in Resources

How to Check and Clear the ARP Cache in Windows, Linux and Mac

The Address Resolution Protocol (ARP) is like a phone book for your local network. It maps IP addresses to MAC addresses so devices can communicate. But when the ARP cache gets outdated, it can cause all sorts of connection problems. Clearing the ARP cache is often the solution, so let‘s dive into the nitty gritty details of how it works and how to clear it on various operating systems.

A Deeper Look at ARP and the ARP Cache

ARP is the unsung hero that makes networking possible. Without it, your devices wouldn‘t know how to find each other on the local network.

Here‘s a quick 101 on how ARP works its magic:

  • When a device wants to communicate with another local device, it first checks the ARP cache to see if it already knows the MAC address for the destination IP
  • If there is no entry, the device sends out an ARP request asking "Who has this IP address?"
  • The device with that IP then replies with its MAC address
  • The originating device adds this mapping to its ARP cache for future requests

This cache prevents ARP requests from being sent for every network packet. Instead, the MAC address is looked up in the cache.

But there are two big problems with the ARP cache:

Stale entries – The ARP cache isn‘t automatically cleared when a device‘s IP or MAC changes. The stale data just sits there, causing connection issues.

Cache poisoning – Attackers can spoof ARP replies, corrupting the cache with false mappings. This is an ARP poisoning attack.

Clearing the cache fixes both stale and poisoned entries. Next let‘s see how to actually view and delete those entries.

Checking the ARP Cache Contents

You‘ll probably want to check what‘s currently in the cache before clearing it out. Plus this helps verify it‘s actually stale or poisoned.

Here‘s how to view the full ARP cache on various operating systems:

Windows

Open an elevated command prompt and use the arp -a command:

> arp -a

Interface: 192.168.1.10 --- 0x3
  Internet Address      Physical Address      Type   
  192.168.1.1           00-11-22-33-44-55     dynamic
  192.168.1.100         aa-bb-cc-dd-ee-ff     dynamic

This shows both the IP and associated MAC address for each entry.

Linux

On Linux, arp -n displays the current ARP table: 

$ arp -n
Address                  HWtype  HWaddress           Flags Mask             Iface
192.168.1.1              ether   00:11:22:33:44:55   C                     eth0
192.168.1.100            ether   aa:bb:cc:dd:ee:ff   C                     eth0

MacOS

Mac systems use arp -a to see the ARP cache:

$ arp -a
? (192.168.1.1) at 00:11:22:33:44:55 on en0 ifscope [ethernet] 
? (192.168.1.100) at aa:bb:cc:dd:ee:ff on en0 ifscope [ethernet]

Now that you can view the contents, let‘s wipe the slate clean.

Deleting the Entire ARP Cache

When connectivity issues arise, clearing out the whole ARP cache is the best solution. Here‘s how to flush it completely on each operating system:

Windows

Use the netsh command to delete the entire ARP cache on Windows:

> netsh interface ip delete arpcache

You‘ll see a simple "Ok" when it‘s flushed successfully.

Linux

The ip utility handles cache clearing on Linux systems:

$ ip -s -s neigh flush all

MacOS

Mac uses the -d flag to delete the whole ARP cache:

$ sudo arp -a -d

And that‘s all there is to it! For each OS, a single command erases the entire ARP cache.

Removing Specific ARP Entries

You can also delete a single entry rather than the whole table. This allows you to remove incorrect or stale data without flushing everything.

Windows

Use arp -d followed by the IP address:

> arp -d 192.168.1.1

Linux

The syntax is the same on Linux:

$ arp -d 192.168.1.1

MacOS

On Mac systems, provide the IP after the -d flag:

$ sudo arp -d 192.168.1.1 ifscope en0

And that specific entry will be removed from the cache.

When to Reset the ARP Cache

Now the big question – when should you actually clear or reset the ARP cache? Here are some common scenarios:

  • You changed the IP address on a device – The old ARP entries will still point to the outdated IP
  • Troubleshooting network issues or connection losses – Flushing the cache often fixes connectivity problems
  • You replaced a device on the network – The ARP cache will still reference the old device‘s MAC address
  • Diagnosing slow network performance – Stale cache entries can slow communications
  • Suspicious ARP cache entries – Could indicate cache poisoning or an ARP spoofing attack

If you suspect any of the above, clearing the ARP cache should be your first troubleshooting step.

Alternative: Reboot Your Router

You don‘t always have to manually delete the ARP cache. Simply rebooting your router or the problem device can also fix ARP issues.

Rebooting wipes out the existing ARP cache. When the device comes back online, it builds a fresh cache using new ARP requests.

So if you‘re experiencing network problems, a quick reboot is worth trying before busting out the command line to clear the ARP manually.

Conclusion

Now you‘re armed with the knowledge to view, clear, and reset the ARP cache like a pro. Stale or incorrect ARP entries can grind your network to a halt, but thankfully the solution is just a simple command away.

The next time you‘re troubleshooting network issues, keep these ARP cache commands handy. And maybe thank ARP for doing the vital behind-the-scenes work of keeping our devices connected.

AlexisKestler

Written by Alexis Kestler

A female web designer and programmer - Now is a 36-year IT professional with over 15 years of experience living in NorCal. I enjoy keeping my feet wet in the world of technology through reading, working, and researching topics that pique my interest.