Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Manipulate the Linux ARP Cache in C
Top Forums Programming Manipulate the Linux ARP Cache in C Post 302344324 by semash! on Saturday 15th of August 2009 10:50:13 PM
Old 08-15-2009
Hey jim,
That's the thing, there are NO solutions out there, applications like arpguard, arpwatch and the others just sends an e-mail to the administrator telling him "hey, your network is down because of an ARP attack", i don't consider this a solution.

arptables, yes, it may be a possible solution to what i'm looking for, but it doesn't analize the ethernet data, so, does not work for me.

I just want to know how to check the arriving ARP frames, and if my program conditions consider it as a valid one, THEN apply the ARP Message to the cache. I'm able to do all of that, except for the cache thing.

So, do i have to code a linux kernel module? how do i do it? i'm just asking for the way to do it, not for the solution itself.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

UBC cache vs. Metadata cache

hi, What is the difference between UBC cache and Metadata cache ? where can i find UBC cache Hits and Metadata cache Hits in hp-ux? Advanced thanx for the help. (2 Replies)
Discussion started by: sushaga
2 Replies

2. Solaris

ARP Cache

Dear all, We are testing two of our servers for mq series connectivity. The scenario is, when one machine is shutting down it's services there are some scripts that do a dns update, which removes the ip address and relates it to the ip address of the other node on our dns server, and the update... (7 Replies)
Discussion started by: earlysame55
7 Replies

3. IP Networking

how can we spoof ethernet by ARP cache poisoning on unix through a program

how can we spoof ethernet by ARP cache poisoning on unix through a program... can anyone post the source code to achieve this... (1 Reply)
Discussion started by: ud4u
1 Replies

4. Linux

Linux cache

Hi all I am trying to understand the kernel memory management and require assistance in this regard. Kernel first creates the cache memory to perform any subsequent allocation to processes. I could not figure out how it is accomplished. Do kernel directly allocates any hardware cache or allocates... (0 Replies)
Discussion started by: joshighanshyam
0 Replies

5. Linux

getting info on Cache Size, Data Cache etc..

Hi all I saw in Microsoft web site www.SysInternals.com a tool called CoreInfo from able to print out on screen the size of the Data and Instruction caches of your processor, the Locigal to Physical Processor mapping, the number of the CPU sockets. etc.. Do you know if in Linux is available a... (2 Replies)
Discussion started by: manustone
2 Replies

6. UNIX for Advanced & Expert Users

linux memory buffers & cache usage

18:45:47 # free -m total used free shared buffers cached Mem: 96679 95909 770 0 1530 19550 -/+ buffers/cache: 74828 21851 Swap: 12287 652 11635 Hi all. The below output is from a RHEL 4.5... (0 Replies)
Discussion started by: drummerrob
0 Replies

7. Linux

File cache /Page cache Linux

Hi All, could any one point out any open source test-suites for "File cache" testing and as well as performance test suites for the same. Currently my system is up with Linux/ext4. Regards Manish (0 Replies)
Discussion started by: hmanish
0 Replies

8. Linux

Linux cache

Hi, We are working on OEL5.7 (Oracle Linux) OS. We have a server with 64GB RAM. When we issue free -m command which shows the used, available and cached space. Most of the space is shown in cached section, where as we are not really doing much activity on the server. It's like cached is... (5 Replies)
Discussion started by: shrshah64
5 Replies

9. Linux

Help Me: How to set ARP stale time interval on linux platform for Ipv6 interface

Hi, Can any one please help me increase the arp stale time of an ipv6 interface on linux platform ? I have tried increasing the variable gc_stale_time but that doesnt work. Thanks (2 Replies)
Discussion started by: dkothapa
2 Replies

10. UNIX for Dummies Questions & Answers

Clearing memory cache on Linux server

i wish to clear memory cache on a production box and i was wondering what is the worst that can happen if i do? i already tested this on a backup server and everything seemed fine. but i need to know from you experts what are the worst things that can happen when i run it on a real server: ... (5 Replies)
Discussion started by: SkySmart
5 Replies

LEARN ABOUT DEBIAN

farpd

ARPD(8) 						    BSD System Manager's Manual 						   ARPD(8)

NAME

     farpd -- ARP reply daemon

SYNOPSIS

     farpd [-d] [-i interface] [net ...]

DESCRIPTION

     farpd replies to any ARP request for an IP address matching the specified destination net with the hardware MAC address of the specified
     interface, but only after determining if another host already claims it.

     Any IP address claimed by farpd is eventually forgotten after a period of inactivity or after a hard timeout, and is relinquished if the real
     owner shows up.

     This enables a single host to claim all unassigned addresses on a LAN for network monitoring or simulation.

     farpd exits on an interrupt or termination signal.

     Note: The program name farpd has been changed in Debian GNU/Linux from the original name (arpd) to avoid name clash with other ARP daemons.

     The options are as follows:

     -d      Do not daemonize, and enable verbose debugging messages.

     -i interface
	     Listen on interface.  If unspecified, farpd searches the system interface list for the lowest numbered, configured ``up'' interface
	     (excluding loopback).

     net     The IP address or network (specified in CIDR notation) or IP address ranges to claim (e.g. ``10.0.0.3'', ``10.0.0.0/16'' or
	     ``10.0.0.5-10.0.0.15''). If unspecified, farpd will attempt to claim any IP address it sees an ARP request for.  Mutiple addresses
	     may be specified.

FILES

     /var/run/farpd.pid

SEE ALSO

     pcapd(8), synackd(8)

BUGS

     farpd will respond too slowly to ARP requests for some applications. In order to ensure that it does not claim existing IP addresses it will
     send two ARP request and wait for a reply. This slowness affects the nmap network scanning tool, and possibly others, which uses by default
     ARP when scanning local networks. The answers from farpd will come after the tool has timeout waiting for the ARP replies and, consequently,
     IP addresses claimed by farpd will not be discovered.

     Additionally, farpd sends the ARP replies to the broadcast address of the network and not to the host that send the ARP request. Some systems
     and applications (notably nmap) will not handled these requests and expect directed ARP replies (i.e. targeted specifically to the host that
     sent the request and not to the network)

AUTHORS

     Dug Song <dugsong@monkey.org>, Niels Provos <provos@citi.umich.edu>

								  August 4, 2001
All times are GMT -4. The time now is 06:38 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy