP Reply: 192.168.1.3 is at MAC 00:11:22:33:44:55
🔌 protocolARP
🚩 flags
src192.168.1.3:—
dst192.168.1.2:—
dataMAC 00:11:22:33:44:55
ARP request broadcast sent by Host A
ARP request received by Host B
ARP reply sent by Host B to Host A
Host A ARP cache updated with Host B's MAC address.
Hop: 4
Host A
Router
Host B
src192.168.1.3:—
dst192.168.1.2:—
dataMAC 00:11:22:33:44:55
ARP request received by Host B
ARP reply sent by Host B to Host A
ARP reply received by Host A; cache updated
Data packet sent using MAC address resolved by ARP.
Hop: 5
Host A
Router
Host B
📦Packet
fromclient
toserver
📄 payloadData Packet
🔌 protocolIP
🚩 flags
src192.168.1.2:12345
dst192.168.1.3:80
dataHTTP GET /
ARP reply sent by Host B to Host A
ARP reply received by Host A; cache updated
Data packet sent from Host A to Host B using resolved MAC
Host B received and is processing the data packet.
Hop: 6
Host A
Router
Host B
src192.168.1.2:12345
dst192.168.1.3:80
dataHTTP GET /
ARP reply received by Host A; cache updated
Data packet sent from Host A to Host B using resolved MAC
Data packet received by Host B
ARP cache at Host A updated with Host B's MAC address.
Hop: 7
Host A
Router
Host B
Data packet sent from Host A to Host B using resolved MAC
Data packet received by Host B
ARP cache at Host A: 192.168.1.3 → 00:11:22:33:44:55
ARP resolution cycle finished; Host A ready for direct communication.
Hop: 7
Host A
Router
Host B
Data packet received by Host B
ARP cache at Host A: 192.168.1.3 → 00:11:22:33:44:55
ARP resolution process complete

Key Takeaways

ARP resolves IP addresses to MAC addresses by broadcasting requests and receiving targeted replies.

This insight is hard to see from code alone because the broadcast and unicast nature of ARP packets is implicit, but the visualization shows it explicitly.

The ARP cache stores resolved mappings to avoid repeated broadcasts, improving network efficiency.

Seeing the cache update and lookup visually clarifies why ARP cache is critical for performance.

Only the host owning the requested IP responds to ARP requests, ensuring correct MAC resolution.

The decision to reply or ignore is a key branching point that the visualization highlights clearly.

Practice

(1/5)
1. In which scenario is the TCP sequence number most critical for ensuring reliable data transfer?
easy
A. When the receiver needs to reorder out-of-sequence packets before delivering data to the application
B. When the sender wants to detect duplicate acknowledgments to trigger fast retransmission
C. When the receiver uses it to calculate the retransmission timeout (RTO)
D. When the sender uses it to encrypt the data payload for security

Solution

  1. Step 1: Understand the role of TCP sequence numbers in packet ordering

    TCP sequence numbers uniquely identify bytes in the data stream, allowing the receiver to reorder packets that arrive out of order.

  2. Step 2: Analyze each option

    When the receiver needs to reorder out-of-sequence packets before delivering data to the application is correct because reordering depends on sequence numbers. When the sender wants to detect duplicate acknowledgments to trigger fast retransmission relates to ACKs, not sequence numbers directly. When the receiver uses it to calculate the retransmission timeout (RTO) is incorrect because RTO calculation uses RTT estimates, not sequence numbers. When the sender uses it to encrypt the data payload for security is unrelated to sequence numbers.

  3. Final Answer:

    Option A -> Option A

  4. Quick Check:

    Sequence numbers enable ordering, not encryption or RTO calculation.
Hint: Sequence numbers order bytes; ACKs confirm receipt.
Common Mistakes:
  • Confusing sequence numbers with ACK numbers
  • Thinking sequence numbers affect RTO calculation
  • Assuming sequence numbers relate to encryption
2. In which scenario is the TCP three-way handshake essential before data transmission begins?
easy
A. When broadcasting a message to multiple hosts on a local network
B. When establishing a reliable connection-oriented session between two hosts
C. When sending a single UDP datagram to a remote host
D. When encrypting data packets for secure transmission

Solution

  1. Step 1: Identify the purpose of the handshake

    The TCP three-way handshake is designed to establish a reliable, connection-oriented session between two hosts before data transfer.

  2. Step 2: Analyze each option

    Sending a single UDP datagram to a remote host is incorrect because UDP is connectionless and does not use a handshake. Broadcasting a message to multiple hosts on a local network is incorrect because broadcasting does not require connection establishment. Encrypting data packets for secure transmission is unrelated to connection setup; encryption is a separate process.

  3. Final Answer:

    Option B -> Option B

  4. Quick Check:

    Only TCP connections require this handshake to ensure reliability and synchronization.
Hint: TCP handshake = reliable connection setup, not for UDP or broadcast
Common Mistakes:
  • Confusing TCP handshake with UDP communication
  • Assuming handshake is needed for broadcast or encryption
3. Trace the sequence of packets exchanged during the TCP three-way handshake when a client initiates a connection to a server.
easy
A. Client sends ACK, Server replies with SYN, Client sends SYN-ACK
B. Client sends SYN-ACK, Server replies with ACK, Client sends SYN
C. Client sends SYN, Server replies with SYN-ACK, Client sends ACK
D. Client sends SYN, Server replies with ACK, Client sends SYN-ACK

Solution

  1. Step 1: Understand the handshake steps

    The client initiates by sending a SYN packet to request connection. The server responds with SYN-ACK to acknowledge and synchronize. The client completes with ACK.

  2. Step 2: Evaluate each option

    Client sends SYN, Server replies with SYN-ACK, Client sends ACK correctly follows the SYN -> SYN-ACK -> ACK sequence. Options A, C, and D have the order or packet types mixed up, which breaks the handshake protocol.

  3. Final Answer:

    Option C -> Option C

  4. Quick Check:

    Remember the handshake as "SYN, SYN-ACK, ACK" in that order.
Hint: Handshake order: SYN -> SYN-ACK -> ACK
Common Mistakes:
  • Mixing up who sends SYN-ACK or ACK first
  • Assuming ACK comes before SYN-ACK
4. You are designing a live video streaming app where minimal delay is critical, and occasional frame loss is acceptable. Which transport protocol is most suitable?
easy
A. TCP, because it uses congestion control to avoid packet loss
B. TCP, because it guarantees delivery and order of packets
C. UDP, because it provides faster transmission without waiting for acknowledgments
D. UDP, because it establishes a connection before sending data

Solution

  1. Step 1: Identify the key requirement -- minimal delay with acceptable occasional loss

    Live video streaming prioritizes speed over perfect reliability.

  2. Step 2: Analyze TCP characteristics

    TCP guarantees delivery and order but introduces delay due to acknowledgments and retransmissions.

  3. Step 3: Analyze UDP characteristics

    UDP is connectionless and does not wait for acknowledgments, enabling faster transmission at the cost of possible packet loss.

  4. Step 4: Evaluate options

    UDP, because it provides faster transmission without waiting for acknowledgments correctly matches the scenario needs. TCP options prioritize reliability over speed. UDP does not establish a connection before sending data, so that option is incorrect.

  5. Final Answer:

    Option C -> Option C

  6. Quick Check:

    UDP is preferred for real-time applications where speed matters more than reliability.
Hint: Use UDP for speed when some loss is okay; TCP for reliability when loss is not acceptable.
Common Mistakes:
  • Assuming TCP is always better because it guarantees delivery
  • Believing UDP establishes a connection like TCP
  • Confusing congestion control with speed priority
5. If a domain's authoritative DNS server is down, which of the following best describes how DNS resolution behaves assuming the recursive resolver has a cached entry with a TTL of 300 seconds that expired 10 seconds ago?
hard
A. The recursive resolver will attempt to query the authoritative server despite the expired TTL and return an error if unreachable.
B. The recursive resolver will return the expired cached record to the client to avoid resolution failure.
C. The recursive resolver will immediately return a SERVFAIL error to the client since the authoritative server is unreachable.
D. The recursive resolver will query the root server again to find an alternative authoritative server.

Solution

  1. Step 1: Understand TTL expiration

    Once TTL expires, cached records are considered stale and should not be served without validation.

  2. Step 2: Behavior on authoritative server failure

    The recursive resolver tries to refresh the record by querying the authoritative server.

  3. Step 3: Outcome if authoritative server is down

    If unreachable, the resolver returns an error (e.g., SERVFAIL) to the client.

  4. Step 4: Why other options are incorrect

    The recursive resolver will immediately return a SERVFAIL error to the client since the authoritative server is unreachable ignores retry attempt; The recursive resolver will return the expired cached record to the client to avoid resolution failure violates TTL rules by serving expired data; The recursive resolver will query the root server again to find an alternative authoritative server is incorrect because root servers do not provide alternative authoritative servers.

  5. Final Answer:

    Option A -> Option A

  6. Quick Check:

    Expired TTL triggers retry; failure returns error -> correct
Hint: Expired TTL means resolver must retry; failure leads to error, not stale data.
Common Mistakes:
  • Assuming expired cache is always served
  • Thinking root servers provide alternative authoritative servers
  • Believing resolver returns error immediately without retry