Your computer (IP: 192.168.1.10) wants to send a packet to 8.8.8.8. What ARP request does your computer send?
AAn ARP broadcast asking 'Who has 8.8.8.8?' so it can address the Ethernet frame directly to Google's server
BAn ARP broadcast asking for the MAC address of the default gateway (e.g., 192.168.1.1), since 8.8.8.8 is not on the local network
CNo ARP request — IP addresses are sufficient for routing to remote destinations
DAn ARP unicast sent directly to 8.8.8.8 asking for its MAC address
ARP only operates within a local network segment. When the destination IP is on a different subnet, your computer cannot ARP for the remote host's MAC directly — it is unreachable at Layer 2. Instead, the computer ARPs for the MAC address of its default gateway (the router). The router then handles forwarding the packet toward 8.8.8.8. Option A represents the most common misconception: students assume ARP resolves the actual destination's MAC, but that destination may be thousands of hops away with no shared Ethernet segment.
Question 2 Multiple Choice
A host on a local network receives an unsolicited ARP reply stating that MAC address AA:BB:CC:DD:EE:FF belongs to the default gateway's IP address. What does the host do?
AIgnore the reply — ARP only processes replies to its own prior requests
BUpdate its ARP cache with the new mapping, overwriting any existing entry, since ARP has no authentication mechanism
CVerify the claim by querying a central ARP authority before accepting the mapping
DDiscard the reply and send its own ARP request to independently verify the gateway's MAC
ARP has no authentication mechanism whatsoever. Any host can send an ARP reply — solicited or unsolicited — and the receiving host will update its cache with the claimed mapping. This is the basis of ARP spoofing (ARP poisoning): an attacker sends forged unsolicited ARP replies to redirect traffic through their machine. The fact that ARP caches accept unsolicited replies is a deliberate design for efficiency, but it creates a fundamental security vulnerability exploitable in man-in-the-middle attacks.
Question 3 True / False
ARP requests are sent as Ethernet unicast frames to the specific host being queried, conserving network bandwidth.
TTrue
FFalse
Answer: False
ARP requests are sent as Ethernet broadcasts with destination MAC FF:FF:FF:FF:FF:FF. This means every device on the local network segment receives the request. Only the host whose IP address matches the request responds (with a unicast ARP reply directly to the requester). The broadcast is necessary because the sender doesn't yet know the target's MAC address — that's precisely what it's trying to find out. The resulting ARP reply is unicast, and the mapping is cached to avoid repeated broadcasts.
Question 4 True / False
ARP is only needed for communication with devices on the same local network segment; for packets destined to remote networks, ARP is used to resolve the default gateway's MAC address rather than the remote host's MAC.
TTrue
FFalse
Answer: True
This is correct and represents a key architectural insight. ARP operates at Layer 2 and only bridges IP-to-MAC within a local segment. Ethernet frames can only be delivered to hosts on the same physical network. For remote destinations, the Ethernet frame must be addressed to the default gateway (the router) at Layer 2, even though the IP packet is addressed to the final destination at Layer 3. The router then strips the Ethernet frame, reads the IP destination, and forwards the packet toward its next hop — potentially invoking ARP again on its outbound interface.
Question 5 Short Answer
Why does ARP resolve the gateway's MAC address for remote destinations instead of the remote host's MAC address? What would fail if a host tried to send an ARP broadcast for a remote host's MAC?
Think about your answer, then reveal below.
Model answer: Ethernet frames can only traverse a single network segment — they are not routable across the internet. A remote host (e.g., on a different subnet or across the internet) does not share an Ethernet segment with the sender, so broadcasting 'Who has 8.8.8.8?' would never reach that host. The broadcast would be confined to the local segment, where no device knows that remote IP's MAC. Instead, the host addresses the Ethernet frame to the gateway's MAC (resolved via ARP on the local segment), and the IP packet inside carries the final destination's IP. The router handles everything beyond the local segment.
This reveals the clean separation between Layer 2 (Ethernet/MAC — local segment delivery) and Layer 3 (IP — end-to-end logical addressing). ARP exists only to bridge these two layers locally. Each router hop involves its own Layer 2 ARP lookup for the next hop's MAC, while the Layer 3 IP addresses remain constant end-to-end.