Ping is a tool used to check the connectivity of a certain host, using ICMP (Internet Control Message Protocol). At the command line you can ping an IP address or domain name and see how long the target takes to respond. When this happens, ARP (Address Resolution Protocol) resolves the domain name or IP address to the target’s MAC (Media Access Control) address. Displayed below is an example of how this works. Once an address is pinged, it’s resolved MAC address is written to the ARP cache, which can be displayed using the “arp -a” command.
The tricky part comes in figuring out if that is really the correct MAC address for the target computer. If you’re trying to identify someone who has tried to access your network illegally, they most likely used ARP spoofing. More on this later…
