Quickly inspect and manage the ARP cache to diagnose local network reachability and identify MAC addresses. 16.11.2025 | reading time: 3 min When a Linux host cannot reach a neighbor, the ARP cache holds the answer; checking it is the first diagnostic step and the commands shown here will reveal IP-to-MAC bindings quickly. A real case: missing neighbor A workstation cannot reach 192.168.1.10; first inspect the cache, then force resolution and recheck; commands and expected outputs are shown for clarity: ```sh $ ip neigh show # output example 192.168.1.5 dev eth0 lladdr aa:bb:cc:dd:ee:01 REACHABLE 192.168.1.10 dev eth0 FAILED ``` then send a probe and check again: ```sh $ ping -c 1 192.168.1.10 PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data. --- 192.168.1.10 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss $ ip neigh show 192.168.1.10 192.168.1.10 dev eth0 lladdr 00:11:22:33:44:55 STALE ``` Useful commands and what they mean Use `ip neigh show` to list entries, `arp -n` for legacy views, `arp -s` or `ip neigh add` to create static entries, and `ip neigh flush` to clear stale entries; note that most of these actions require root privileges and that ARP entries age and change state (INCOMPLETE, STALE, REACHABLE, FAILED). When to dig deeper If entries flip to unexpected MACs or disappear repeatedly, capture traffic with packet tools to reveal ARP storms, probe for duplicate addresses, or check switches and VLANs for topology issues; remember IPv6 uses NDP and different tools such as `ip -6 neigh`. Other tools for ARP investigations Passive and active tools help: `tcpdump` to capture ARP traffic, `arpwatch` to monitor MAC/IP changes over time, and `nmap` to probe reachable hosts and spot address conflicts or unexpected replies. Wrap-up and next steps Checking the ARP cache is fast and often decisive for local network troubleshooting; practice reading entry states, creating static bindings, and using packet captures to build a reliable diagnostic workflow and consider formalizing your skills with certifications like CompTIA Linux+ or LPIC-1 and intensive exam preparation at bitsandbytes.academy. Join Bits & Bytes Academy First class LINUX exam preparation. network troubleshooting utilities security
