ARP Table¶

IPv4 Hosts use ARP (Address Resolution Protocol) to locate IPv4 neighbors by MAC address on a directly connected network.

The ARP table in pfSense® software displays a list of IPv4 hosts on the network which have attempted to talk to or through the firewall within the past few minutes. If a host is up but has not talked to or through the firewall it will not appear in the ARP table.

See also

For IPv6 hosts, see NDP Table.

To view the contents of the ARP table in pfSense software, navigate to Diagnostics > ARP Table.

The page contains the following items for each ARP table entry:

Interface

The interface where the firewall observed the host. If the interface is assigned, this field contains the given name of the interface in pfSense software. Otherwise, the page displays the operating system interface name.

IP Address

The IPv4 address of the host.

MAC Address

The MAC address of the host.

A MAC address listed as (Incomplete) indicates that the firewall has attempted to discover the host via ARP but it has not yet received a valid response.

Tip

Installing the NMAP package activates a feature which allows the page to also display the manufacturer associated with the MAC address, if it is known. Note that this is not effective in some cases, such as for virtual machines which use randomly generated MAC addresses or for wireless clients which utilize privacy features that alter their MAC addresses.

Hostname

The fully qualified domain name, or at least the hostname portion, of the host. This can be discovered via DHCP lease database content or by a reverse lookup of the IP address via DNS.

Status

The status of the entry, typically one of two types:

Permanent: A static entry either located on the firewall itself (e.g. interface address, VIP) or a static ARP entry.
Expires in <time>: A dynamic ARP entry which will expire in <time> unless the host communicates to or through the firewall again. The default maximum age is 1200 seconds (20 minutes).

Link Type

The type of network link through which this host can be reached (e.g. Ethernet).

Actions

Contains the fa-trash icon that, if clicked and confirmed, will remove this ARP table entry. This can nudge the firewall to discover a new MAC address for a host if it changes.

The fa-trash Clear ARP Table button purges the entire contents of the ARP table. Clearing the ARP table is not typically necessary but can help the firewall in situations where multiple hosts have changed MAC addresses and the firewall is still attempting to communicate with the old addresses.